The customer was using vRA Cloud with extensive hybrid cloud offerings. The customer had a legacy 7.x vRA environment connected to the public clouds (AWS and Azure). They were using custom vRO objects based on dynamic types for AWS S3 storage catalog. After moving to vRA Cloud they continued using the dynamic types for S3 objects in vRA Cloud. I decided to do a demo for the customer just to show them how easy it is to now consume some of these public cloud objects like S3 storage with vRealize Automation Cloud.
The solution starts with creating and onboarding the AWS cloud account to vRA C.
- Create an AWS Account.
- Create an “IAM” user with appropriate permissions. For my demo I provided AdministratorAccess
- Copy the access key id and secret access key for the user. It will be required while onboarding the account to vRA.
- Go to vRA Cloud –> Infrastructure –> Amazon Web Services
- Add the Cloud Account Name, Access key ID , Secret access key copied in the above steps.
- Configure the regions in which provisoning will be allowed.
- Create the cloud zone for the selected region.
- I usually add my lab tags for the capabilities.
vRA Cloud now provides all the AWS S3 objects as simple drag and drop items to the canvas. It’s as easy as creating a vsphere machine with a cloud template now. For the purpose of this demo, I created the following.
- AWS S3 bucket with the following features
- Bucket version enabled.
- Object Lock enabled.
- Force Destory enabled.
- Lifecycle rule.
- AWS S3 bucket policy with public access ( Please note that this policy was just to demo the policy feature. This should not be used unless there is a specific requirement)
- AWS S3 bucket object with a static key (filename) and fixed content.
S3 Object has been created with the required properties and policy
S3 Bucket created
Bucket properties: Versioning has been enabled as per the cloud template.
Lifecycle rule created
Bucket Policy Created
File object in the S3 bucket created.
If you are looking for the available properties and their accepted values, check the VMware documentation. Since the OOB S3 objects use terraform in the backend, terraform provides better documentation and example for these properties.
AWS S3 Buckets:
AWS S3 Bucket Policy :
You can also generate the policy using the native AWS console and pass it in your cloud template as JSON.
AWS Policy Generator :
Bucket Policy Examples :
AWS S3 bucket object:
vRA Cloud Template (blueprint)
Out Of Box S3 integration provides most of the required features. However, I found that “Intelligent-Tiering Archive configurations” are currently not available. Customers can configure the day 2 operations on these objects and unlock a range of operations that can be done by API. It is important that we avoid dynamic types for anything that is readily available as an OOB integration from stability and future scalability perspective.