Create a CloudFormation stack in your AWS account that VMware Tanzu Mission Control can use to back up cluster resources, and get the ARN for the stack to complete the credential creation.


Make sure you have access to the account and that you have prepared the account to allow Tanzu Mission Control to create clusters.
  1. Log in to the AWS console.
  2. Use the EC2 service to create an SSH key pair for each region that you plan to use with Tanzu Mission Control.
Note: The SSH key pair is not required to set up the cloud provider account connection. However, Tanzu Mission Control requires an SSH key pair to create clusters. This key pair must exist for every region in which you want to create clusters. If you create a cloud provider account connection and subsequently attempt to use Tanzu Mission Control to create a cluster in a region for which you have not defined this key pair, cluster creation fails. This failure occurs later in the cluster creation process, and appears as though creation is simply stalled or stuck. Therefore, it is best to create the key pair in each region at the time you create the cloud provider account connection.


  1. In the AWS console, go to the CloudFormation service, and make sure you are in the region where you want to create the CloudFormation stack.
  2. If you have previously used the clusterawsadm tool to create a stack, remove the stack.
    Search for the stack cluster-api-provider-aws-sigs-k8s-io. If it exists, select the stack and click Delete.
  3. On the Stack details page, click Create stack (with new resources).
  4. On the Create stack page, in the Specify template area, click Upload a template file.
  5. Click Choose file, select the template file you downloaded through the Tanzu Mission Control console, and then click Open.
  6. Click Next.
  7. On the Specify stack details page, provide a name for the stack, and then click Next.
  8. On the Configure stack options page, accept all of the default values and click Next.
  9. On the Review page, scroll to the bottom and select the checkbox that acknowledges the creation of IAM resources, and then click Create stack.
    After a couple minutes, the Stack details page shows your new stack with the status of CREATE_COMPLETE. You might need to click the refresh button to update the status.

What to do next

After the stack is created, you can retrieve the role ARN. You need the role ARN to connect this CloudFormation stack in your AWS account to Tanzu Mission Control.
  1. After the stack creation is complete, click the Outputs tab.
  2. On the outputs tab, find the message created by the template that shows the role ARN for the stack.
  3. Copy the role ARN shown in the message (for example, arn:aws:iam::01234567890:role/, and then return to the Tanzu Mission Control console to finish creating the connection.