You might have one or more AWS accounts with VPCs and workload VMs that you want to bring under NSX management.
Overview:
- NSX Cloud provides a shell script that you can run from the AWS CLI of your AWS account to create the IAM profile and role, and create a trust relationship for Transit and Compute VPCs .
- The following scenarios are supported:
- Scenario 1: You want to use a single AWS account with NSX Cloud.
- Scenario 2: You want to use multiple sub-accounts in AWS that are managed by a primary AWS account.
- Scenario 3: You want to use multiple AWS accounts with NSX Cloud, designating one account where you will install the PCG, that is a Transit VPC, and other accounts that will link to this PCG, that is, Compute VPCs. See NSX Public Cloud Gateway: Architecture and Modes of Deployment for details on PCG deployment options.
Here is an outline of the process:
- Use the NSX Cloud shell script to do the following. This step requires AWS CLI configured with the account you want to add.
- Create an IAM profile.
- Create a role for PCG.
- (Optional) Create a trust relationship between the AWS account hosting the Transit VPC and the AWS account hosting the Compute VPC.
- Add the AWS account in CSM.