Contents:
...
Using AWS Organizations, you can create Service Control Policies (SCPs) that centrally control AWS service use across multiple AWS accounts. You can also use Organizations to help automate the creation of new accounts through APIs. Organizations helps simplify the billing for multiple accounts by enabling you to setup a single payment method for all the accounts in your organization through consolidated billing. AWS Organizations is available to all AWS customers at no additional charge.
More information can be found here
Benefits Of Using AWS Organizations
...
In Cloudaware
No need to manually add every AWS account
Automate on-boarding of your AWS Accounts into CloudAwareinto Cloudaware
Ability to see which AWS Organizational Accounts exist but are not in CloudAware in Cloudaware CMDB as AWS Accounts.
Requirements
...
- AWS Organization Master Account has been added to CloudAware to Cloudaware CMDB.
- CloudAware has Cloudaware has the following IAM permissions on AWS Organizations Master Account:
...
- Ensure AWS Organizations Master Account has a green status indicator in the Admin panel.
- Deploy the CloudAware the Cloudaware CloudFormation template to all AWS Organizational Accounts
- Request auto-adding of all AWS Organizational Accounts to CloudAware to Cloudaware CMDB
- AWS Organizational Accounts are now visible as AWS Account objects.
STEP 1.
...
Cloudaware Access To AWS Organizations Master Account
1. Log in to your CloudAware your Cloudaware account and navigate to AWS Organizations.
...
| Note |
|---|
If you do not see any AWS Organizations, there are two possible reasons:
|
STEP 2.
...
Cloudaware Access To AWS Organizations Sub-Accounts
1. Download the CloudAware the Cloudaware CloudFormation Template with IAM policy from the CloudAware the Cloudaware Admin panel or use your custom template with policy.
2. Deploy CloudFormation template on every AWS Organizations Sub-Account.
| Warning |
|---|
When granting CloudAware granting Cloudaware access to AWS Organizations Sub-Account, IAM External ID must be either blank or the same value for all AWS Organizations Sub Accounts. See the screenshot below. |
...
If you need instructions on how to download the template and execute CloudFormation Stack, click here.
Adding multiple AWS accounts with CloudFormation StackSets
...
A stack set can be used to deploy CloudAware deploy Cloudaware CloudFormation template to multiple AWS accounts at once. Since stack sets perform stack operations across multiple accounts, you should have the necessary permissions defined in your AWS accounts before you create your first stack set.
...
4. Ensure that the root account has been added to CloudAwareCloudaware. Any new AWS account where the stack set is deployed will show up in CloudAware in Cloudaware automatically.
Service-Managed Permissions
...
Once it is done, StackSets creates the necessary IAM roles in the AWS Organizations master account and target accounts to which stack instances will be deployed. Otherwise, check Requirements.
STEP 3.
...
Notify Cloudaware Support
1. Contact your dedicated account manager or support@cloudaware.com to provide the Role Name and External ID (or indicate whether it was left blank) used when setting up the CloudFormation stack for your Master AWS Organizations Account.
...
STEP 4. Identify AWS Organizational Accounts That Didn't Get Onboarded Successfully
1. Navigate to CloudAware to Cloudaware CMDB → AWS Organizations → AWS Organizational Accounts.
...
Any AWS Organizational Account where Actual Account is blank will not not be automatically added since CloudAware since Cloudaware is unable to assume an IAM role in it.
...