Versions Compared

Old Version 15

changes.mady.by.user Former user

Saved on

compared with

New Version 16

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

...

This topic describes the steps to add Amazon web service account using the HyperCloud™ cloud account management feature. HyperCloud™ can manage AWS account of the following typeYou can manage these Amazon Web Service (AWS) account types on the HyperCloud™ Platform (HCP):

  • Master Account

...

  • You can onboard an AWS Master account

...

  • with the following capabilities:

    • Create new member accounts in your organization.

    • Invite existing accounts to join your organization

...

    • .

    • Optimize your resources using Instance, Reserved Instance

...

    • , and Serverless analysis.

...

    • Enforce Governance and Security for Master and member accounts

...

    • .

...

Budget Management and Cost & Usage

    • Manage resource budget, cost, and usage.

    • Perform Service Orchestration.

  • Member Account

...

  • You can onboard AWS Member accounts with the following capabilities:

...

    • Enforce Governance and Security for Master and

...

    • Member accounts

...

    • .

...

Budget Management and Cost & Usage. Resource optimization is not available for Member accounts.

    • Manage resource budgets, costs, and usage.

    • Perform Service Orchestration.

  • Standalone (root)

...

  • –These types of accounts are typically used by small and medium businesses that don't

...

  • subscribe to the AWS Organization.

Note
Resource optimization features are not available for Member accounts.

To onboard your AWS cloud account to the HCP portal, you’ll need to follow these steps:

Table of Contents
indent17px
excludeOverview

Prerequisites for onboarding AWS Cloud Account

Ensure the following before onboarding cloud accounts

  1. Administrator Account credentials for Console access for Master, member, or standalone are available.

Note: Admin Access is only required one-time to set up a Cross-Account Role. The Cross account role is restricted and only HyperCloud™ is permitted to access the role via Trust Relationship.

...

Before you onboard your AWS cloud accounts to the HCP portal, ensure that you meet these prerequisites:

  1. You will need Administrator access for AWS Master, Member, or Standalone consoles. [1]

  2. Ensure that the Cost Explorer is enabled on your AWS account (Master or Member).

  3. Enable Cost and Usage Reports are enabled in the (CUR) via AWS billing service (not applicable to AWS member account) . You need to activate these reports at least 24 hours prior to onboarding your AWS account to the HCP portal. Cost and Usage reports are not available for AWS Member accounts. You’ll need to:

    1. Create a new or use an existing cost & usage CUR report. Record the name of

      • To use the CUR report, note down the CUR Report

Note: The CUR report must have an hourly granularity.

    1. Obtain

      • name. [2]

    2. Retrieve the S3 bucket name from the Cost & Usage Report selected in the previous step.Ensure AWS Account has permissions CUR Report you create or select.

    3. You should have permission to read the S3 bucket as well as read the Cost and Usage report and CUR Report data from the S3 bucket . (not applicable to of your AWS account.

      • S3 and CUR Reports are not available for an AWS member account

      )

      • .

  2. (Optional) To Optionally, if you want to enable Service Orchestration on this your AWS Account, HyperCloud™ in this release still needs :
    You will need to enter the API key and secret Secret access key . Ensure the following

    A

    into the HCP portal. You’ll need to ensure that:

    1. You create a dedicated IAM user with only exclusive programmatic Access is created in the AWS on AWS Identity and Access Management (IAM.)Ensure

      1. You’ll need to create an API Key and Secret

      are created

      1. for

      this

      1. the IAM user.

      Attach the following

      1. You’ll have to attach these policies to

      this dedicated IAM users either using the AWS Console or from Governance & Security  Identity if the AWS Account is already added to HyperCloud™ Platform

    2. Attach the following policies

      1. AmazonEC2FullAccess

      2. AmazonVPCFullAccess

      3. AmazonEKS* (For Kubernetes)

Note: For enabling terraform based deployments, configure additional permissions/policies based on the service that will be provisioned via HyperCloud™ Platform.

...

      1. your dedicated IAM users: [3]

        • AmazonEC2FullAccess

        • AmazonVPCFullAccess

        • AmazonEKS* for Kubernetes

      2. You can check if these policies are added to your IAM users via:

        • The AWS Console or,

        • The HCP portal.

          • Navigate to Governance & Security > Identity.

Notes

  • [1] You’ll need the Administrator access on a one-time basis to set up the cross-account role.

    • A cross-account role allows the HCP portal to access your AWS account via a Trust Relationship.

  • [2] The CUR report must be configured with hourly granularity.

  • [3] To enable Terraform based deployments, you’ll need to configure additional permissions and policies.

    • These permissions and policies vary and depend on the services provisioned via the HCP portal.

Add an AWS Account to the HCP portal

...

When you add an AWS Master Account to the HCP portal, the portal automatically configures a CrossAccount-RoleARN. To add a standalone or a member AWS Accountaccount:

  1. Log in to your HCP portal account.

  1. Login to HyperCloud™ Platform  Under the Administration Tab, Click on Account Management. Under the AWS tab 

  2. Click on Add Account  From the Account Type Drop-Down select Master.

...

  1. Toggle the status to yes if you have admin access for the AWS account ID provided. Ensure that the Prerequisites for managing AWS Accounts using HyperCloud™ Platform are satisfied

...

  1. Toggle the status to Yes once these services are enabled by the AWS Account. Click Done.

  2. On the Create Role ARN Windows, enter the name of the S3 bucket where Cost and Usage Reports are stored.

...

  1. Click on Navigate to Governance & Security > Administration > Click Account Management from the AWS.

  2. Click Add Account.

  3. Provide these details from the AWS Checklist dialog:

    Image Added

    1. Select Master from the Account Type drop-down list.

    2. Enter the Account ID of your AWS Master account.

    3. Turn on the toggle to Yes, if you have administrator access for your AWS account.

  4. Turn on the status toggle to Yes to enable the services provided by your AWS account. Refer to the image below:

    Image Added

  5. Click Done.

  6. Provide the details for your S3 bucket that contains CUR reports. Refer to the image below:

    Image Added

  7. Click Create Role ARN to launch the Cloud Formation Template in the on your AWS Account. This will open a new browser tab or window and redirect to the AWS Login screen. Log in with You will be redirected to your AWS login page.

  8. Log in to your AWS Master account credentials and click Create.

...

  1. The cloud formation template will then create a CrossAccountRole as shown in the following screenshot.

...

  1. Once the Cloud formation stack is created, return to the HyperCloud™ Portal. AWS master and linked account information will be displayed under the AWS Account tab. The following screenshot shows a sample list of accounts discovered from a sample customer AWS master account.

RoleARN Configured SuccessfullyAWS Master AccountAWS Linked Accounts Image Removed

  1. This completes the steps to add an AWS account to HyperCloud™ Platform.

...

  1. and enter the details shown in the image below:

    Image Added

  2. Click Create Stack. Clicking this button will create a CrossAccountRole in your Amazon account.

    Image Added

  3. Navigate back to your HCP portal account. You will be able to view the following details under your Account Management page:

    1. AWS Master accounts

    2. Role ARN configuration status

    3. List of AWS linked accounts

      Image Added

Link new or existing AWS accounts to your Organization

...

You can manage and create AWS linked accounts . This can be performed by an AWS Master Account which has organizations enabled.

  1. From the AWS account tab, click on ADD LINKED ACCOUNT

Add linked accounts Image Removed

  1. AWS Master account can create a new AWS account or add an existing account to the AWS organization.

New account created with Role - OrganizationAccountAccessRole with Image Removedusing the HCP Cloud Account Management feature. You’ll need an AWS Master account and enable Organisations to link your AWS accounts.
Follow these steps to add your linked accounts:

  1. Login to your HCP portal account.

  2. Click Administration and navigate to Account Management > AWS > Click on Add Linked Account.

    Image Added

  3. Click Create Account to create an AWS account with role OrganisationAccountAccessRole in your AWS Organisation.

    Image Added