[Copy of AWS Organizations] - to do
- Daria Lebedeva
This article instructs on adding AWS Organization to Cloudaware. AWS Organizations is a policy-based management for multiple AWS accounts.
Adding AWS Organization to Cloudaware
Log in to Cloudaware account → Admin → Amazon Organizations & Accounts. Click +Add (or +N Configured).
Select the tab Organizations → + ADD AMAZON ORGANIZATION.
If AWS Organization Management Account is added to Cloudaware | If AWS Organization Management Account is not added to Cloudaware |
|---|---|
Fill out the form:  select Partition укажи iam role name и ext id для cloudaware role* *чтобы использовать iam role, создай стаксет для cloudaware - see the section Using CloudFormation StackSets with AWS Organizations of this guide | Check this guide to add AWS Organization Management Account to Cloudaware using IAM role. или create a stackset for Cloudaware to collect AWS organization management account and member accounts automatically - see the section Using CloudFormation StackSets with AWS Organizations of this guide |
Click Check → Save.
Go back to Admin → Organizations & Amazon Accounts → N configured → the tab 'Accounts' to ensure AWS Organization Master Account has a green status indicator.
Collection of AWS Organizational Accounts may take up to 6 hours.
To make sure that AWS Organization is added, navigate to AMAZON WEB SERVICES → Security, Identity, Compliance → Organizations.
Using CloudFormation StackSets with AWS Organizations
Use AWS CloudFormation StackSets to roll out the Cloudaware CloudFormation stack over multiple AWS accounts in your AWS Organization and allow Cloudaware to collect AWS Organization Sub-Accounts.
Requirements
Ensure that you are using AWS Organizations. Read more
Ensure all features are enabled in your AWS Organization. NOTE: this action is irreversible! Read more
Pre-configuration
1. Sign in to AWS Console as an administrator.
2. Enable trusted access with AWS Organizations:
2.1. Select CloudFormation under Management & Governance.
2.2. Select StackSets. Click Enable trusted access.
Once it is done, StackSets creates the necessary IAM roles in the AWS Organizations master account and target accounts where stack instances will be deployed.
The IAM service-linked role created in the Organization master account has the suffix CloudFormationStackSetsOrgAdmin. You can modify or delete this role only if trusted access with AWS Organizations is disabled.
The IAM service-linked role created in each target account has the suffix CloudFormationStackSetsOrgMember. You can modify or delete this role only if trusted access with AWS Organizations is disabled, or if the account is removed from the target organization or organizational unit (OU).
StackSet Creation
1. Log in to your AWS Console. Select All Services → section Management & Governance → CloudFormation → StackSets.
4. Click Create StackSet.
5. Select 'Template is ready' and 'Upload a template file'. Click Choose file to upload the Cloudaware CloudFormation template you downloaded earlier. Click Next.
или пропиши вот эту ссыль https://s3.amazonaws.com/cloudaware-cf-templates/cloudaware-cf-template-generic.json
6. Give a name to the stack set. Replace 'auto-generate' role with a custom Role Name in CloudAware Role Name. Insert External ID*.
*Get External ID generated by clicking ‘Generate Random’ button in 'Add Amazon Details' form in Cloudaware.
7. Select the policies to be enabled. Click Next.
8. Select 'Service-Managed Permissions'*. Click Next.
9. Optional: set deployment options*. Click Next.
10. Review the stackset details. Click Submit. Wait for the stackset to be created.
11. Contact your dedicated account manager at tam@cloudaware.com to provide the custom Role Name and External ID used during the stackset creation, along with your AWS Organization Master Account ID.