| Info |
|---|
AWS Organizations is a Policy-based management for multiple AWS accounts. |
...
Using AWS Organizations, you can create Service Control Policies (SCPs) that centrally control AWS service use across multiple AWS accounts. You can also use Organizations to help automate the creation of new accounts through APIs. Organizations helps simplify the billing for multiple accounts by enabling you to setup a single payment method for all the accounts in your organization through consolidated billing. AWS Organizations is available to all AWS customers at no additional charge. More information can be found here.
...
Benefits Of Using AWS Organizations In Cloudaware
...
Ensure that you are using AWS Organizations. Read more
Ensure all features are enabled in your AWS Organization. Note that NOTE: this action is irreversible! Read more
...
2.2. Select StackSets. Click Enable trusted access.[screen]
...
Once it is done, StackSets creates the necessary IAM roles in the AWS Organizations master account and target accounts where stack instances will be deployed.
...
1. Log in to your Cloudaware account → Admin → Amazon Accounts. Click +Add.[screen]
...
2. Select 'Using IAM Role'. Download the Cloudaware CloudFormation template ensuring the following permissions are in place:
...
3. Gо back to AWS Console. Select Services → CloudFormation under Management & Governance → StackSets.
4. Click Create StackSet.[screen]
...
5. Select 'Template is ready' and 'Upload a template file'. Click Choose file to upload the Cloudaware CloudFormation template you downloaded earlier. Click Next.[screen]
...
6. Give a name to the stack set. Replace 'auto-generate' role with a custom Role Name in CloudAware Role Name. Insert External ID*.[screen]
...
*Get External ID generated by clicking ‘crossed arrows’ sign in 'Add Amazon Details' form in Cloudaware.[screen]
...
7. Select the policies to be enabled. Click Next.
8. Select 'Service-Managed Permissions'. Click Next.
...
If you prefer using Self-Managed permissions, set up:
AWSCloudFormationStackSetAdministrationRole in the master account using the template https://s3.amazonaws.com/cloudformation-stackset-sample-templates-us-east-1/AWSCloudFormationStackSetAdministrationRole.yml
AWSCloudFormationStackSetExecutionRole which trusts the root account in each(!) sub-account using the template https://s3.amazonaws.com/cloudformation-stackset-sample-templates-us-east-1/AWSCloudFormationStackSetExecutionRole.yml
Read more
...
2. You should see at least one AWS Organization and N number of AWS Organizational Accounts.[screen]
Identify AWS Organizational Accounts That Didn't Get Onboarded Successfully
...
1. In Cloudaware menu navigate to AMAZON WEB SERVICES → Security, Identity, Compliance → AWS Organizational Accounts.
2. Click Browse Objects:[screen]
...
3. Paste the following query and click Search:
...