You might have one or more AWS accounts with VPCs and workload VMs that you want to bring under NSX-T Data Center management.

Overview:
  • NSX Cloud provides a shell script that you can run from the AWS CLI of your AWS account to create the IAM profile and role, and create a trust relationship for Transit and Compute VPCs .
  • The following scenarios are supported:
    • Scenario 1: You want to use a single AWS account with NSX Cloud.
    • Scenario 2: You want to use multiple sub-accounts in AWS that are managed by a master AWS account.
    • Scenario 3: You want to use multiple AWS accounts with NSX Cloud, designating one account where you will install the PCG, that is a Transit VPC, and other accounts that will link to this PCG, that is, Compute VPCs. See Deploy the NSX Public Cloud Gateway for details on PCG deployment options.

Here is an outline of the process:

  1. Use the NSX Cloud shell script to do the following. This step requires AWS CLI configured with the account you want to add.
    • Create an IAM profile.
    • Create a role for PCG.
    • (Optional) Create a trust relationship between the AWS account hosting the Transit VPC and the AWS account hosting the Compute VPC.
  2. Add the AWS account in CSM.