You might have one or more AWS accounts with VPCs and workload VMs that you want to bring under NSX management.

Overview:
  • NSX Cloud provides a shell script that you can run from the AWS CLI of your AWS account to create the IAM profile and role, and create a trust relationship for Transit and Compute VPCs .
  • The following scenarios are supported:
    • Scenario 1: You want to use a single AWS account with NSX Cloud.
    • Scenario 2: You want to use multiple sub-accounts in AWS that are managed by a primary AWS account.
    • Scenario 3: You want to use multiple AWS accounts with NSX Cloud, designating one account where you will install the PCG, that is a Transit VPC, and other accounts that will link to this PCG, that is, Compute VPCs. See NSX Public Cloud Gateway: Architecture and Modes of Deployment for details on PCG deployment options.

Here is an outline of the process:

  1. Use the NSX Cloud shell script to do the following. This step requires AWS CLI configured with the account you want to add.
    • Create an IAM profile.
    • Create a role for PCG.
    • (Optional) Create a trust relationship between the AWS account hosting the Transit VPC and the AWS account hosting the Compute VPC.
  2. Add the AWS account in CSM.