Connecting a cloud provider account

Set up a cloud provider account connection in VMware Tanzu Mission Control so you can start creating clusters. This procedure walks you through the process of creating a cloud provider account connection with AWS using Role ARN.

A cloud provider account connection is only necessary for provisioning new clusters from Tanzu Mission Control. If you don’t want to create clusters right now, you can skip this section.

What to do first

Before you connect to an AWS cloud provider account:

  • Log in to the Tanzu Mission Control console.
  • Log in to the AWS console.
  • Make sure that you have the credential.admin role in Tanzu Mission Control.

Connect to an AWS account

Do the following to connect to an AWS account:

  1. In the Tanzu Mission Control console, click Administration in the left navigation pane.

  2. On the Administration page, click Credentials > Create Credentials > AWS EKS.

    Create Credential for AWS

  3. On the Create credential page, provide a name for the credential, and click Next.

    The name that you enter is the name that appears in the list of connected accounts on the Administration page.

  4. Click Generate Template.

    Tanzu Mission Control generates and downloads the template.

  5. After the template is generated, click Next.

  6. In AWS, create a standard CloudFormation stack using the downloaded template.

    1. On the AWS console, use the CloudFormation service to create a stack (with new resources).
    2. When prompted, click Upload a template file and use the template you downloaded.
    3. On the Review page, scroll to the bottom and select the checkbox that acknowledges the creation of IAM resources, and then click Create stack.

    After a few minutes, the Stack details page shows your new stack with the status of CREATE\_COMPLETE. Click the refresh button to update the status.

  7. After the stack is created, retrieve the role ARN.

    1. On the AWS console, go to CloudFormation > Stacks > your stack > Outputs.
    2. On the Outputs tab, find the message created by the template that shows the Role ARN.
    3. Copy the role ARN shown in the message (for example, arn:aws:iam::01234567890:role/, and then return to the Tanzu Mission Control console to finish creating the connection.
  8. In the Tanzu Mission Control console, paste the Role ARN that you copied from the AWS console in the Role ARN field.

  9. Click Create to create the connection to your AWS account.

check-circle-line exclamation-circle-line close-line
Scroll to top icon