Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This article explains how to add AWS Organizations is a Policyto Cloudaware. AWS Organization is policy-based management for multiple AWS accounts.

...

AWS Organizations offers policy-based management for multiple AWS accounts. With Organizations, you can create groups of AWS accounts, automate account creation, apply and manage policies for those groups. Organizations enables enable you to centrally manage policies across multiple accounts, without requiring custom scripts and manual processes.

Using AWS Organizations, you can create Service Control Policies (SCPs) that centrally control AWS service use across multiple AWS accounts. You can also use Organizations to help automate the creation of new accounts through APIs. AWS Organizations helps simplify the billing for multiple accounts by enabling you to setup set up a single payment method for all the accounts in your organization through consolidated billing. AWS Organizations is available to all AWS customers at no additional charge. More information can be found here.

...

Benefits Of Using AWS Organizations In Cloudaware

...

  1. No need to manually add every AWS account

  2. Automate on-boarding the onboarding of your AWS Accounts into Cloudaware

  3. Ability to see which AWS Organizational Accounts exist but are not in Cloudaware CMDB as AWS Accounts.

...

3. Ensure that Cloudaware CloudFormation template you will appy apply has the following permissions in place:

...

5. Select the tab 'Organizations' → click +Add Amazon Organization. Fill out the form selecting your Organization Master Account in Trusted Account and providing other account-related data. Click CheckSave.

6. In Cloudaware, navigate to AMAZON WEB SERVICES → Security, Identity, Compliance → Organizations. AWS Organization should be visible in Cloudaware.

...

Identify AWS Organizational Accounts That Got Onboarded Successfully

1. In Cloudaware navigate CMDB Navigator, go to AMAZON WEB SERVICES → Security, Identity, Compliance → Organizations.

...

Identify AWS Organizational Accounts That Didn't Get Onboarded Successfully

1. In Cloudaware menu navigate CMDB Navigator, go to AMAZON WEB SERVICES → Security, Identity, Compliance → AWS Organizational Accounts.

...

Code Block
`Deleted From AWS` equals null -> `AWS Organization Account Name` ASC, `Account`.`Account Name` as "Actual Account", `Account ID`, `Email`, `Joined Method`, `Joined Timestamp`, `Parent Root ARN`, `Status`

Any AWS Organizational Account accounts where 'Actual Account' is blank can't be automatically added since Cloudaware is unable to assume its IAM role.

...

  1. Insufficient permissions on AWS Organizations Master Account.

  2. AWS Organizations Master Account has not been added to Cloudaware.

If the AWS Organization Master Account master account has been added to Cloudaware but auto-collection doesn't take place, check if Role Name and External ID are custom, as they shouldn't be left auto-populated by Cloudaware during the StackSet creation.