Demonstrates API calls required to automatically link a VMC org to a VPC
Summary
The VMware Cloud on AWS account linking process allows an administrator to connect a VMC SDDC to a VPC. This connected VPC is accessible to the SDDC via a high speed, low latency Elastic Network Interface.
The normal process for performing the account linking is done manually within the VMware Cloud on AWS Console. A Cloud Formation template is generated, which the customer then executes in the customer's AWS account. For customers that are building lab environments, or for customers that build all infrastructure as code, this manual process is suboptimal. I recently had to figure out the API calls for a workshop, and I am publishing the results here.
This is not intended as a full tutorial on how to authenticate to the VMC on AWS API or how to use the boto3 library. It is intended to highlight the required API calls.
Code
This is a snippet from a Python class that already has a valid access token and organization ID.
The account-link API call returns 4 properties, all of which are saved to the class object.
myHeader = {'csp-auth-token': self.vmc_auth.access_token}
myURL = f'https://vmc.vmware.com/vmc/api/orgs/{self.org_id}/account-link'
response = requests.get(myURL,headers=myHeader)
json_response = response.json()
self.link_template_url = json_response['template_url']
self.link_template_execution_url = json_response['template_execution_url']
self.link_expiration_date = json_response['expiration_date']
self.link_tracking_task = json_response['tracking_task']
This script is also executed with AWS environment variables defined, giving it access to the AWS account that we want to use for the ConnectedVPC. Note that this process must run in us-west-2
. This snippet demonstrates using the link_template_url
property of the class object (link_sddc
) that I use in the script.
CloudFormation downloads the template directly from a VMware-owned S3 bucket and executes it. The output is a CloudFormation stack ID, which you could use to monitor the stack progress using the boto3 CloudFormation API
session = boto3.Session()
cf_svc = boto3.client('cloudformation', region_name='us-west-2')
response = cf_svc.create_stack(StackName='SDDC-Account-Link',TemplateURL=link_sddc.link_template_url,Capabilities=['CAPABILITY_IAM'])
print(f"Stack ID: {response['StackId']}")
After the stack's tasks complete, you can then connect SDDCs in the org to the specified VPC.