Link Search Menu Expand Document

Cloud Hubs in AWS

Configuration > Cloud Services > IaaS > Deploy Cloud Hubs in AWS

The Cloud Hubs in AWS tab provides the AWS account details and EC-V deployment configuration details for all cloud EC-Vs that have been deployed.

Use this tab to:

  • Create and modify AWS accounts

  • Deploy EC-Vs in the AWS cloud

  • Remove an AWS cloud deployment

NOTE: Before you can deploy EC-Vs to the AWS cloud, you must perform several tasks in AWS. For more information, see AWS Account Configuration.

The following table describes each field on this tab.

Field Description
Name Name given on the deployment configuration page.
VPC CIDR block used for deployment.
Account Name of the AWS account that was used to deploy the EC-Vs.
Instances Number of EC-V instances in the deployment. To add one or more EC-Vs to the deployment, click +Add. In the New Instance on AWS dialog box, select the availability zone to use and any optional tags to apply to the new instance.

Max indicates that the maximum number of instances have been created for the VPC CIDR block.
Status Status of the deployment. If more information is available, an info icon is displayed.

NOTE: If the deployment was incomplete, the info dialog contains a link to download the log file and steps to resolve the issue.
Terminate To permanently delete a deployment, click Terminate. This action deletes all resources associated with the EC-Vs, including all EC2 resources.
Deployment Info Click the info icon in this column to view deployment and instance details, including the IP addresses associated with the mgmt0, wan0, and lan0 interfaces.
Resources Click the info icon in this column to view details about each AWS resource that Orchestrator created during the deployment. This information is helpful when, for example, you need to identify the IP address of a security group to add a user to.
Comment Comments that were added to the deployment when the EC-V was created. To edit the comment, click the edit icon.

Create or Modify an AWS Account

To create or modify an AWS account to Orchestrator:

  1. Click AWS Accounts.

    The AWS Accounts dialog box opens.

  2. Click New AWS Account or click the edit icon next to the account you want to edit.

    The AWS Account Configuration dialog box opens.

  3. Complete or modify the elements as necessary.

Deploy a New EC-V

Click New Deployment to deploy one or more EC-V instances in AWS.

Remove an EC-V

If a deployment does not complete or you no longer want the EC-V in the AWS cloud, you can remove the deployment and all associated artifacts.

To remove a deployment, locate the deployment you want to remove, and then click Terminate in the desired row.

AWS Accounts

The AWS Accounts dialog box lists all of the AWS accounts that have been added.


  • Click Add AWS Account to create a new account for EC-V deployments.

  • Click the edit icon next to an existing account to modify that account’s details.

NOTE: You cannot modify accounts that have active deployments.

AWS Account Configuration

Complete the following steps to create an AWS IAM user account with the required permissions for creating EC-V instances in AWS.

Create a Policy with Required Permissions

  1. Log in to the AWS Dashboard.

  2. On the Find Services search menu, enter IAM to open the Identity and Access Management (IAM) page.

  3. Under Access Management, click Policies. The Policies page opens.

  4. Click Create policy and click the JSON tab.

  5. Delete the existing text.

  6. Go to this web page, click Permissions required to deploy Cloud Hubs in AWS, and then copy and paste the JSON policy text into the editor.

  7. Click Next: Tags.

  8. (Optional) Add metadata to the policy by attaching tags as key-value pairs.

  9. Click Next: Review.

  10. On the Review policy page, enter a name and optional description for the new policy.

  11. Review the policy summary to see the permissions granted by your policy, and then click Create policy to save your work.

Attach Policy to the Orchestrator IAM User Account

  1. Click Users > Add user. The Add user page opens.

  2. Enter a user name in the User name field (for example, ArubaOrchestrator).

  3. Under Access type, select Programmatic access, and clear the AWS Management Console access check box.

  4. Click Next: Permissions.

  5. Under Set Permissions, click Attach existing policies.

  6. Select the Policy document you created from the list, and then click Next: Review.

  7. Under Permissions summary, click Add permissions.

Download Orchestrator IAM User Account Credentials

  1. On the Users page, click the Security credentials tab.

  2. Download or copy and paste the Access key ID and Secret key ID to a secure place for later use.

Create a Key Pair to Assign to EC‑Vs

Review the instructions on this page to create a key pair on the AWS region where you plan to deploy the EC-V.

Add the AWS Account to Orchestrator

Complete the following fields for Orchestrator, and then click Save when finished.

Field Description
Name Enter a unique name. If you have multiple AWS accounts, you must enter a unique name for each account.
Access Key Enter the Orchestrator IAM user’s Access Key ID that you saved earlier.
Secret Key Enter the Orchestrator IAM user’s Secret Key ID that you saved earlier.
Comment Enter a comment that provides any additional information about the AWS account.

Orchestrator validates the account information. This takes approximately 45 seconds.

AWS Deployment Configuration

Use the AWS Deployment Configuration page to create one or more EC-V instances in an AWS region.

NOTE: If you do not have an AWS account configured in Orchestrator, the AWS Deployment Configuration dialog box is blank. Click the Accounts link to create an AWS account.


Field Description
Name Enter a name for the deployment. This name is used only for identifying the deployment. A deployment consists of one or more EC-Vs that an Orchestrator creates in an AWS Virtual Private Cloud (VPC). Only alphanumerical letters and hyphens are allowed in the deployment name. The maximum allowed length is 20 characters.
AWS Account Select an AWS account to use for deploying the EC-V.
Region Select an AWS region where you want to deploy the EC-V.
VPC CIDR Enter a VPC Classless Inter-Domain Routing (CIDR) block. The smallest supported CIDR block is /24 and the largest supported CIDR block is /16. Orchestrator creates all AWS resources required for the EC-V deployment within this VPC. For each EC-V you deploy, Orchestrator creates three subnets that are /28 in size. In other words, if you deploy two EC-Vs, Orchestrator creates six subnets in total. This is true even if both EC-Vs are created in a single Availability Zone.
SSH Key Select an existing AWS key pair to assign to the EC-V. A key pair must be created prior to the deployment.
Boost (Optional) Boost requires additional resources on an AWS EC2 instance. After Boost and an appropriate WAN Bandwidth value are selected, Orchestrator displays the appropriate AWS instance types for the deployment on the Instance Type drop-down menu.

NOTE: Selecting the Boost check box does not enable Boost on the EC-V. It only allows Orchestrator to display appropriate AWS instance types that can support Boost for the selected WAN bandwidth. To enable Boost on the EC-V, go to the Deployment page and the Business Intent Overlay (BIO) page after the deployment is complete.
WAN Bandwidth The Bandwidth drop-down list displays the current EdgeConnect license tiers. After you select a WAN Bandwidth value, Orchestrator displays the appropriate AWS instance types for the deployment on the Instance Type drop-down menu.
Instance Type Based on your selection of Boost and WAN Bandwidth values, Orchestrator displays the appropriate AWS instance types on this drop-down menu.
AWS Tags (Optional) Any comma-separated tags entered here are applied to all AWS resources that Orchestrator creates while deploying the EC-V. If you do not enter any tags, Orchestrator automatically creates a unique tag for each AWS resource that it creates while deploying the EC-V. This AWS tag is created to identify each resource created by Orchestrator. The tag is formatted as follows: sp-automated-deployment name-instance-index-resource name.
Comment (Optional) Enter an optional comment if you want to attach any additional details for the deployment.
Advanced Settings Custom AMI ID: If you want to deploy the EC-V with a specific public or private image, provide the AMI ID. You can obtain the AMI ID from the AWS console.

Leave this field blank to allow Orchestrator to deploy the EC-V with the base AMI obtained from the AWS Marketplace.
Horizontally Scale You can deploy multiple EC-Vs by clicking + and selecting the Availability Zone for each EC-V. If the selected region supports multiple Availability Zones, each Availability Zone is shown on the drop-down menu. When deploying multiple EC-Vs, it is best practice to deploy each EC-V in a unique Availability Zone.
Appliance Tag (Optional) Enter an Appliance Tag on this field if you want to assign a pre-configuration file to the deployment. If this field is left blank, Orchestrator will automatically assign an Appliance Tag for its own configuration purposes.

When you have completed all of the required fields, click Review and Deploy. Review the configuration summary, and click Deploy to create the EC-V instances.

Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP.

To view the end-user software agreement, go to HPE Aruba Networking EULA.

Open Source Code:

This product includes code licensed under certain open source licenses which require source compliance. The corresponding source for these components is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To obtain such source code, please check if the code is available in the HPE Software Center at but, if not, send a written request for specific software version and product for which you want the open source code. Along with the request, please send a check or money order in the amount of US $10.00 to:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America