Create roles with appropriate permissions in your public cloud account to add the account into CSM.

Overview

For each public cloud account that you want to bring under the control of NSX-T Data Center, you have the option of creating appropriate roles with appropriate permissions. NSX Cloud provides scripts that you can use to generate these roles.

If you want to restrict public clouds that can be added into CSM, run the following CSM API:

PUT /api/v1/csm/desired-clouds

Example Request:
PUT https://<nsx-csm>/api/v1/csm/desired-clouds
{
  "cloud_types": [
    {
        "cloud_type": "aws"
        "enabled": true,
    }
    {
        "cloud_type": "azure",
        "enabled": true,
    }
    {
        "cloud_type": "aws-gov-us-east"
        "enabled": false,
    }
    {
        "cloud_type": "aws-gov-us-west",
        "enabled": false,
    }
    {
        "cloud_type": "azure-gov-us",
        "enabled": false,
    }
  ]
}

See the latest version of the NSX-T Data Center API Guide at https://code.vmware.com/ for API details.