How to Prepare Your AWS Environment for NetApp Cloud Volumes ONTAP Step 1

Summary:

In this document, We will set up an on-premises to AWS cloud. We will log into the AWS console to modify an existing user account. This existing user account will be given permissions to allow NetApp Cloud Volumes ONTAP to create services in AWS.

During this process, we will also show you how to create a VPC, subnet, route table, Internet Gateway, and key pair. If you have already configured your AWS network, you can skip this process and move to the next document on how to create your NetFoundry system.

 

  1. Make a note of what region you are creating your AWS service. You will need this in your next document of how to create a NetFoundry network.

  2. Some of the directions below could have changed from the time of writing this document. You may have to look around for items listed in this manual.

 

NetFoundry___ONTAP.jpg

 

Step 1: Login to your AWS account

AWS_Login_Step_1.png

 

Step 2: In the upper left corner of window, click services tab. A sub-menu will appear. Type "IAM" in the search bar and click enter

In this example, I am modifying an existing user with permissions to allow NetApp Cloud Volumes ONTAP to create services in AWS.

 

Screen_Shot_2019-09-06_at_12.38.03_PM.png

 

Step 3: From left pane, select users. In the right pane, click the user name you want to modify.

Screen_Shot_2019-09-06_at_12.17.34_PM.png

Under Permissions, click add inline policy then click the JSON tab. Delete any existing JSON lines and paste the script below. Click Review Policy, provide a policy name and click Create Policy

For additional reading on this subject, please visit https://docs.netapp.com/us-en/occm/task_getting_started_aws.html

{
    "Version": "2012-10-17",
    "Statement": [{
            "Effect": "Allow",
            "Action": [
                "iam:CreateRole",
                "iam:DeleteRole",
                "iam:PutRolePolicy",
                "iam:CreateInstanceProfile",
                "iam:DeleteRolePolicy",
                "iam:AddRoleToInstanceProfile",
                "iam:RemoveRoleFromInstanceProfile",
                "iam:DeleteInstanceProfile",
                "iam:PassRole",
                "ec2:DescribeInstanceStatus",
                "ec2:RunInstances",
                "ec2:ModifyInstanceAttribute",
                "ec2:CreateSecurityGroup",
                "ec2:DeleteSecurityGroup",
                "ec2:DescribeSecurityGroups",
                "ec2:RevokeSecurityGroupEgress",
                "ec2:AuthorizeSecurityGroupEgress",
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:RevokeSecurityGroupIngress",
                "ec2:CreateNetworkInterface",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DeleteNetworkInterface",
                "ec2:ModifyNetworkInterfaceAttribute",
                "ec2:DescribeSubnets",
                "ec2:DescribeVpcs",
                "ec2:DescribeDhcpOptions",
                "ec2:DescribeKeyPairs",
                "ec2:DescribeRegions",
                "ec2:DescribeInstances",
                "ec2:CreateTags",
                "cloudformation:CreateStack",
                "cloudformation:DeleteStack",
                "cloudformation:DescribeStacks",
                "cloudformation:DescribeStackEvents",
                "cloudformation:ValidateTemplate",
                "ec2:AssociateIamInstanceProfile",
                "ec2:DescribeIamInstanceProfileAssociations",
                "ec2:DisassociateIamInstanceProfile"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:TerminateInstances"
            ],
            "Condition": {
                "StringLike": {
                    "ec2:ResourceTag/OCCMInstance": "*"
                }
            },
            "Resource": [
                "arn:aws:ec2:*:*:instance/*"
            ]
        }
    ]
}

 

Step 4: Select the Security credentials tab

Screen_Shot_2019-09-06_at_12.18.20_PM.png

 

Step 5: Click Create access key 

AWS_IAM_Step_6.png

 

Step 6: Copy Access key ID to a secure location, then click the show button under Secret access key. Copy this key to a secure location, then click close button. Note: You will not get another chance to copy the Secret access key after you close the window.

Screen_Shot_2019-09-06_at_12.19.21_PM.png

 

Step 7: Now click services tab and type "VPC" in the search bar of sub-menu and click enter

Screen_Shot_2019-09-06_at_12.22.35_PM.png

 

Step 8: How to configure a VPC in AWS? In the left pane, select Your VPCs 

Screen_Shot_2019-09-06_at_12.24.31_PM.png

 

Step 9: Click create VPC 

Screen_Shot_2019-09-06_at_12.25.02_PM.png

 

Step 10: Create VPC and provide a name tag, IPv4 CIDR block and leave tenancy as default, unless you have a specific reason to change. Click create in the bottom right once completedAWS_VPC_Step_10.png

 

Step 11: Your VPC has been successfully created. Click the close button once confirmed.

AWS_VPC_Step_11.png

 

Step 12: How to create a subnet? On the left pane, click subnets

Screen_Shot_2019-09-06_at_12.27.09_PM.png

 

Step 13: Click create subnets

Screen_Shot_2019-09-06_at_12.27.38_PM.png

 

Step 14: Configure subnet by providing a name tag, the VPC you created in the previous steps, the availability zone of your choice and the IPv4 CIDR block. The last CIDR block could be the same. Click create in the bottom right once completed

AWS_Subnet_Step_12.png

 

Step 15: You have successfully created a subnet

AWS_Subnet_Step_13.png 

Step 16: Highlight the subnet you just created by clicking the box, then click Actions and select Modify auto-assign IP settings

Screen_Shot_2019-10-28_at_12.14.25_PM.png

 

Step 17: Click the box next to Enable auto-assign public IPv4 address and click save

Screen_Shot_2019-10-28_at_12.12.14_PM.png

 

Step 18: How to setup an Internet Gateway? On the left pane, click Internet Gateways. On the main pane, click Create internet gateway.

Screen_Shot_2019-10-28_at_12.24.52_PM.png

 

19: Provide a name for your internet gateway and click create.

Screen_Shot_2019-10-28_at_12.21.23_PM.png

 

20: Click the Actions button and select Attach to VPC

Screen_Shot_2019-10-28_at_12.29.25_PM.png

 

21: Select the VPC you created earlier and click attach.

Screen_Shot_2019-10-28_at_12.29.58_PM.png

 

22: How to create a route table? On the left pane, click Route Tables. On the main pane, click Create route table.

Screen_Shot_2019-10-28_at_12.19.02_PM.png

 

23: Provide a name, select the VPC you created earlier and click create.

Screen_Shot_2019-10-28_at_12.19.19_PM.png

 

24: How to configure your route table in AWS? On the left pane, select Route Tables. On the main pane, select the Routes tab and click Edit routes.

Screen_Shot_2019-10-28_at_4.33.20_PM.png

 

25: If you haven't done so already, select 0.0.0.0/0 and choose your internet gateway on AWS.

Screen_Shot_2019-10-28_at_4.33.42_PM.png

 

26: How to associate your subnet to an AWS route table? Click the Subnet Associations tab and select Edit subnet associations.

Screen_Shot_2019-10-28_at_4.34.18_PM.png

 

27: Click the box next to the subnet you want to select and click save

Screen_Shot_2019-10-28_at_4.34.30_PM.png

28: How to create an AWS key pair? Go to services tab in the upper left of window and type "EC2" in the search bar and click enter

Screen_Shot_2019-09-06_at_12.30.14_PM.png

 

 

Step 29: Scroll down the left pane to Network & Security and select Key Pair

AWS_Key_Pair_Step_15.png

 

Step 30: Click Create key pair

AWS_Key_Pair_Step_16.png

 

Step 31: Provide a name for your key pair and click create.

AWS_Key_Pair_Step_17.png

 

You have successfully completed step 1 of 5

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.