Configure an Amazon Cloud
To configure the logical mapping for an Amazon Web Services (AWS) cloud, follow this process:
Access the CCM UI > Admin > Clouds > Add Cloud in the CCM UI main menu.
Select the Amazon Web Services option, provide a Name and Description for this cloud, and click Save.
Locate the newly-added cloud and click Add Cloud Account to add an account for this cloud family. The Add Cloud Account popup displays.
Assign a cloud account Name.
Provide the AWS cloud credentials.
- AWS Email Address: The email address associated with your AWS cloud family account.
- Use IAM Role:
Identity and Access Management (IAM) Role and Security Token Service (STS) are supported by the CloudCenter platform.
These two features are dependent on the CCO being launched (and establishing a trust relationship in AWS) using an IAM role. See http://docs.aws.amazon.com for additional details.
To use IAM roles, you must launch the CCO VM using the admin role so you can use the IAM role at any point in the future. Launching a CCO VM with the admin role allows you to use either the IAM role or the classic key/secret key access at any time.
For IAM role-based accounts, the CloudCenter platform requires the EC2fullAccess role (minimum requirement). If using the CloudCenter RDS out-of-box service, your account additionally requires RDSfullAccess as well.
The CloudCenter platform requires that you launch a PaaS service using a non-IAM cloud account.
You cannot launch an AWS PaaS service using an IAM cloud account!
Instead of specifying the access key and secret key and so forth, you can manage instance types by using an IAM role. By default, this feature is disabled and you must explicitly enable the IAM role by toggling this button to ON when you configure an AWS Cloud.
Tips to use IAM roles in the CloudCenter platform:
You can launch RDS instances using IAM role-based accounts if you meet the following requirements:
If a Docker container is not part of the CCO, then you must assign the Docker container VM to the same IAM role as the CCO server.
Be sure to attach the following sts:GetFederationToken custom policy to IAM roles (with RDSfullAccess):
You can assign an AWS ARN in the instance profile field in the Deployment Environments form by adding the iam:PassRole to the role used to launch the CCO VM.
Back to: AWS Configurations
AWS Account Number: The account number from your AWS account.
AWS Access Key and Secret Key: The security credentials to access this AWS account.
- Click Save. The newly added cloud is displayed in the Cloud Configurations page.
- Click the Regions tab to add a cloud region.
- Click Add Cloud Regions.
- Select the required regions for this cloud.
- Add the Region Name and an optional Display Name for this cloud region.
The Instance Types, the Storage Types, and the Image Maps sections are automatically populated with as soon as you add the region.
(Optional) Click Edit Cloud Settings to update the Instance Naming Strategy, Instance IPAM Strategy, or the Node Name Config fields. The Region-Level Cloud Settings section provides more details on configuring these values.
If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.
If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.
To complete the cloud configuration, you must register the CCO with the CCM.Register the CCO with the CCM
Register thewith the
Cloud Region Nuances
Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.
While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.
To register thewith the , follow this procedure:
In the Configure Orchestrator popup, provide theIP address that is accessible by and select the cloud account that is used to host the :
If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).
Click Configure Orchestrator in the Regions tab.
Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.
Cloud Account: Select the cloud account that you want to use with this CCO.
Amazon Cloud Nuance
This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.
Click Save. Theand have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed .
If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.
You have registered theVM and completed your configuration.
You have the following options at this point:
Add other cloud regions and register a CCO for each of these clouds. See Per Cloud Region (Required) for additional context.
Map your images. See Map Images for additional context.
If you need to grant permissions to launch images for your cloud account, see Image Launch Permissions.
Model, Deploy, and Manage Applications. See Application Profile for additional context.
Return to: Configure Cloud(s)