Versions Compared

Old Version 10

changes.mady.by.user Daria Lebedeva

Saved on

compared with

New Version 11

changes.mady.by.user Daria Lebedeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Contents:

...

Using AWS Organizations, you can create Service Control Policies (SCPs) that centrally control AWS service use across multiple AWS accounts. You can also use Organizations to help automate the creation of new accounts through APIs. Organizations helps simplify the billing for multiple accounts by enabling you to setup a single payment method for all the accounts in your organization through consolidated billing. AWS Organizations is available to all AWS customers at no additional charge.
More information can be found here



Benefits Of Using AWS Organizations In CloudAware

...

  1. No need to manually add every AWS account

  2. Automate on-boarding of your AWS Accounts into CloudAware

  3. Ability to see which AWS Organization Organizational Accounts exist but are not in CloudAware CMDB as AWS Accounts.

Requirements


  1. CloudAware AWS AWS Organization Master account Account has been added to CloudAware CMDB.
  2. CloudAware has the following IAM permission permissions on AWS Organization Organizations Master Account:
Code Block
organizations:DescribeOrganization
organizations:ListRoots
organizations:ListOrganizationalUnitsForParent
organizations:ListAccountsForParent

...

  1. Ensure AWS Organizations Master Account has a green status indicator in the Admin Panelpanel.
  2. Deploy CloudAware Deploy the CloudAware CloudFormation template to all AWS Organizations Organizational Accounts
  3. Request auto-adding of all AWS Organizational Accounts to CloudAware CMDB
  4. AWS Organizational Accounts are now visible as AWS Account objects.

...

Note

If you do not see any AWS Organizations, there are two possible reasons:

  1. Insufficient permissions on AWS Organization Organizations Master Account.
  2. AWS Organization Organizations Master Account has not been added to CloudAware.


Double check Requirements and Overview Checklist sections above.

...

STEP 2. CloudAware Access To AWS Organizations Sub-Accounts


1. Download CloudAware  Download the CloudAware CloudFormation Template with IAM policy from the CloudAware Admin Panel panel or use your custom template with policy.

...

Warning

When granting CloudAware access to AWS Organizations Sub-Account, IAM External ID must be either blank or the same value for all AWS Organizations Sub Accounts. See the screenshot below.



If you need instructions on how to download the template and execute CloudFormation Stack, click here.


Adding multiple AWS accounts with CloudFormation StackSets

...

1. Contact your dedicated account manager or support@cloudaware.com to provide the Role Name and External ID (or indicate whether it was left blank) used when setting up the CloudFormation stack for your master AWS Master AWS Organizations accountAccount.


2. Once the request has been resolved, all AWS Organization Sub-Accounts will show up in the Admin panel.


STEP 4. Identify AWS

...

Organizational Accounts That Didn't Get Onboarded Successfully


1. Navigate to CloudAware CMDB → AWS Organizations → AWS Organizational Accounts.

...


Any AWS Organizational Account where Actual Account is blank will not not be automatically added since CloudAware is unable to assume an IAM role in it.