Automating the account linking process in VMware Cloud on AWS

2 minute read
Content level: Advanced
0

Demonstrates API calls required to automatically link a VMC org to a VPC

Summary

The VMware Cloud on AWS account linking process allows an administrator to connect a VMC SDDC to a VPC. This connected VPC is accessible to the SDDC via a high speed, low latency Elastic Network Interface.

The normal process for performing the account linking is done manually within the VMware Cloud on AWS Console. A Cloud Formation template is generated, which the customer then executes in the customer's AWS account. For customers that are building lab environments, or for customers that build all infrastructure as code, this manual process is suboptimal. I recently had to figure out the API calls for a workshop, and I am publishing the results here.

This is not intended as a full tutorial on how to authenticate to the VMC on AWS API or how to use the boto3 library. It is intended to highlight the required API calls.

Code

This is a snippet from a Python class that already has a valid access token and organization ID. The account-link API call returns 4 properties, all of which are saved to the class object.

        myHeader = {'csp-auth-token': self.vmc_auth.access_token}
        myURL = f'https://vmc.vmware.com/vmc/api/orgs/{self.org_id}/account-link'
        response = requests.get(myURL,headers=myHeader)
        json_response = response.json()
        self.link_template_url = json_response['template_url']
        self.link_template_execution_url = json_response['template_execution_url']
        self.link_expiration_date = json_response['expiration_date']
        self.link_tracking_task = json_response['tracking_task']

This script is also executed with AWS environment variables defined, giving it access to the AWS account that we want to use for the ConnectedVPC. Note that this process must run in us-west-2. This snippet demonstrates using the link_template_url property of the class object (link_sddc) that I use in the script.

CloudFormation downloads the template directly from a VMware-owned S3 bucket and executes it. The output is a CloudFormation stack ID, which you could use to monitor the stack progress using the boto3 CloudFormation API

session = boto3.Session()
cf_svc = boto3.client('cloudformation', region_name='us-west-2')
response = cf_svc.create_stack(StackName='SDDC-Account-Link',TemplateURL=link_sddc.link_template_url,Capabilities=['CAPABILITY_IAM'])
print(f"Stack ID: {response['StackId']}")

After the stack's tasks complete, you can then connect SDDCs in the org to the specified VPC.

profile pictureAWS
EXPERT
published 6 months ago1031 views