Deploy the NSX Public Cloud Gateway (PCG) on the AWS compute VPC.

About this task

When you deploy PCG, you are able to establish North-South connection. AWS Security Groups are created as part of the process of deploying PCG. See Manage Quarantine Policy for more information.


It is recommended that your AWS IAM policies include deny statements preventing users from modifying gateway resources to PCG.


  1. From the CSM dashboard, select Cross-Cloud > AWS > <AWS_account_name>
  2. Select an AWS region name, for example, us-west. The AWS region must be the same where you created the compute VPC.
  3. From the VPC section, select the compute VPC configured for NSX Cloud.
  4. Click Deploy Gateways.
  5. Complete the general gateway details:



    PEM File

    Select one of your PEM files from the drop-down menu. This file must be in the same region where NSX Cloud was deployed and where you created your compute VPC.

    This uniquely identifies your AWS account.

    Quarantine Policy on the Associated VPC

    The default selection is Enabled. This is recommended for greenfield deployments. If you already have VMs launched in your VPC, disable the Quarantine policy. See Manage Quarantine Policy

  6. Click Next.
  7. Complete the High Availability gateway details.



    Enable HA for Public Cloud Gateway

    The recommended setting is Enable, that sets up a High Availability Active/Standby pair to avoid an unscheduled downtime.

    Primary gateway settings

    Select an Availability Zone such as us-west-1a, from the drop-down menu as the primary gateway for HA.

    Assign the uplink, downlink, and management subnets from the drop-down menu.

    Secondary gateway settings

    Select another Availability Zone such as us-west-1b, from the drop-down menu as the secondary gateway for HA.

    The secondary gateway is used when the primary gateway fails.

    Assign the uplink, downlink, and management subnets from the drop-down menu.

    Click Deploy.

  8. Monitor the status of the primary (and secondary, if you selected it) PCG deployment. This process can take 10-12 minutes.
  9. Click Finish when PCG is successfully deployed.


Click the Gateways link on the VPC. the primary and secondary gateway names appear. The status of the compute VPC appears as NSX Managed.

See Undeploying PCG for instructions and prerequisites for undeploying a PCG.