You might have one or more AWS accounts with VPCs and workload VMs that you want to bring under NSX-T Data Center management.
- You can use the Transit/Compute VPC topology where you deploy the PCG in one VPC, making it the Transit VPC, and link other VPCs to it, which are called Compute VPCs.
- NSX Cloud provides a shell script that you can run from the AWS CLI of your AWS account to create the IAM profile and role, and create a trust relationship for Transit and Compute VPCs .
- The following scenarios are supported:
- Scenario 1: You want to use a single AWS account with NSX Cloud.
- Scenario 2: You want to use multiple sub-accounts in AWS that are managed by a master AWS account.
- Scenario 3: You want to use multiple AWS accounts with NSX Cloud.
Here is an outline of the process:
- Use the NSX Cloud shell script, that requires AWS CLI, to do the following:
- Create an IAM profile.
- Create a role for PCG.
- (Optional) Create a trust relationship between the AWS account hosting the Transit VPC and the AWS account hosting the Compute VPC.
- Add the AWS account in CSM.