Turbonomic

 View Only

Turbonomic - AWS Cloud Target Consolidation

By Rajesh Kanna posted 23 hours ago

  

AWS Public Cloud: Target Consolidation Benefits

AWS Cloud Target: Onboarding Permissions

What’s New:  Cross account IAM Role Introduced from 8.14.4**
  • IAM role with Cross-Account trust relationship in Turbonomic to access multiple AWS member accounts
  • Allows another AWS account to assume the role)
 

✅ IAM Role Supported Turbonomic deployment models: With Cross account trust relationships & IAM Users

  • SaaS
  • On Kubernetes cluster in AWS EKS or Red Hat OpenShift Service on AWS (ROSA)
 
User to  Set up cross-account IAM role for a management account that uses and IAM role:
 

🗙 IAM Role Not supported Turbonomic deployment models: Use IAM Users only

  • On premises using an OVA or VHD image
  • Red Hat OpenShift on IBM Cloud
  • On Kubernetes or Red Hat OpenShift on other cloud providers
User to set up cross account IAM role for a management account that uses an IAM User:

IAM User Vs IAM Role

Enable Trust relationship: IAM User & IAM Roles

Goal: Allows the user to assume the role and access resources in the other accounts
 
  1. IAM User for AWS Management account: Create the IAM User
  2. Target Accounts IAM Roles: AWS member accounts, that user wants Turbonomic to be discovered
    • Choose every AWS account as the trusted entity type during the IAM role creation
    • Specify Trusted account: Select the AWS Management account (Source Account ID) where the IAM User exists
    • Ensure policies that define permissions the role will have on the resources (like S3 read, write, EC2 full access…)
    • Assume Role: Ensure the Trust policy inside every role allows IAM User from Management account to assume the role

        3. Grant IAM user permission to Assume the role: Cross Account Access role

    • Inside AWS Management account > IAM Service
    • Ensure the attached policy to allow “AssumeRole” action for the Target role
 

AWS Cloud Target: User Experience

 
Then: Less guided with Multiple accounts – targets configuration
 
Now: (From 8.14.4) Guided with single & multiple accounts configuration options
 
 
 
Note: Adding member account credentials to a multi-account target is not a valid use case

0 comments
5 views

Permalink