Onboard VMs to Azure Arc through the multicloud connector
The Arc onboarding solution of the multicloud connector auto-discovers VMs in a connected public cloud, then installs the Azure Connected Machine agent to onboard the VMs to Azure Arc. Currently, EC2 instances in AWS public cloud environments are supported.
This simplified experience lets you use Azure management services, such as Azure Monitor, providing a centralized way to manage Azure and AWS VMs together.
You can enable the Arc onboarding solution when you connect your public cloud to Azure.
Prerequisites
In addition to the general prerequisites for connecting a public cloud, be sure to meet the requirements for the Arc onboarding solution. This includes requirements for each EC2 instance that will be onboarded to Azure Arc.
- You must have AmazonEC2FullAccess permissions in your public cloud.
- EC2 instances must meet the general prerequisites for installing the Connected Machine agent.
- EC2 instances must have the SSM agent installed. Most EC2 instances have this preconfigured if you use a supported OS.
- The ArcForServerSSMRole IAM role attached on each EC2 instance. This role attachment must be done after you upload your Cloud Formation Template in the Connector creation steps.
AWS resource representation in Azure
After you connect your AWS cloud and enable the Arc onboarding solution, the Multicloud Connector creates a new resource group with the naming convention aws_yourAwsAccountId
.
When EC2 instances are connected to Azure Arc, representations of these machines appear in this resource group. These resources are placed in Azure regions, using a standard mapping scheme. You can filter for which Azure regions you would like to scan for. By default, all regions are scanned, but you can choose to exclude certain regions when you configure the solution.
Connectivity method
When creating the Arc onboarding solution, you select whether the Connected Machine agent should connect to the internet via a public endpoint or by proxy server. If you select Proxy server, you must provide a Proxy server URL to which the EC2 instance can connect.
For more information, see Connected machine agent network requirements.
Periodic sync options
The periodic sync time that you select when configuring the Arc onboarding solution determines how often your AWS account is scanned and synced to Azure. By enabling periodic sync, any time there is a newly discovered EC2 instance that meets the prerequisites, the Arc agent will be installed automatically.
If you prefer, you can turn periodic sync off when configuring this solution. If you do so, new EC2 instances won't be automatically onboarded to Azure Arc, as Azure won't be able to scan for new instances.
EC2 Filter Options
You can choose to filter to scan for EC2 based on AWS regions or AWS tags. You can select which regions you would like to scan for EC2 resources. You can also filter by AWS tag to only onboard EC2 machines that have the matching tag (case-insensitive) to be eligible for EC2 onboarding.
Next steps
- Learn more about managing connected servers through Azure Arc.
- Learn about the Multicloud Connector Inventory solution.