By adding a primary AWS Account, you can automatically add all the linked AWS Accounts in your organization in the vRealize Network Insight Cloud.
- Firewall Configuration for AWS API Access.
- Create a Primary and Linked Account Policy.
- Create a Role in AWS.
- Create a User in AWS Account.
- Get your Amazon Access Key ID that you created in the AWS console. For more details, see http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html.
- Get the role Amazon Resource Names (ARN) of the linked AWS account. See, Amazon Resource Names (ARNs) and AWS Service Namespaces
- If you have configured AWS API access with restricted IPs, you must whitelist the following IP address to allow communication between region specific vRealize Network Insight Cloud and AWS account:
Region IP address AU 184.108.40.206 CA 220.127.116.11 DE 18.104.22.168 JP 22.214.171.124 US 126.96.36.199 UK 188.8.131.52Note: You can locate a region from the browser URL that you use to access the service. For example, in the URL https://ca.www.mgmt.cloud.vmware.com/ni, ca indicates CA (Canada) region. Similarly in the URL https://us.www.mgmt.cloud.vmware.com/ni, us indicates the US region.
- Go to .
- Click Add Source.
- Under the Public Clouds, select Amazon Web Services.
- In the Add a New AWS Account or Source page, provide the required information.
Option Action Access Key ID Enter your Amazon Access Key ID. Secret Access Key Enter the corresponding Secret Access Key.Note: vRealize Network Insight Cloud takes 15–20 minutes to collect your AWS account data. Web Proxy (Optional) Select a web proxy from the drop-down menu.
- Click Validate.
If the number of VMs discovered exceeds the capacity of the platform, the validation fails. You will not be allowed to add a data source until you increase the brick size of the platform. The specified capacity for each brick size with and without flows is as follows:
Brick Size VMs State of Flows Large 6k Active Large 10k Deactivate Medium 3k Active Medium 6k Deactivate
- After validation of your AWS account completes, select the Add Linked Accounts Automatically (Only for Master Account) check box.
- In Role ARN, enter the role - Amazon Resource Names of the linked AWS account to trust the primary AWS Account.
- To get deeper insight of your environment, select the Enable Flow data collection (Highly Recommended) check box.
- (Optional) To enable region specific access, select the Allow access to specific AWS regions only check box.
- (Optional) In the Nickname text box, enter a nickname.
- (Optional) In the Notes text box, add a note if necessary.
- Click Submit.