Turbonomic

Turbonomic

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

Turbonomic - AWS Cloud Target Consolidation

By Rajesh Kanna posted Fri February 21, 2025 01:35 PM

  

AWS Public Cloud: Target Consolidation Benefits

AWS Cloud Target: Onboarding Permissions

What’s New:  Cross account IAM Role Introduced from 8.14.4**
  • IAM role with Cross-Account trust relationship in Turbonomic to access multiple AWS member accounts
  • Allows another AWS account to assume the role)
 

✅ IAM Role Supported Turbonomic deployment models: With Cross account trust relationships & IAM Users

  • SaaS
  • On Kubernetes cluster in AWS EKS or Red Hat OpenShift Service on AWS (ROSA)
 
User to  Set up cross-account IAM role for a management account that uses and IAM role:
 

🗙 IAM Role Not supported Turbonomic deployment models: Use IAM Users only

  • On premises using an OVA or VHD image
  • Red Hat OpenShift on IBM Cloud
  • On Kubernetes or Red Hat OpenShift on other cloud providers
User to set up cross account IAM role for a management account that uses an IAM User:

Note: Please read the latest Turbonomic Version documentation for the recently added content on this subject

IAM User Vs IAM Role

Enable Trust relationship: IAM User & IAM Roles

Goal: Allows the user to assume the role and access resources in the other accounts
 
  1. IAM User for AWS Management account: Create the IAM User
  2. Target Accounts IAM Roles: AWS member accounts, that user wants Turbonomic to be discovered
    • Choose every AWS account as the trusted entity type during the IAM role creation
    • Specify Trusted account: Select the AWS Management account (Source Account ID) where the IAM User exists
    • Ensure policies that define permissions the role will have on the resources (like S3 read, write, EC2 full access…)
    • Assume Role: Ensure the Trust policy inside every role allows IAM User from Management account to assume the role

        3. Grant IAM user permission to Assume the role: Cross Account Access role

    • Inside AWS Management account > IAM Service
    • Ensure the attached policy to allow “AssumeRole” action for the Target role
 

AWS Cloud Target: User Experience

 
Then: Less guided with Multiple accounts – targets configuration
 
Now: (From 8.14.4) Guided with single & multiple accounts configuration options
 
 
 
Note: Adding member account credentials to a multi-account target is not a valid use case

How it Works for an AWS User?

Use case 1: Adding multi account AWS Target. (Keeping the existing individual AWS targets in place)

  • New accounts will get created in Turbonomic and their resources will be discovered successfully with IAM Cross account role enabled
  • Duplicate accounts (Accounts that exist with the individual active AWS targets along with their resources). These accounts will be ignored from the discovery cycle with multi account target and  a warning message notified to the user
  • Entity IDs will persist during this process So that it ensures the metrics, market actions, groups and policies persist

Use case 2: Adding multi account AWS Target, after deleting individual AWS targets (Partial Deletion of individual Targets)

  • Only the accounts deleted will be discovered as new targets along with their resources
  • Resources/Entities those already exist in the instance (belonging to those deleted accounts) will persist along with their metrics, market actions, groups & policies 

Note: entity ids (UUIDs) of the resources belonging to the deleted accounts will be persisted in the Turbonomic instance

Use case 3: Adding multi account AWS Target, after deleting individual AWS targets (Full Deletion of individual Targets)

  • All the existing accounts deleted, will be re-discovered as new targets with their resources
  • Resources/Entities those already exist in the instance (from all the deleted accounts) will persist along with their metrics, market actions, groups & policies 

Note: entity ids (UUIDs) of the resources belonging to the deleted accounts will persist in the Turbonomic instance

co-author: Ferdinand Llameg <fllameg@ca.ibm.com>

0 comments
23 views

Permalink

https://community.ibm.com/community/user/blogs/rajesh-kanna/2025/02/21/turbonomic-aws-cloud-target-consolidation