You must create an Amazon hypervisor to direct operations for scaling out Amazon access nodes.
In environments that have multiple Amazon accounts, you must associate this hypervisor with the Amazon IAM Admin User account. Then, for each Amazon tenant account, you must create an additional Amazon hypervisor that will use the account resources that are configured in this hypervisor. You must configure both the hypervisor, which is associated with the Amazon IAM Admin account, and the additional Amazon tenant hypervisors to authenticate using an IAM role.
Before You Begin
If you’re using an on-premises access node (MediaAgent), then in the AWS console, you must configure an IAM user with the AmazonSSMManagedInstanceCore policy attached and the restricted backup-restore JSON file attached.
You can find the policy in the AWS console at arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore. To download the JSON file from your browser, see amazon_restricted_role_permissions.json.
Verify that the Command Center contains either a server that represents an EC2 access node or an on-premises VSA access node. You will select this access node as part of creating the hypervisor.
For more information, see Configuring Automatic Scaling.
From the navigation pane, go to Protect > Virtualization.
The Virtual machines page appears.
On the Hypervisors tab, click Add hypervisor.
From the Select vendor list, select Amazon.
In Client name, type a descriptive name for the hypervisor.
To specify a region for the access nodes that you are adding to the hypervisor, from the Regions list, select a region.
Under Authentication, configure the authentication method for the type of access node that you will select:
If you will use an Amazon Cloud access node for this hypervisor, select either IAM role or STS Role, and then enter the key values.
If you will use an on-premises VSA access node for this hypervisor, select either IAM role or Access and secret key, and then enter the key values.
If you select IAM role for the Amazon client, but a proxy that is not associated with the IAM role is used for a backup or restore, the operation fails.
To use a different MediaAgent or File Recovery Enabler for Linux (FREL) for browsing data, associate the IAM role to the MediaAgent or FREL.
From the Access nodes list, select either the EC2 access node or the on-premises VSA access node.
What to Do Next
For environments that have multiple Amazon accounts, add an additional hypervisor for each Amazon tenant account.
For all other environments, configure the hypervisor for automatic scaling.