Multicloud connector content

Author: JnHs

articles/azure-arc/index.yml

@@ -158,14 +158,18 @@ additionalContent:
           summary: Establish patterns for building hybrid architectures.
           url: /azure/cloud-adoption-framework/scenarios/hybrid/enterprise-scale-landing-zone
         # Card
-        - title: App Service, Functions, and Logic Apps on Azure Arc (preview)
-          summary: Run App Service, Functions, and Logic Apps on Azure Arc-enabled Kubernetes clusters.
-          url: /azure/app-service/overview-arc-integration
-        # Card
         - title: Azure Kubernetes Service (AKS) enabled by Azure Arc 
           summary: Extend AKS to your on-premises environment.
           url: https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hybrid-options-overview
         # Card
+        - title: Multicloud connector enabled by Azure Arc (preview)
+          summary: Connect non-Azure public cloud resources to centralize management and governance in Azure.
+          url: ./multicloud-connector/overview.md
+        # Card
+        - title: App Service, Functions, and Logic Apps on Azure Arc (preview)
+          summary: Run App Service, Functions, and Logic Apps on Azure Arc-enabled Kubernetes clusters.
+          url: /azure/app-service/overview-arc-integration
+        # Card
         - title: Azure IoT Operations Preview – enabled by Azure Arc
           summary: Azure IoT Operations is a unified data plane for the edge that helps organizations deploy the industrial metaverse.
           url: /azure/iot-operations/

articles/azure-arc/multicloud-connector/breadcrumb/toc.yml

@@ -0,0 +1,11 @@
+- name: Azure
+  tocHref: /azure
+  topicHref: /azure/index
+  items:
+  - name: Azure Arc
+    tocHref: /azure/azure-arc
+    topicHref: /azure/azure-arc
+    items:
+    - name: Multicloud connector
+      tocHref: /azure/azure-arc/multicloud-connector
+      topicHref: /azure/azure-arc/multicloud-connector

articles/azure-arc/multicloud-connector/connect-to-aws.md

@@ -0,0 +1,126 @@
+---
+title: "Connect to AWS with the multicloud connector in the Azure portal"
+description: "Learn how to add an AWS cloud by using the multicloud connector enabled by Azure Arc."
+ms.topic: how-to
+ms.date: 06/11/2024
+---
+
+# Connect to AWS with the multicloud connector in the Azure portal
+
+The multicloud connector enabled by Azure Arc lets you connect non-Azure public cloud resources to Azure by using the Azure portal. Currently, AWS public cloud environments are supported.
+
+As part of connecting an AWS account to Azure, you deploy a CloudFormation template to the AWS account. This template creates all of the required resources for the connection.
+
+> [!IMPORTANT]
+> Multicloud connector enabled by Azure Arc is currently in PREVIEW.
+> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+
+## Prerequisites
+
+To use the multicloud connector, you need the appropriate permissions in both AWS and Azure.
+
+### AWS prerequisites
+
+To create the connector and to use multicloud inventory, you need the following permissions in AWS:
+
+- **AmazonS3FullAccess**
+- **AWSCloudFormationFullAccess**
+- **IAMFullAccess**
+
+For Arc onboarding, there are [additional prerequisites that must be met](onboard-multicloud-vms-arc.md#prerequisites).
+
+When you upload your CloudFormation template, additional permissions will be requested, based on the solutions that you selected:
+
+- For **Inventory**, we request **Global Read** permission to your account.
+- For **Arc Onboarding**, our service requires **EC2 Write** access in order to install the [Azure Connected Machine agent](/azure/azure-arc/servers/agent-overview).
+
+### Azure prerequisites
+
+To use the multicloud connector in an Azure subscription, you need the **Contributor** built-in role.
+
+If this is the first time you're using the service, you need to [register these resource providers](/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider), which requires **Contributor** access on the subscription:
+
+- Microsoft.HybridCompute
+- Microsoft.HybridConnectivity
+- Microsoft.AwsConnector
+
+> [!NOTE]
+> The multicloud connector can work side-by-side with the [AWS connector in Defender for Cloud](/azure/defender-for-cloud/quickstart-onboard-aws). If you choose, you can use both of these connectors.
+
+## Add your public cloud in the Azure portal
+
+To add your AWS public cloud to Azure, use the Azure portal to enter details and generate a CloudFormation template.
+
+1. In the Azure portal, navigate to **Azure Arc**.
+1. Under **Management**, select **Multicloud connectors (preview)**.
+1. In the **Connectors** pane, select **Create**.
+1. On the **Basics** page:
+
+   1. Select the subscription and resource group in which to create your connector resource.
+   1. Enter a unique name for the connector and select a [supported region](overview.md#supported-regions).
+   1. Provide the ID for the AWS account that you want to connect, and indicate whether it's a single account or an organization account.
+   1. Select **Next**.
+
+1. On the **Solutions** page, select which solutions you'd like to use with this connector and configure them. Select **Add** to enable **[Inventory](view-multicloud-inventory.md)**, **[Arc onboarding](onboard-multicloud-vms-arc.md)**, or both.
+
+   :::image type="content" source="media/add-aws-connector-solutions.png" alt-text="Screenshot showing the Solutions for the AWS connector in the Azure portal.":::
+
+   - For **Inventory**, you can modify the following options:
+
+      1. Choose the **AWS Services** for which you want to scan and import resources. By default, all available services are selected.
+      1. Choose whether or not to enable periodic sync. By default, this is enabled so that the connector will scan your AWS account regularly. If you uncheck the box, your AWS account will only be scanned once.
+      1. If **Enable periodic sync** is checked, confirm or change the **Recur every** selection to specify how often your AWS account will be scanned.
+      1. Choose which regions to scan for resources in your AWS account. By default, all available regions are selected.
+      1. When you have finished making selections, select **Save** to return to the **Solutions** page.
+
+   - For **Arc onboarding**:
+
+      1. Select a **Connectivity method** to determine whether the Connected Machine agent should connect to the internet via a public endpoint or by proxy server. If you select **Proxy server**, provide a **Proxy server URL** to which the EC2 instance can connect.
+      1. Choose whether or not to enable periodic sync. By default, this is enabled so that the connector will scan your AWS account regularly. If you uncheck the box, your AWS account will only be scanned once.
+      1. If **Enable periodic sync** is checked, confirm or change the **Recur every** selection to specify how often your AWS account will be scanned.
+      1. Choose which regions to scan for EC2 instances in your AWS account. By default, all available regions are selected.
+
+1. On the **Authentication template** page, download the CloudFormation template that you'll upload to AWS. This template is created based on the information you provided in **Basics** and the solutions you selected. You can [upload the template](#upload-cloudformation-template-to-aws) right away, or wait until you finish adding your public cloud.
+
+1. On the **Tags** page, enter any tags you'd like to use.
+1. On the **Review and create** page, confirm your information and then select **Create**.
+
+If you didn't upload your template during this process, follow the steps in the next section to do so.
+
+## Upload CloudFormation template to AWS
+
+After you've saved the CloudFormation template generated in the previous section, you need to upload it to your AWS public cloud. If you upload the template before you finish connecting your AWS cloud in the Azure portal, your AWS resources will be scanned immediately. If you complete the **Add public cloud** process in the Azure portal before uploading the template, it will take a bit longer to scan your AWS resources and make them available in Azure.
+
+### Create stack
+
+Follow these steps to create a stack and upload your template:
+
+1. Open the AWS CloudFormation console and select **Create stack**.
+1. Select **Template is ready**, then select **Upload a template file**. Select **Choose file** and browse to select your template. Then select **Next**.
+1. In **Specify stack details**, enter a stack name. Leave the other options set to their default settings and select **Next**.
+1. In **Configure stack options**, leave the options set to their default settings and select **Next**.
+1. In **Review and create**, confirm that the information is correct, select the acknowledgment checkbox, and then select **Submit**.
+
+### Create StackSet
+
+If your AWS account is an organization account, you also need to create a StackSet and upload your template again. To do so:
+
+1. Open the AWS CloudFormation console and select **StackSets**, then select **Create StackSet**.
+1. Select **Template is ready**, then select **Upload a template file**. Select **Choose file** and browse to select your template. Then select **Next**.
+1. In **Specify stack details**, enter `AzureArcMultiCloudStackset` as the StackSet name, then select **Next**.
+1. In **Configure stack options**, leave the options set to their default settings and select **Next**.
+1. In **Set deployment options**, enter the ID for the AWS account where the StackSet will be deployed, and select any AWS region to deploy the stack. Leave the other options set to their default settings and select **Next**.
+1. In **Review**, confirm that the information is correct, select the acknowledgment checkbox, and then select **Submit**.
+
+## Confirm deployment
+
+After you complete the **Add public cloud** option in Azure, and you upload your template to AWS, your connector and selected solutions will be created. On average, it takes about one hour for your AWS resources to become available in Azure. If you upload the template after creating the public cloud in Azure, it may take a bit more time before you see the AWS resources.
+
+AWS resources are stored in a resource group using the naming convention `aws_yourAwsAccountId`. Scans will run regularly to update these resources, based on your **Enable periodic sync** selections.
+
+## Next steps
+
+- Query your inventory with [the multicloud connector **Inventory** solution](view-multicloud-inventory.md).
+- Learn how to [use the multicloud connector **Arc onboarding** solution](onboard-multicloud-vms-arc.md).
+
+

articles/azure-arc/multicloud-connector/index.yml

@@ -0,0 +1,42 @@
+### YamlMime:Landing
+
+title: Multicloud connector enabled by Azure Arc (preview) # < 60 chars
+summary: Connect non-Azure public cloud resources to Azure for centralized management and governance. # < 160 chars
+ 
+metadata:
+  title: Multicloud connector enabled by Azure Arc (preview)
+  description: Connect non-Azure public cloud resources to Azure for centralized management and governance.
+  ms.service: azure-arc
+  ms.topic: landing-page
+  ms.date: 06/11/2024
+
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
+
+landingContent:
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: About
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: What is Multicloud connector enabled by Azure Arc?
+            url: overview.md
+
+  - title: Get started
+    linkLists:
+      - linkListType: deploy
+        links:
+          - text: Connect a public cloud to Azure
+            url: connect-to-aws.md
+
+  - title: Solutions
+    linkLists:
+      - linkListType: how-to-guide
+        links:
+          - text: View and manage multicloud inventory
+            url: view-multicloud-inventory.md
+      - linkListType: how-to-guide
+        links:
+          - text: Onboard VMs to Azure Arc
+            url: onboard-multicloud-vms-arc.md

articles/azure-arc/multicloud-connector/media/add-aws-connector-solutions.png

@@ -0,0 +1,51 @@
+---
+title: Onboard VMs to Azure Arc through the multicloud connector
+description: Learn how to enable the Arc onboarding solution with the multicloud connector enabled by Azure Arc.
+ms.topic: how-to
+ms.date: 06/11/2024
+---
+
+# Onboard VMs to Azure Arc through the multicloud connector
+
+The **Arc onboarding** solution of the multicloud connector auto-discovers VMs in a [connected public cloud](connect-to-aws.md), then installs the [Azure Connected Machine agent](/azure/azure-arc/servers/agent-overview) to onboard the VMs to Azure Arc. Currently, EC2 instances in AWS public cloud environments are supported.
+
+This simplified experience lets you use Azure management services, such as Azure Monitor, providing a centralized way to manage Azure and AWS VMs together.
+
+> [!IMPORTANT]
+> Multicloud connector enabled by Azure Arc is currently in PREVIEW.
+> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+
+You can enable the **Arc onboarding** solution when you [connect your public cloud to Azure](connect-to-aws.md).
+
+## Prerequisites
+
+In addition to the [general prerequisites](connect-to-aws.md#prerequisites) for connecting a public cloud, be sure to meet the requirements for the **Arc onboarding** solution. This includes requirements for each EC2 instance that will be onboarded to Azure Arc.
+
+- You must have **AmazonEC2FullAccess** permissions in your public cloud.
+- EC2 instances must meet the [general prerequisites for installing the Connected Machine agent](../servers/prerequisites.md).
+- EC2 instances must have the SSM agent installed. Most EC2 instances have this preconfigured.
+- EC2 instances must have a tag with the key of `arc` (case-sensitive) and empty value. This tag can be assigned manually or via a policy.
+- The **ArcForServerSSMRole** IAM role [attached on each EC2 instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#attach-iam-role). This role attachment must be done after you upload your Cloud Formation Template in the Connector creation steps.
+
+## AWS resource representation in Azure
+
+After you connect your AWS cloud and enable the **Arc onboarding** solution, the Multicloud Connector creates a new resource group with the naming convention `aws_yourAwsAccountId`.
+
+When EC2 instances are connected to Azure Arc, representations of these machines appear in this resource group. These resources are placed in Azure regions, using a [standard mapping scheme](resource-representation.md#region-mapping). You can filter for which Azure regions you would like to scan for. By default, all regions are scanned, but you can choose to exclude certain regions when you [configure the solution](connect-to-aws.md#add-your-public-cloud-in-the-azure-portal).
+
+## Connectivity method
+
+When creating the [**Arc onboarding** solution](connect-to-aws.md#add-your-public-cloud-in-the-azure-portal), you select whether the Connected Machine agent should connect to the internet via a public endpoint or by proxy server. If you select **Proxy server**, you must provide a **Proxy server URL** to which the EC2 instance can connect.
+
+For more information, see [Connected machine agent network requirements](../servers/network-requirements.md?tabs=azure-cloud).
+
+## Periodic sync options
+
+The periodic sync time that you select when configuring the **Arc onboarding** solution determines how often your AWS account is scanned and synced to Azure. By enabling periodic sync, any time there is a newly discovered EC2 instance that meets the prerequisites, the Arc agent will be installed automatically.
+
+If you prefer, you can turn periodic sync off when configuring this solution. If you do so, new EC2 instances won't be automatically onboarded to Azure Arc, as Azure won't be able to scan for new instances.
+
+## Next steps
+
+- Learn more about [managing connected servers through Azure Arc](../servers/overview.md).
+- Learn about the [Multicloud Connector **Inventory** solution](view-multicloud-inventory.md).