Appendix - SDDC Deployment and Best Practices Guide on AWS

Appendix

IAM roles

"Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:GetTemplateSummary", "cloudformation:ListStackResources", "cloudformation:GetTemplate", "cloudformation:ListChangeSets", "cloudformation:GetStackPolicy" ], }, { "Effect": "Allow", "Action": [ "iam:CreateRole", "iam:CreatePolicy", "iam:AttachRolePolicy", "iam:GetRole", "iam:PassRole", "iam:PutRolePolicy", "lambda:CreateFunction", "lambda:InvokeFunction", "lambda:GetFunctionConfiguration", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources" ],

The other roles remain in your AWS account:

  • arn:aws:iam::aws:policy/AmazonVPCCrossAccountNetworkInterfaceOperations

  • arn:aws:iam::role/vmware-sddc-formation-4c517b6f-1e2-BasicLambdaRole-SD4OX7YN3MNU

  • arn:aws:iam::role/vmware-sddc-formation-4c517b6f-1e2-RemoteRolePayer-169300WFK6EYA

  • arn:aws:iam::aws:policy/AmazonVPCCrossAccountNetworkInterfaceOperations