Creating On-demand Distributed Firewall Rules in VMC on AWS with vRA Cloud
Let’s explore how you can create on-demand distributed firewall rules in a VMC on AWS environment with a vRA Cloud template.
Demo Product Versions
- vRA Cloud
- VMC on AWS (SDDC version 1.13)
VMC on AWS:
- Active SDDC
- Basic infrastructure configured for the VMC on AWS environment (Cloud Proxy, Cloud Account, Project, Cloud Zone, Flavor Mapping, Image Mapping)
- Create a template that adds a new security group to the deployment.
- Add firewall rules to the on-demand security group resource.
Demo / Example
Create a Template with New Security Group
- In a vRA Cloud template in vRA Cloud Assembly, drag a Cloud Agnostic Security Group resource on the canvas and connect it to the machine you’d like to place in the security group.
- Make sure the value for
newand give a name for the on-demand security group by giving a value for the
Note that you cannot add on-demand distributed firewall rules to an existing security group. If you try, you’ll get an error like below.
Add Firewall Rules to the Security Group
- Add rules to the on-demand security group resource by adding a
rulessection. You can add multiple rules even though the example only shows one rule added.
- After you deploy the template, click on the deployment under “Deployments” in vRA Cloud Assembly. You can then click on the security group resource to view the resource name as well as the firewall rules you’ve deployed with that security group.
- From the VMC on AWS UI, you can go to “Compute Groups” and verify that the security group has been created.
You can also verify that the machine has been placed in this new security group by clicking “View Members”.
- From the VMC on AWS UI, go to “Distributed Firewall” and in the “Application” section, you’ll see that a new policy with the firewall rule as written in the vRA template has been created. Note that the policy is created at the top of the list.
Demo / Example Template YAML File