Set up a cloud provider account connection in VMware Tanzu Mission Control so you can start creating clusters. This procedure walks you through the process of creating a cloud provider account connection with AWS using Role ARN.

To create a cluster using Tanzu Mission Control, you must first connect a cloud provider account so that Tanzu Mission Control has a place to provision the necessary objects to create the cluster.

A cloud provider account connection is only necessary for provisioning new clusters from Tanzu Mission Control. If you don't want to create clusters right now, you can skip this section.


Before starting this procedure, perform the following tasks:
  • Log in to the Tanzu Mission Control console.
  • Log into the AWS console.
You must also make sure you have the appropriate permissions to connect a cloud provider account.
  • To create a cloud provider account connection, you must be associated with the organization.credential.admin role.


  1. In the Tanzu Mission Control console, click Settings in the left navigation pane.
  2. On the Settings page, click Connect AWS Cloud Account.
  3. On the New AWS provider credential page, provide a name for the account connection and then click Generate template.
    The name that you enter is the name that appears in the list of connected accounts on the Settings page.
    When you click Generate template, Tanzu Mission Control generates the template and then downloads it.
    Note: Do not reuse a template from a previously created stack. Each time you create a cloud provider account connection, you must download the template and create a new stack, even if you use the same AWS account.
  4. In the AWS console, use the EC2 service to create an SSH key pair (for example, my-tmc-kp) for each region that you plan to use with Tanzu Mission Control.
  5. Create a standard CloudFormation stack in AWS using the downloaded template.
    1. In the AWS console, use the CloudFormation service to create a stack (with new resources).
    2. When prompted, click Upload a template file and use the template you downloaded.
    3. On the Review page, you must scroll to the bottom and select the checkbox that acknowledges the creation of IAM resources.
    After a couple minutes, the Stack details page shows your new stack with the status of CREATE_COMPLETE. You might need to click the refresh button to update the status.
  6. After the stack is created, retrieve the role ARN.
    1. After the stack creation is complete, click the Outputs tab.
    2. On the outputs tab, find the message created by the template that shows the role ARN.
    3. Copy the role ARN shown in the message (for example, arn:aws:iam::01234567890:role/, and then return to the Tanzu Mission Control console to finish creating the connection.
  7. In the Tanzu Mission Control console, still on the New AWS provider credential page, paste the role ARN that you copied from the AWS console.
  8. Click Create Credential to create the connection to your cloud provider account.