Summary:
In this document, We will set up an on-premises to AWS cloud. We will log into the AWS console to modify an existing user account. This existing user account will be given permissions to allow NetApp Cloud Volumes ONTAP to create services in AWS.
During this process, we will also show you how to create a VPC, subnet, route table, Internet Gateway, and key pair. If you have already configured your AWS network, you can skip this process and move to the next document on how to create your NetFoundry system.
-
Make a note of what region you are creating your AWS service. You will need this in your next document of how to create a NetFoundry network.
- Some of the directions below could have changed from the time of writing this document. You may have to look around for items listed in this manual.
Step 1: Login to your AWS account
Step 2: In the upper left corner of window, click services tab. A sub-menu will appear. Type "IAM" in the search bar and click enter
In this example, I am modifying an existing user with permissions to allow NetApp Cloud Volumes ONTAP to create services in AWS.
Step 3: From left pane, select users. In the right pane, click the user name you want to modify.
Under Permissions, click add inline policy then click the JSON tab. Delete any existing JSON lines and paste the script below. Click Review Policy, provide a policy name and click Create Policy
For additional reading on this subject, please visit https://docs.netapp.com/us-en/occm/task_getting_started_aws.html
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"iam:CreateRole",
"iam:DeleteRole",
"iam:PutRolePolicy",
"iam:CreateInstanceProfile",
"iam:DeleteRolePolicy",
"iam:AddRoleToInstanceProfile",
"iam:RemoveRoleFromInstanceProfile",
"iam:DeleteInstanceProfile",
"iam:PassRole",
"ec2:DescribeInstanceStatus",
"ec2:RunInstances",
"ec2:ModifyInstanceAttribute",
"ec2:CreateSecurityGroup",
"ec2:DeleteSecurityGroup",
"ec2:DescribeSecurityGroups",
"ec2:RevokeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:RevokeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeDhcpOptions",
"ec2:DescribeKeyPairs",
"ec2:DescribeRegions",
"ec2:DescribeInstances",
"ec2:CreateTags",
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:ValidateTemplate",
"ec2:AssociateIamInstanceProfile",
"ec2:DescribeIamInstanceProfileAssociations",
"ec2:DisassociateIamInstanceProfile"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/OCCMInstance": "*"
}
},
"Resource": [
"arn:aws:ec2:*:*:instance/*"
]
}
]
}
Step 4: Select the Security credentials tab
Step 5: Click Create access key
Step 6: Copy Access key ID to a secure location, then click the show button under Secret access key. Copy this key to a secure location, then click close button. Note: You will not get another chance to copy the Secret access key after you close the window.
Step 7: Now click services tab and type "VPC" in the search bar of sub-menu and click enter
Step 8: How to configure a VPC in AWS? In the left pane, select Your VPCs
Step 9: Click create VPC
Step 10: Create VPC and provide a name tag, IPv4 CIDR block and leave tenancy as default, unless you have a specific reason to change. Click create in the bottom right once completed
Step 11: Your VPC has been successfully created. Click the close button once confirmed.
Step 12: How to create a subnet? On the left pane, click subnets
Step 13: Click create subnets
Step 14: Configure subnet by providing a name tag, the VPC you created in the previous steps, the availability zone of your choice and the IPv4 CIDR block. The last CIDR block could be the same. Click create in the bottom right once completed
Step 15: You have successfully created a subnet
Step 16: Highlight the subnet you just created by clicking the box, then click Actions and select Modify auto-assign IP settings
Step 17: Click the box next to Enable auto-assign public IPv4 address and click save
Step 18: How to setup an Internet Gateway? On the left pane, click Internet Gateways. On the main pane, click Create internet gateway.
19: Provide a name for your internet gateway and click create.
20: Click the Actions button and select Attach to VPC
21: Select the VPC you created earlier and click attach.
22: How to create a route table? On the left pane, click Route Tables. On the main pane, click Create route table.
23: Provide a name, select the VPC you created earlier and click create.
24: How to configure your route table in AWS? On the left pane, select Route Tables. On the main pane, select the Routes tab and click Edit routes.
25: If you haven't done so already, select 0.0.0.0/0 and choose your internet gateway on AWS.
26: How to associate your subnet to an AWS route table? Click the Subnet Associations tab and select Edit subnet associations.
27: Click the box next to the subnet you want to select and click save
28: How to create an AWS key pair? Go to services tab in the upper left of window and type "EC2" in the search bar and click enter
Step 29: Scroll down the left pane to Network & Security and select Key Pair
Step 30: Click Create key pair
Step 31: Provide a name for your key pair and click create.
You have successfully completed step 1 of 5
Comments
0 comments