Turbonomic - AWS Cloud Target Consolidation

View Only

Turbonomic - AWS Cloud Target Consolidation

By Rajesh Kanna posted 4 days ago

Like

AWS Public Cloud: Target Consolidation Benefits

AWS Cloud Target: Onboarding Permissions

What’s New: Cross account IAM Role Introduced from 8.14.4**

IAM role with Cross-Account trust relationship in Turbonomic to access multiple AWS member accounts
Allows another AWS account to assume the role)

✅ IAM Role Supported Turbonomic deployment models: With Cross account trust relationships & IAM Users

SaaS
On Kubernetes cluster in AWS EKS or Red Hat OpenShift Service on AWS (ROSA)

User to Set up cross-account IAM role for a management account that uses and IAM role:

https://www.ibm.com/docs/en/tarm/8.15.0?topic=turbonomic-setting-up-aws-cross-account-iam-role#Cloud_AWSMemberRole__title__3

🗙 IAM Role Not supported Turbonomic deployment models: Use IAM Users only

On premises using an OVA or VHD image
Red Hat OpenShift on IBM Cloud
On Kubernetes or Red Hat OpenShift on other cloud providers

User to set up cross account IAM role for a management account that uses an IAM User:

https://www.ibm.com/docs/en/tarm/8.15.0?topic=turbonomic-setting-up-aws-cross-account-iam-role#Cloud_AWSMemberRole__CrossAccountIAMUser__title__1

IAM User Vs IAM Role

Enable Trust relationship: IAM User & IAM Roles

Goal: Allows the user to assume the role and access resources in the other accounts

IAM User for AWS Management account: Create the IAM User
Target Accounts IAM Roles: AWS member accounts, that user wants Turbonomic to be discovered

- Choose every AWS account as the trusted entity type during the IAM role creation
- Specify Trusted account: Select the AWS Management account (Source Account ID) where the IAM User exists
- Ensure policies that define permissions the role will have on the resources (like S3 read, write, EC2 full access…)
- Assume Role: Ensure the Trust policy inside every role allows IAM User from Management account to assume the role

3. Grant IAM user permission to Assume the role: Cross Account Access role

- Inside AWS Management account > IAM Service
- Ensure the attached policy to allow “AssumeRole” action for the Target role

AWS Cloud Target: User Experience

Then: Less guided with Multiple accounts – targets configuration

Now: (From 8.14.4) Guided with single & multiple accounts configuration options

Note: Adding member account credentials to a multi-account target is not a valid use case

0 comments

9 views

IBM IT Automation Community

Come for answers, stay for best practices. All we're missing is you.

IT Automation