Link Search Menu Expand Document

Cloud Hubs in AWS

Configuration > Cloud Services > IaaS > Deploy Cloud Hubs in AWS

The Cloud Hubs in AWS tab provides the AWS account details and EC-V deployment configuration details for all cloud EC-Vs that have been deployed.

Use this tab to:

  • Create and modify AWS accounts

  • Deploy EC-Vs in the AWS cloud

  • Remove an AWS cloud deployment

NOTE: Before you can deploy EC-Vs to the AWS cloud, you must perform several tasks in AWS. For more information, see AWS Account Configuration.

The following table describes each field on this tab.

NameName given on the deployment configuration page.
VPCCIDR block used for deployment.
AccountName of the AWS account that was used to deploy the EC-Vs.
InstancesNumber of EC-V instances in the deployment. To add one or more EC-Vs to the deployment, click +Add. In the New Instance on AWS dialog box, select the availability zone to use and any optional tags to apply to the new instance.

Max indicates that the maximum number of instances have been created for the VPC CIDR block.
StatusStatus of the deployment. If more information is available, an info icon is displayed.

NOTE: If the deployment was incomplete, the info dialog contains a link to download the log file and steps to resolve the issue.
TerminateTo permanently delete a deployment, click Terminate. This action deletes all resources associated with the EC-Vs, including all EC2 resources.
Deployment InfoClick the info icon in this column to view deployment and instance details, including the IP addresses associated with the mgmt0, wan0, and lan0 interfaces.
ResourcesClick the info icon in this column to view details about each AWS resource that Orchestrator created during the deployment. This information is helpful when, for example, you need to identify the IP address of a security group to add a user to.
CommentComments that were added to the deployment when the EC-V was created. To edit the comment, click the edit icon.

Create or Modify an AWS Account

To create or modify an AWS account to Orchestrator:

  1. Click AWS Accounts.

    The AWS Accounts dialog box opens.

  2. Click New AWS Account or click the edit icon next to the account you want to edit.

    The AWS Account Configuration dialog box opens.

  3. Complete or modify the elements as necessary.

Deploy a New EC-V

Click New Deployment to deploy one or more EC-V instances in AWS.

Remove an EC-V

If a deployment does not complete or you no longer want the EC-V in the AWS cloud, you can remove the deployment and all associated artifacts.

To remove a deployment, locate the deployment you want to remove, and then click Terminate in the desired row.

AWS Accounts

The AWS Accounts dialog box lists all of the AWS accounts that have been added.


  • Click Add AWS Account to create a new account for EC-V deployments.

  • Click the edit icon next to an existing account to modify that account’s details.

NOTE: You cannot modify accounts that have active deployments.

AWS Account Configuration

Complete the following steps to create an AWS IAM user account with the required permissions for creating EC-V instances in AWS.

Create a Policy with Required Permissions

  1. Log in to the AWS Dashboard.

  2. On the Find Services search menu, enter IAM to open the Identity and Access Management (IAM) page.

  3. Under Access Management, click Policies. The Policies page opens.

  4. Click Create policy and click the JSON tab.

  5. Delete the existing text.

  6. Go to this web page, click the link for your version of Orchestrator, and then copy and paste the JSON policy text into the editor.

  7. Click Next: Tags.

  8. (Optional) Add metadata to the policy by attaching tags as key-value pairs.

  9. On the Review policy page, enter a name and optional description for the new policy.

  10. Review the policy summary to see the permissions granted by your policy, and then click Create policy to save your work.

Attach Policy to the Orchestrator IAM User Account

  1. Click Users > Add user. The Add user page opens.

  2. Enter a user name in the User name field (for example, ArubaOrchestrator).

  3. Under Access type, select Programmatic access, and clear the AWS Management Console access check box.

  4. Click Next: Permissions.

  5. Under Set Permissions, click Attach existing policies.

  6. Select the Policy document you created from the list, and then click Next: Review.

  7. Under Permissions summary, click Add permissions.

Download Orchestrator IAM User Account Credentials

  1. On the Users page, click the Security credentials tab.

  2. Download or copy and paste the Access key ID and Secret key ID to a secure place for later use.

Create a Key Pair to Assign to EC‑Vs

Review the instructions on this page to create a key pair on the AWS region where you plan to deploy the EC-V.

Add the AWS Account to Orchestrator

Complete the following fields for Orchestrator, and then click Save when finished.

NameEnter a unique name. If you have multiple AWS accounts, you must enter a unique name for each account.
Access KeyEnter the Orchestrator IAM user’s Access Key ID that you saved earlier.
Secret KeyEnter the Orchestrator IAM user’s Secret Key ID that you saved earlier.
CommentEnter a comment that provides any additional information about the AWS account.

Orchestrator validates the account information. This takes approximately 45 seconds.

AWS Deployment Configuration

Use the AWS Deployment Configuration page to create one or more EC-V instances in an AWS region.

NOTE: If you do not have an AWS account configured in Orchestrator, the AWS Deployment Configuration dialog box is blank. Click the Accounts link to create an AWS account.


NameEnter a name for the deployment. This name is used only for identifying the deployment. A deployment consists of one or more EC-Vs that an Orchestrator creates in an AWS Virtual Private Cloud (VPC). Only alphanumerical letters and hyphens are allowed in the deployment name. The maximum allowed length is 20 characters.
AWS AccountSelect an AWS account to use for deploying the EC-V.
RegionSelect an AWS region where you want to deploy the EC-V.
VPC CIDREnter a VPC Classless Inter-Domain Routing (CIDR) block. The smallest supported CIDR block is /24 and the largest supported CIDR block is /16. Orchestrator creates all AWS resources required for the EC-V deployment within this VPC. For each EC-V you deploy, Orchestrator creates three subnets that are /28 in size. In other words, if you deploy two EC-Vs, Orchestrator creates six subnets in total. This is true even if both EC-Vs are created in a single Availability Zone.
SSH KeySelect an existing AWS key pair to assign to the EC-V. A key pair must be created prior to the deployment.
Boost (Optional)Boost requires additional resources on an AWS EC2 instance. After Boost and an appropriate WAN Bandwidth value are selected, Orchestrator displays the appropriate AWS instance types for the deployment on the Instance Type drop-down menu.

NOTE: Selecting the Boost check box does not enable Boost on the EC-V. It only allows Orchestrator to display appropriate AWS instance types that can support Boost for the selected WAN bandwidth. To enable Boost on the EC-V, go to the Deployment page and the Business Intent Overlay (BIO) page after the deployment is complete.
WAN BandwidthThe Bandwidth drop-down list displays the current EdgeConnect license tiers. After you select a WAN Bandwidth value, Orchestrator displays the appropriate AWS instance types for the deployment on the Instance Type drop-down menu.
Instance TypeBased on your selection of Boost and WAN Bandwidth values, Orchestrator displays the appropriate AWS instance types on this drop-down menu.
AWS Tags (Optional)Any comma-separated tags entered here are applied to all AWS resources that Orchestrator creates while deploying the EC-V. If you do not enter any tags, Orchestrator automatically creates a unique tag for each AWS resource that it creates while deploying the EC-V. This AWS tag is created to identify each resource created by Orchestrator. The tag is formatted as follows: sp-automated-deployment name-instance-index-resource name.
Comment (Optional)Enter an optional comment if you want to attach any additional details for the deployment.
Advanced SettingsCustom AMI ID: If you want to deploy the EC-V with a specific public or private image, provide the AMI ID. You can obtain the AMI ID from the AWS console.

Leave this field blank to allow Orchestrator to deploy the EC-V with the base AMI obtained from the AWS Marketplace.
Horizontally ScaleYou can deploy multiple EC-Vs by clicking + and selecting the Availability Zone for each EC-V. If the selected region supports multiple Availability Zones, each Availability Zone is shown on the drop-down menu. When deploying multiple EC-Vs, it is best practice to deploy each EC-V in a unique Availability Zone.
Appliance Tag (Optional)Enter an Appliance Tag on this field if you want to assign a pre-configuration file to the deployment. If this field is left blank, Orchestrator will automatically assign an Appliance Tag for its own configuration purposes.

When you have completed all of the required fields, click Review and Deploy. Review the configuration summary, and click Deploy to create the EC-V instances.

Back to top

© Copyright 2022 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.