Set up a cloud provider account connection (or credential), to enable you to perform actions in your cloud provider account through VMware Tanzu Mission Control, such as data protection backups or creating Tanzu Kubernetes clusters.
- Lifecycle management - This type of credential enables you to provision new clusters. For more information, see Cluster Lifecycle Management in VMware Tanzu Mission Control Concepts.
- Data protection - This type of credential enables you to backup and restore cluster data. For more information, see Data Protection in VMware Tanzu Mission Control Concepts.
Although each kind of credential enables unique functionality, the process of setting up the credentials is essentially the same.
- Log in to the AWS console.
- If you are creating a credential for lifecycle management, use the EC2 service to create an SSH key pair for each region that you plan to use with Tanzu Mission Control.
- To create a cloud provider account connection, you must be associated with the organization.credential.admin role.
- In the Tanzu Mission Control console, click Administration in the left navigation pane.
- On the Administration a page, click the Accounts tab, click Create Account Credential, and then select the type of credential to create.
- On the Create credential page, provide a name for the credential, click Generate template, and then click Next.
The name that you enter is the name that appears in the list of connected accounts on the Administration page.When you click Generate template, Tanzu Mission Control generates the template and then downloads it.Note: Do not reuse a template from a previously created stack. Each time you create a cloud provider account connection, you must download the template and create a new stack, even if you use the same AWS account.
- In the AWS console, create a CloudFormation stack using the downloaded template, and when it completes retrieve the ARN.
For more information, see Create a Stack for Your Cloud Provider Account Connection.
- In the Tanzu Mission Control console, still on the Create credential page, click Next and then paste the role ARN that you copied from the AWS console.
- Click Create Credential to create the connection to your cloud provider account.
After you complete this procedure, you have a credential that you can use to perform actions through Tanzu Mission Control that require access to you cloud provider account. You can see your new credential listed on the Administration page in the Tanzu Mission Control console, and can choose that credential when you initiate an action that is dependent on your cloud provider account.