VRA – Going Multi Cloud with AWS endpoint

In this section I want to cover just how easy it is to connect to a cloud service. The three big ones (AWS, Azure, and Google) all offer free accounts to get you started. This will in turn allow you to add endpoints in each cloud and thus give you greater flexibility in getting started on provisioning to multiple data centers. I chose to do AWS first because it is already built into vRA from the point of installation.

AWS

To setup AWS access to vRA you need to obtain access keys. These can be obtained by doing the following:
Create an (free) account if you don’t have one already. (www.aws.com/free)
Create an IAM user from the Users Console (https://console.aws.amazon.com/iam/home#)
Once logged in go to the users pane on the IAM Management Console
1_iam_console
Go to users and click on add users on the left side

2_add_user
From there follow the guide through:

  1. – adding a User name
  2. Enable type of user, you need programmatic access to get access to AWS. The other option is for a user who can manage things in the console.
  3. Set the permissions and create a group (If needed). (AmazonEC2FullAccess and System Administator (as I found out))
  4. Add a Tag. This is optional.
  5. At the end you will be give the access key and the secret access key. Make a note of these are you need them when adding the endpoint.

3_user_created

So for AWS that was it, now to add it in vRA. Log into your tenant with your Fabric Admin. Go to Infrastructure –> Endpoints and select Endpoints. We should already have two vCenter endpoints from earlier.

11_second_endpoint

Click on New –> Cloud –> Amazon EC2

4_aws_ec2_new

Give the endpoint a name, optionally a description and enter the access and secret access keys. (Forgive me for hiding the Access Key ID 🙂

5_AWS_ec2_info

Click OK to finish. You now should have 3 endpoints.

6_AWS_ec2_completed

That should be that. It may take a bit of time to show up because resources must be pulled in.

If needed you can request data collection by going to the endpoint, select your AWS endpoint and select data collection.

7_aws_data_collection

AS you can see here for me it failed, but you can request a new one by clicking the start collection below. Hit the refresh button for updates.

8_aws_data_collection_error

If you get a failed message repeatedly it may be worth it to go and check the logs under monitoring. Here it usually shows if you have problems or if all is running well. As you can see here I get an authorization error.

9_monitoring_errors_aws

After a while I found out that apart from AmazonEC2FullAccess I also needed the system administrator privilege. After this I got the endpoints in the Fabric Groups.

11_fabric_group

That completes adding the AWS endpoint.