AWS Azure Azure Arc

Merry Multicloud: Managing AWS Virtual Machine Instances with Azure Arc

Unknown's avatar
by wmatthyssen
Comments 0


In my Festive Tech Calendar contribution this year, I’ll show you how to manage AWS Virtual Machine instances with Azure Arc.

The Festive Tech Calendar is a community-driven project run by Gregor Suttie (Azure Greg), Richard Hooper (Pixel Robots), Keith Atherton, Simon Lee, and Matt Boyd. Every December, tech enthusiasts from around the world share videos and blog posts packed with tips, tutorials, and insights.

Check out all the content at festivetechcalendar.com or on the Festive Tech YouTube Channel. You can also follow @_CloudFamily or or track hashtags like #festivetechcalendar2025 and #CloudFamily on X.

Now, let’s dive in and see how you can manage AWS Virtual Machine instances (AWS VMs) with Azure Arc.


Table of Contents


Why manage AWS VMs with Azure Arc

Managing AWS VMs with Azure Arc brings a lot of benefits for anyone running workloads across multiple environments.

First, it gives you centralized management across clouds. Whether your resources are on Azure, AWS, on-premises, or in Google Cloud (GCP), you can manage them all from a single control plane. This makes monitoring, configuration, and governance much simpler.

Next, you get consistent operations and policies. You can apply the same security rules, compliance policies, and management practices to your AWS VMs as you do to your Azure resources, ensuring a uniform approach across your hybrid or multi-cloud environment.

Azure Arc also provides enhanced monitoring and insights. By integrating with tools like Azure Monitor and Log Analytics, you gain detailed visibility into performance, security, and health metrics for your AWS VMs.

Finally, one of Azure Arc’s biggest advantages is that it lets you use Azure services anywhere. Even if your workloads are running on AWS, you can take advantage of services like Microsoft Defender for Cloud, Azure Update Management, or Azure Automation, unlocking powerful capabilities without needing to migrate your workloads.


Prerequisites

  • An Azure subscription, preferably more than one if you plan to follow the Cloud Adoption Framework (CAF) enterprise-scale architecture. This includes a connectivity and/or management subscription, with at least one ARC subscription (landing zone) for deploying your Arc-related resources.
  • An Azure administrator account with at least the Azure Connected Machine Resource Administrator role, preferably assigned through membership in a security group.
  • One or more EC2 instances (AWS VMs) running a Windows Server operating system (for example, Windows Server 2025) that are already running and available. These VMs will be connected to Azure Arc, so ensure they are properly configured and accessible before you begin.
  • An Azure Arc onboarding script (OnboardingScript.ps1) that uses a service principal for automatic authentication, used to onboard AWS VMs at scale.
  • Administrator permissions are required on the machines you want to onboard, as they are needed to install the Connected Machine agent.






Onboard an AWS VM with the onboarding script

One way to onboard your AWS VMs into Azure Arc is by using an onboarding script, which you can easily generate from the Azure Arc blade in the Azure portal.

When you use this script with a service principal, the connection to Azure Arc is established automatically using the azcmagent command. This means that after running the script, no manual intervention is required.

To start, RDP into one of your AWS VMs and log in as a user with administrator rights. Then, copy your onboarding script to a folder. I usually use the Temp folder.


Then run the script by right-clicking it and selecting ‘Run with PowerShell,’ and wait until it completes.



If the script completes without any errors, you can check the Azure Arc blade to see if the AWS VM has been successfully onboarded. To do this, go to the Azure Arc blade and look under ‘Machines‘. You should find the newly onboarded AWS VM there.



As just explained, you can onboard your AWS VMs using the same onboarding script that you used for onboarding your on-premises physical Windows Servers or Windows Server VMs running on Hyper-V or VMware.

However, there is an even more scalable method, which is explained in the other parts of this blog post.


Understanding the multicloud connector enabled by Azure Arc

Simply said, an Azure Arc–enabled Multicloud connector establishes a trusted integration between Azure and other public cloud platforms, such as AWS and GCP (preview).

It serves as the control-plane connection that enables Azure to discover, query, and manage resources across cloud boundaries. By configuring this connector, Azure is made aware of, for example, the specific AWS account and region it should interact with, allowing supported Azure services to securely communicate with resources in that environment.

Once configured*, the connector provides a centralized and consistent approach to managing, monitoring, and governing resources in AWS and GCP alongside your Azure and Arc-enabled resources. This helps simplify operations and supports scenarios such as cloud-to-cloud migrations and unified governance.

*💡 You need to create a separate connector for each cloud if you want to onboard AWS and GCP assets. AWS requires the AWS Connector, while GCP requires a GCP Connector.


It’s important to note that the Multicloud connector is free to use, but it integrates with other Azure services that have their own pricing. For example, if you use Azure Update Manager with the connector, you’ll be billed according to that service’s pricing.

Additionally, the Multicloud Connector queries the relevant resource APIs several times a day. These read-only calls don’t incur any charges in AWS or GCP. However, if you’ve enabled CloudTrail for read events in AWS, these API calls will be recorded there.


Registering the required resource provider for the AWS Multicloud connector

If you want to inventory and/or Arc-onboard AWS VMs into an existing subscription (landing zone) already used for your Arc-enabled resources via the AWS Multicloud Connector, most required resource providers, such as Microsoft.HybridCompute and Microsoft.HybridConnectivity, are likely already registered.


In addition, you also need to have the Microsoft.AwsConnector registered*.

To do so, go to the subscription via the Global Search bar, then navigate to Resource providers. In the search bar of the opened blade, type “aws“.


Then select Microsoft.AwsConnector and click Register.

* 💡To register it, don’t forget that you need at least Contributor access on the subscription. Also, keep in mind that registration can take up to 10 minutes to complete.



If the registration was successful, you can continue with the next part.


Add Your AWS public cloud to Azure using the AWS Multicloud connector

To start, open the Arc blade and go to Multicloud connectors under Supported environments. Then click on Create and select Create AWS connector.


On the opened blade, fill in the Project details by selecting the correct subscription and resource group. Then complete the Connector details by specifying a connector name that follows your Azure naming convention and selecting the appropriate Azure region*.

*💡Currently, the following Azure regions support the multicloud connector: East US, East US 2, West US 2, West US 3, West Central US, Canada Central, West Europe, North Europe, Sweden Central, UK South, Southeast Asia, and Australia East.

Then scroll down on the same blade and fill in your AWS account details by selecting the account type (in my case, I chose Single Account) and entering your correct 12-character AWS account ID. Click Next when finished.


On the Add AWS connector blade, click + Add in the Inventory section. Next, configure the inventory settings and click Save when you’re done. This includes selecting the AWS services to inventory, defining the Periodic sync frequency (how often the scan should run), and specifying the AWS regions to include.



Next, click + Add on the Arc onboarding line to enable the Azure Arc management plane for your EC2 instances. Configure your onboarding settings and click Save to complete the process.

In this step, you’ll specify the connectivity method, choosing whether your instances connect via a public endpoint, a proxy server, or an Azure Arc gateway resource, and set the periodic sync interval, just like in the previous configuration.



Then click Next to proceed to the next blade.


In the next blade, the template* you just generated, which includes all the settings you configured earlier, can be downloaded and later uploaded to AWS CloudFormation as a stack to automatically create the required resources. Click Download template to save it in a central or easily accessible location for later use. When you’re ready, click Next to continue.

*💡 This template contains the necessary resources, such as the IAM role and trust relationship, that Azure Arc needs to authenticate and communicate with your AWS account.



On the Tags blade, fill in all the required tags, and then click Next.


Then review all the parameters to ensure they are correct, and if so, click Create to start the creation process.


If all goes well, your AWS connector has now been created.


The final step is to upload the template to your AWS environment. To do this, log in to your AWS account, type CloudFormation in the search bar, and click on it when it appears.


On the screen that opens, click Create stack.


Next, select Upload a template file and click Choose file to upload your downloaded template.


Then, select the template file you previously downloaded and saved, and click Open. Once the file is uploaded, click Next to proceed to the next screen.



Choose a descriptive Stack name that follows your AWS naming conventions, then scroll down and click Next. On this screen, you’ll also notice that all the parameters are automatically filled in.



On the next screen, you can configure options such as Tags, Permissions, and other settings. For now, leave everything at its default values, check the box for “I acknowledge that AWS CloudFormation might create IAM resources with custom names”, and then click Next to continue.


On the next screen, scroll down and click Submit. Once submitted, the process can take up to 10 minutes to complete.




Once the stack is successfully created, return to the Arc blade in the Azure portal and select the newly created Multicloud connector. On the opened blade, under Management, select Authentication template and click Test permissions to verify that the connection you previously created is set up correctly.

Conclusion

Thank you for reading! I’m so excited to be part of this year’s Festive Tech Calendar again and hope you enjoy all the amazing content being shared this December.

If you have any questions about managing AWS VMs with Azure Arc, don’t hesitate to reach out on X at @wmatthyssen or connect with me on LinkedIn. I’d love to hear from you!

Happy reading and viewing. Take care, and have a wonderful holiday season! 🎄🎆


Tags
Unknown's avatar

About wmatthyssen

Wim is an Azure Technical Advisor and Trainer with over fifteen years of Microsoft technology experience. As a Microsoft Certified Trainer (MCT), his strength is assisting companies in the transformation of their businesses to the Cloud by implementing the latest features, services, and solutions. Currently, his main focus is on the Microsoft Hybrid Cloud Platform, and especially on Microsoft Azure and the Azure hybrid services.   Wim is also a Microsoft MVP in the Azure category and a founding board member of the MC2MC user group. As a passionate community member, he regularly writes blogs and speaks about his daily experiences with Azure and other Microsoft technologies.

wmatthyssen.wordpress.com

0 comments on “Merry Multicloud: Managing AWS Virtual Machine Instances with Azure Arc

Leave a comment