Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The multicloud connector enabled by Azure Arc lets you connect non-Azure public cloud resources to Azure, providing a centralized source for management and governance. Currently, the multicloud connector provides support for connecting resources from these public clouds:
- Amazon Web Services (AWS)
- Google Cloud Platform (GCP) (preview)
This article describes how AWS resources from a connected public cloud are represented in your Azure environment.
Resource group name
After you connect your public cloud to Azure, the multicloud connector creates a new resource group with the following naming convention:
<PublicCloud>_<AccountId>
Note
The Connector creates Azure resource groups per AWS Account and GCP project. Therefore, you are limited to a maximum of 980 accounts or projects that can be scanned with one Azure subscription, or a lower number if you have other resource groups created in your subscription. For more information, see the current Azure limits.
For every AWS resource discovered through the Inventory solution, an Azure representation is created in the <PublicCloud>_<AccountId> resource group. Each resource has the namespace value associated with its AWS service.
AWS EC2 instances and GCP VMs that are connected to Azure Arc through the Arc onboarding solution are represented as Arc-enabled server resources under Microsoft.HybridCompute/machines in the <PublicCloud>_<AccountId> resource group. If you previously onboarded an AWS EC2 instance or GCP VM to Azure Arc, you won't see that machine in this resource group, because it already has a representation in Azure.
Note
Tags placed on the connector are extended and added to the resource group when it's created. If you need to adhere to policies requiring tags when creating new resource groups, be sure to add the required tags on the connector. Otherwise, the resource group creation process will fail due to the tags being missing.
Region mapping
Resources that are discovered and projected in Azure are placed in Azure regions, using the following mapping scheme:
| AWS region | Mapped Azure region |
|---|---|
| us-east-1 | EastUS |
| us-east-2 | EastUS |
| us-west-1 | EastUS |
| us-west-2 | EastUS |
| ca-central-1 | EastUS |
| ap-southeast-1 | Southeast Asia |
| ap-northeast-1 | Southeast Asia |
| ap-northeast-3 | Southeast Asia |
| ap-south | Southeast Asia |
| ap-southeast-2 | Australia East |
| eu-west-1 | West Europe |
| eu-central-1 | West Europe |
| eu-north-1 | West Europe |
| eu-west-2 | UK South |
| sa-east-1 | Brazil South |
Removing resources
If you remove the connector, or disable a solution, periodic syncs will stop for that solution, and resources will no longer be updated in Azure. However, the resources will remain in your Azure account unless you delete them. To avoid confusion, we recommend removing these resource representations from Azure when you remove a public cloud.
To fully offboard a multicloud connector and stop access, you must remove configuration in both Azure and the source cloud (AWS or GCP). Deleting the connector in Azure doesn't remove the configuration created in the source cloud. To offboard the connector, follow these steps:
- In Azure, delete the multicloud connector resource and delete the resource group (
<PublicCloud>_<AccountId>) that contains the resource representations. - For AWS, delete the CloudFormation Template. If you delete a solution, you'll also need to update your template to remove the required access for the deleted solution. You can find the updated template for the connector in the Azure portal under Settings > Authentication template.
- For GCP, delete the OSConfig policy created for the Arc Onboarding solution, and remove the authentication configuration created during onboarding. If you delete a solution, you'll also need to update your Terraform template to remove the required access for the deleted solution. You can find the updated template for the connector in the Azure portal under Settings > Terraform template.
To move the connector to a different subscription or resource group, you must delete it and recreate it in the desired location. Moving the connector resource and the resources directly in Azure isn't supported.