- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: AWS Transit VPC - Multi AWS Accounts
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AWS Transit VPC - Multi AWS Accounts
Hi,
We successfully deployed a Transit VPC in AWS using the Deployment guide, with auto-vpn provisioning for spoke VPC.
The question revolves around supporting more than TWO AWS accounts. The guide does not seem to cover this or we could not find a good reference.
Environment:
OnPrem R80.10 MDS
AWS Main account holds Transit VPC gateways (used key and secret for auth)
AWS sub-account1 has spoke VPC (auth via STS auth and role)
We have four or five more sub-accounts we would like to add to the configuration leveraging the same Transit VPC. While we see we can possibly add more "controllers" using autoprov-cfg, it is not clear if this is the right approach and even if this would build VPN tunnels back to the main transit VPC hub.
Can someone help us determine the right next steps?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
It should be as easy as adding the sub account to the autoprovisioning like this:
autoprov-cfg set controller AWS -cn <MAIN CONTROLLER> -sn <SUBACCOUNT-NAME> -ssr <STS-ROLE-ARN>
There are some examples in the Transit VPC for AWS R80.10 Deployment Guide.
Under the "Examples of autoprov-cfg Configuration" section.
Arnfinn
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It really was that "easy"!
This automation is a HUGE timesaver. Our DevOps team has been building and tearing down VPCs, testing the whole process with great success.
Thanks to the developers for making our lives easier.