CloudCenter 4.8 has reached End of Life (EOL) as of November 14, 2018. See End of Support Notices for additional context.

Configure an Amazon Cloud

To configure the logical mapping for an Amazon Web Services (AWS) cloud, follow this process:

  1. Access the CCM UI > Admin > Clouds > Add Cloud in the CCM UI main menu.

  2. Select the Amazon Web Services option, provide a Name and Description for this cloud, and click Save.

  3. Locate the newly-added cloud and click Add Cloud Account to add an account for this cloud family. The Add Cloud Account popup displays.

    1. Assign a cloud account Name.

    2. Provide the AWS cloud credentials.

      1. AWS Email Address: The email address associated with your AWS cloud family account.
      2.  Use IAM Role:

        IAM Role

        Identity and Access Management (IAM) Role and Security Token Service (STS) are supported by the CloudCenter platform.

        Feature Depedency

        These two features are dependent on the CCO being launched (and establishing a trust relationship in AWS) using an IAM role. See http://docs.aws.amazon.com for additional details.

        To use IAM roles, you must launch the CCO VM using the admin role so you can use the IAM role at any point in the future. Launching a CCO VM with the admin role allows you to use either the IAM role or the classic key/secret key access at any time.

        For IAM role-based accounts, the CloudCenter platform requires the EC2fullAccess role (minimum requirement). If using the CloudCenter RDS out-of-box service, your account additionally requires RDSfullAccess as well.

        The CloudCenter platform requires that you launch a PaaS service using a non-IAM cloud account.

        You cannot launch an AWS PaaS service using an IAM cloud account!

        Instead of specifying the access key and secret key and so forth, you can manage instance types by using an IAM role. By default, this feature is disabled and you must explicitly enable the IAM role by toggling this button to ON when you configure an AWS Cloud.

        Tips to use IAM roles in the CloudCenter platform:

        • You can launch RDS instances using IAM role-based accounts if you meet the following requirements:

          • If a Docker container is not part of the CCO, then you must assign the Docker container VM to the same IAM role as the CCO server.

          • Be sure to attach the following sts:GetFederationToken custom policy to IAM roles (with RDSfullAccess):

            {
                "Version": "2012-10-17",
                "Statement": [{
                    "Effect": "Allow",
                    "Action": ["sts:GetFederationToken"],
                    "Resource": "*"
                }]
            }
        • You can assign an AWS ARN in the instance profile field in the Deployment Environments form by adding the iam:PassRole to the role used to launch the CCO VM.

          {
              "Version": "2012-10-17",
              "Statement": [{
                  "Effect": "Allow",
                  "Action": ["iam:PassRole"],
                  "Resource": "*"
              }]
          }

        Back to: AWS Configurations


      3. AWS Account Number: The account number from your AWS account.

      4. AWS Access Key and Secret Key: The security credentials to access this AWS account.

    3. Click Save. The newly added cloud is displayed in the Cloud Configurations page.
  1. Click the Regions tab to add a cloud region.
    1. Click Add Cloud Regions.
    2. Select the required regions for this cloud.
    1. Add the Region Name and an optional Display Name for this cloud region.
    2. Click Save.

      The Instance Types, the Storage Types, and the Image Maps sections are automatically populated with as soon as you add the region.

  2. (Optional) Click Edit Cloud Settings to update the Instance Naming Strategy, Instance IPAM Strategy, or the Node Name Config fields. The Region-Level Cloud Settings section provides more details on configuring these values.

    Caution

    If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.

    If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.

  3. To complete the cloud configuration, you must register the CCO with the CCM.

     Register the CCO with the CCM

    Register the CCO with the CCM


    Cloud Region Nuances

    Once you register a CCO with the CCM, the CCO only works for the registered cloud region.

    CloudCenter

    Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.

    While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.

    Registration Process

    To register the CCO with the CCM, follow this procedure:

    1. In the Configure Orchestrator popup, provide the CCO IP address that is accessible by CCM and select the cloud account that is used to host the CCO:

    2. If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).

      1. Click Configure Orchestrator in the Regions tab.

      2. Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.

      3. Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.

      4. Cloud Account: Select the cloud account that you want to use with this CCO.

        Amazon Cloud Nuance

        This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.

    3. Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.

      If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.

    You have registered the CCO VM and completed your configuration.

    Next Steps

    You have the following options at this point:


Return to: Configure Cloud(s)

© 2017-2019 Cisco Systems, Inc. All rights reserved