Set up a cloud provider account connection (or credential), to enable you to perform data protection backups and restores in your cloud provider account through VMware Tanzu Mission Control.

To use data protection features with a target location managed by Tanzu Mission Control, you must first connect a cloud provider account. For more information, see Data Protection in VMware Tanzu Mission Control Concepts.
Note: If you want to use a data protection target location that you create and manage externally, see Create a Data Protection Credential for Self-Provisioned Storage.


Before you can set up a connection to your cloud provider account, make sure you have access to the account.

Also make sure you have the appropriate permissions to create the credential.
  • To create a data protection credential, you must be associated with the organization.credential.admin role.


  1. In the Tanzu Mission Control console, click Administration in the left navigation pane.
  2. On the Credentials tab of the Administration a page, click Create Credential, and then select the type of credential to create.
    To use the AWS S3 storage managed by Tanzu Mission Control in your cloud provider account, select AWS S3 under TMC provisioned storage.
  3. On the Create credential page, provide a name for the credential, click Generate template, and then click Next.
    The name that you enter is the name that appears in the list of connected accounts on the Administration page.
    When you click Generate template, Tanzu Mission Control generates the template and then downloads it.
    Note: Do not reuse a template from a previously created stack. Each time you create a cloud provider account connection, you must download the template and create a new stack, even if you use the same AWS account.
  4. In the AWS console, create a CloudFormation stack using the downloaded template, and when it completes retrieve the ARN.
  5. In the Tanzu Mission Control console, still on the Create credential page, click Next and then paste the role ARN that you copied from the AWS console.
  6. Click Create Credential to create the connection to your cloud provider account.


After you complete this procedure, you have a credential that you can use to perform actions through Tanzu Mission Control that require access to your cloud provider account. You can see your new credential listed on the Administration page in the Tanzu Mission Control console, and can choose that credential when you initiate an action that is dependent on your cloud provider account.