VMware Cloud on AWS is a new on-demand service that enables you to run applications across vSphere-based environments plus access to a broad range of AWS services. PowerCLI already helps to automate your VMware Cloud on AWS tasks! This includes tasks such as creating SDDCs, adding or removing ESXi hosts, managing firewall rules, and so forth. The VMware Cloud on AWS (VMC) module was released as a low-level, API access only, module and will feature the following cmdlets:

  • Connect-VMC
  • Disconnect-VMC
  • Get-VmcService

Let’s take a look at how we can get started using this new module.

Getting Started

When getting started with the VMC module, we’ll notice immediately that it has a little different authentication process than the other PowerCLI connection cmdlets. This module requires you first acquire the OAuth Refresh Token from the VMware Cloud Console: Example: VMware Cloud on AWS Console - OAuth Refresh Token

Copy the refresh token, open a new PowerShell session, and connect to the VMC service with the following command:

Connect-Vmc -RefreshToken xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx

Now that we are connected, let’s start by doing some discovery. The more you work with this module, and the VMC API as a whole, the more you’ll notice the need to be able to easily recall the organization (Org) ID. Therefore, let’s start by looking into how we can discover information about our org.

First, we want to figure out what the service is itself with the Get-VmcService cmdlet. Notice that we can use the standard PowerShell filtering and wildcard usage to help make the discovery process a bit simpler. Example code:

Get-VmcService *orgs

Next, we’ll make use of the Get-Member cmdlet which will show us the available properties and methods for each issued command. We can pipeline the return from the ‘com.vmware.vmc.orgs’ service to the Get-Member cmdlet and discover there’s a ‘Get’ and a ‘List’ method available. Since we don’t have any current information about the Orgs within this environment, we’ll opt for the ‘List’ method. Example code:

$orgSvc = Get-VmcService com.vmware.vmc.orgs
$orgSvc | Get-Member
$orgSvc.list()

Example: Service and Org Discovery

Now that we have our org information, the next thing we will want to discover is information about the org’s SDDC. That information can be found with the following commands:

$sddcSvc = Get-VmcService com.vmware.vmc.orgs.sddcs
$sddcSvc.list($org.Id)

Example: SDDC Discovery

Notice, there’s quite a bit of information to parse through. Let’s look at a simple way to pull out some information about the SDDC’s ESXi hosts. Example code:

$sddc = $sddcSvc.list($org.id)
$sddc.resource_config.esx_hosts | select Name,Hostname,Provider,esx_state

Example: ESXi Host Information

VMware Cloud on AWS uses NSX under the covers to provision all of the networking. Therefore, we will also want to have an understanding of the Edge nodes that are available in the environment. This information is actually in a separate service. Remembering what we’ve done previously, here’s some example code to discover some basic information about the SDDC’s Edge nodes:

$edgeSvc = Get-VmcService *edges
$edges = $edgeSvc.get($org.id, $sddc.id).edge_page.data
$edges | select Name,id,edge_type,state,edge_status | ft -AutoSize

Example: NSX Edge Discovery

Another good area to be aware of in your SDDC are the firewall rules. These are also easily retrievable through the ‘Get-VmcService’ cmdlet as well. Example of the firewall rules associated with the edge-2 node:

$fwConfigSvc = Get-VmcService *firewall.config
$fwConfigE2 = $fwConfigSvc.get($tmmOrg.id,$tmmsddc.id,'edge-2')
$fwConfigE2.firewall_rules.firewall_rules | select Name,rule_id,enabled,action,description

Example: Firewall Rule Discovery

Last example, let’s do something exciting! How about we automate the creation of an SDDC?

This is going to require quite a bit of what we’ve learned so far, plus some new tricks. We can find the ‘Create’ method against the com.vmware.vmc.orgs.sddc service. We see that input requires the Org ID and an ‘sddc_config’ input. This is where it gets tricky.

If we remember back in the PowerCLI 6.5.3 release, there was the addition of the ‘Create’ method to a couple cmdlets. This method is also available with the Get-VmcService cmdlet. The whole point of this method is to allow us to create a specification in an easy manner. For this example, we’re reference the ‘sddcSvc’ variable, the ‘Help’ property, then the create property. This shows us a property of ‘sddc_config’. This is the specification we’ll need to use. The ‘sddc_config’ property has this ‘Create’ method available so we can automatically build out the specification. Pretty simple, right? We’re not quite done quite yet though. Each SDDC can have multiple VPC subnets. Therefore, we also need to populate the spec’s ‘customer_subnet_ids’ list object with the ‘Add’ method. Example code:

$sddcCreateSpec = $sddcSvc.Help.create.sddc_config.Create()
$sddcCreateSpec.Name = "PowerCLI_SDDC"
$sddcCreateSpec.Provider = "AWS"
$sddcCreateSpec.region = "US_WEST_2"
$sddcCreateSpec.num_hosts = "4"
$accountLinkSpec = $sddcSvc.Help.create.sddc_config.account_link_sddc_config.Element.Create()
$accountLinkSpec.connected_account_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$custSubId0 = $sddcSvc.Help.create.sddc_config.account_link_sddc_config.Element.customer_subnet_ids.Element.Create()
$custSubId0 = "subnet-xxxxxxxx"
$accountLinkSpec.customer_subnet_ids.Add($custSubId0)
$sddcCreateSpec.account_link_sddc_config.Add($accountLinkSpec)
$newSddc = $sddcSvc.create($org.Id, $sddcCreateSpec)

Example: SDDC Creation

The output above from our last create method is a task object. There’s a service for those too!

Since the call we made is asynchronous, you can also have a bit of fun and build a progress checker as well! Here’s some example code I tossed together while waiting on the SDDC to deploy:

$taskSvc = Get-VmcService *task*
$progPercent = 0
while ($progPercent -ne 100) {
    $tempOut = $taskSvc.list($org.id) | Where-Object {$_.task_type -eq 'SDDC-PROVISION' -and $_.resource_id -eq $newSddc.resource_id} | sort updated | select -last 1
    $screenOut = "" | select PercentComplete, MinutesRemaining
    $screenOut.PercentComplete = $tempOut.progress_percent
    $screenOut.MinutesRemaining = $tempOut.estimated_remaining_minutes
    $screenOut
    $progPercent = $tempOut.progress_percent
    Start-Sleep -Seconds 60
}

Example: SDDC Creation Progress Output

Summary

VMware Cloud on AWS is a fantastic new service that enables you to run applications across vSphere environments as well as accessing a broad range of AWS services. Within this service, PowerCLI is one of the best ways to automate your VMware Cloud on AWS tasks! In this blog post we covered how to discover the available services, explore was methods are available as actions against each of those services, and how to start interacting with those services. We obtained detailed information about our organization, that org’s SDDC and its accompanied configuration including firewall rules, and then had some fun while deploying a brand new SDDC! Check PowerCLI’s functionality in your own VMware Cloud on AWS environment today!