The workflows that allow NSX to manage workload VMs in your AWS cloud involve several steps to be performed in-tandem in NSX Cloud and AWS. This table depicts them at a glance.

Enabling NSX to Access your AWS Inventory and Manage your VMs

Table 1.

Task

NSX Cloud Workflow

AWS Workflow

1. Add your AWS account in CSM.

See Enable CSM to access your AWS Inventory for detailed instructions.

1.1 From the NSX Cloud Dashboard, copy the URL of the JSON template file.

1.2. Create a new Stack in CloudFormation and use the JSON file copied in step 1.1.

1.3. From the Outputs tab, copy IAMRoleARN, ExternalID, GatewayRoleName.

1.4. From the CSM dashboard, click Add Account. Provide a distinct name for the account, and the values from step 1.3.

2. Deploy PCG on a compute VPC in your AWS account.

See Enable CSM to access your AWS Inventory for detailed instructions.

2.1 .For the compute VPC you want to manage with NSX, create three (six, if enabling HA) subnets and  ensure this VPC has an Internet gateway with routing tables. Also ensure the VPC has DNS routing and DNS names enabled. 

Make a note of the PEM file for your AWS account.

Alternatively, use the CloudFormation template, from the Resources tile on the NSX Cloud Dashboard, to create a compute VPC.

2.2. From the CSM dashboard, go to VPCs. Select the compute VPC and click Deploy Gateway. 
Select the PEM file for your AWS account, and select whether you want to turn Quarantine Policy on or off.

2.3. Select whether you want to set up High Availability. 
Select the Availability Zone and the management, uplink, and downlink subnets.  Select an additional Availability Zone and the three additional subnets in this zone if you picked HA.
Click Deploy.

2.4. Automatic: As part of PCG deployment, a set of Security Groups are created in your AWS account. 
A new Type A Record Set is added with the name: “nsx-gw.vmware.com” in AWS Route 53. 


2.5. Automatic: As part of PCG deployment, a set of components -- including two default Logical Switches are created in NSX Manager.

2.6. From NSX Manager: Attach DHCP servers to the default overlay logical switch created in step 2.5. Also attach the auto-created tier-0 logical router to the overlay logical switch.

3. Enable NSX to manage your VM.

See Prepare your VMs for NSX for detailed instructions.

3.1. Download and Install the NSX-agent on your Windows and Linux VMs.

3.2. Tag VMs with the key nsx:network with the value of either the logical switch UUID (overlay VMs) or default (non-overlay VMs)

3.3. Automatic: After you install the NSX-agent on your VM and tag it in AWS, the VM is marked as NSX-managed and other essential NSX entities are created.