Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jose_Rivera
Participant

AWS Transit VPC - Multi AWS Accounts

Hi,

We successfully deployed a Transit VPC in AWS using the Deployment guide, with auto-vpn provisioning for spoke VPC. 

The question revolves around supporting more than TWO AWS accounts. The guide does not seem to cover this or we could not find a good reference.

Environment:

OnPrem R80.10 MDS

AWS Main account holds Transit VPC gateways (used key and secret for auth)

AWS sub-account1 has spoke VPC (auth via STS auth and role)

We have four or five more sub-accounts we would like to add to the configuration leveraging the same Transit VPC. While we see we can possibly add more "controllers" using autoprov-cfg, it is not clear if this is the right approach and even if this would build VPN tunnels back to the main transit VPC hub.

Can someone help us determine the right next steps?

2 Replies
Arnfinn_Strand
Employee
Employee

Hi,

It should be as easy as adding the sub account to the autoprovisioning like this:

autoprov-cfg set controller AWS -cn <MAIN CONTROLLER> -sn <SUBACCOUNT-NAME> -ssr <STS-ROLE-ARN>

There are some examples in the Transit VPC for AWS R80.10 Deployment Guide.

Under the "Examples of autoprov-cfg Configuration" section.

Arnfinn

0 Kudos
Jose_Rivera
Participant

It really was that "easy"! 

This automation is a HUGE timesaver. Our DevOps team has been building and tearing down VPCs, testing the whole process with great success.

Thanks to the developers for making our lives easier. Smiley Happy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.