Overview
...
This topic describes the steps to add Amazon web service account using the HyperCloud™ cloud account management feature. HyperCloud™ can manage AWS account of the following typeYou can manage these Amazon Web Service (AWS) account types on the HyperCloud™ Platform (HCP):
Master Account –
...
You can onboard an AWS Master account
...
with the following capabilities:
Create new member accounts in your organization.
Invite existing accounts to join your organization
...
.
Optimize your resources using Instance, Reserved Instance
...
, and Serverless analysis.
...
Enforce Governance and Security for Master and member accounts
...
.
...
Budget Management and Cost & Usage
Manage resource budget, cost, and usage.
Perform Service Orchestration.
Member Account –
...
You can onboard AWS Member accounts with the following capabilities:
...
Enforce Governance and Security for Master and
...
Member accounts
...
.
...
Budget Management and Cost & Usage. Resource optimization is not available for Member accounts.
Manage resource budgets, costs, and usage.
Perform Service Orchestration.
Standalone (root)
...
–These types of accounts are typically used by small and medium businesses that don't
...
subscribe to the AWS Organization.
Note
Resource optimization features are not available for Member accounts.
To onboard your AWS cloud account to the HCP portal, you’ll need to follow these steps:
Table of Contents | ||||
---|---|---|---|---|
|
Prerequisites for onboarding AWS Cloud Account
Ensure the following before onboarding cloud accounts
Administrator Account credentials for Console access for Master, member, or standalone are available.
Note: Admin Access is only required one-time to set up a Cross-Account Role. The Cross account role is restricted and only HyperCloud™ is permitted to access the role via Trust Relationship.
...
Before you onboard your AWS cloud accounts to the HCP portal, ensure that you meet these prerequisites:
You will need Administrator access for AWS Master, Member, or Standalone consoles. [1]
Ensure that the Cost Explorer is enabled on your AWS account (Master or Member).
Enable Cost and Usage Reports are enabled in the (CUR) via AWS billing service (not applicable to AWS member account) . You need to activate these reports at least 24 hours prior to onboarding your AWS account to the HCP portal. Cost and Usage reports are not available for AWS Member accounts. You’ll need to:
Create a new or use an existing cost & usage CUR report. Record the name of
To use the CUR report, note down the CUR Report
Note: The CUR report must have an hourly granularity.
- Obtain
name. [2]
Retrieve the S3 bucket name from the Cost & Usage Report selected in the previous step.Ensure AWS Account has permissions CUR Report you create or select.
You should have permission to read the S3 bucket as well as read the Cost and Usage report and CUR Report data from the S3 bucket . (not applicable to of your AWS account.
S3 and CUR Reports are not available for an AWS member account
.
- Obtain
(Optional) To Optionally, if you want to enable Service Orchestration on this your AWS Account, HyperCloud™ in this release still needs :
A
You will need to enter the API key and secret Secret access key . Ensure the followinginto the HCP portal. You’ll need to ensure that:
You create a dedicated IAM user with only exclusive programmatic Access is created in the AWS on AWS Identity and Access Management (IAM.)Ensure
You’ll need to create an API Key and Secret
for
the IAM user.
You’ll have to attach these policies to
Attach the following policies
AmazonEC2FullAccess
AmazonVPCFullAccess
AmazonEKS* (For Kubernetes)
Note: For enabling terraform based deployments, configure additional permissions/policies based on the service that will be provisioned via HyperCloud™ Platform.
...
your dedicated IAM users: [3]
AmazonEC2FullAccess
AmazonVPCFullAccess
AmazonEKS* for Kubernetes
You can check if these policies are added to your IAM users via:
The AWS Console or,
The HCP portal.
Navigate to Governance & Security > Identity.
You’ll need to Configure SNS Topic For AWS Config
Notes
[1] You’ll need the Administrator access on a one-time basis to set up the cross-account role.
A cross-account role allows the HCP portal to access your AWS account via a Trust Relationship.
[2] The CUR report must be configured with hourly granularity.
[3] To enable Terraform based deployments, you’ll need to configure additional permissions and policies.
These permissions and policies vary and depend on the services provisioned via the HCP portal.
Add an AWS Account to the HCP portal
...
When you add an AWS Master Account to the HCP portal, the portal automatically configures a CrossAccount-RoleARN. To add a standalone or a member AWS Accountaccount:
Log in to your HCP portal account.
Login to HyperCloud™ Platform Under the Administration Tab, Click on Account Management. Under the AWS tab
Click on Add Account From the Account Type Drop-Down select Master.
...
Toggle the status to yes if you have admin access for the AWS account ID provided. Ensure that the Prerequisites for managing AWS Accounts using HyperCloud™ Platform are satisfied
...
Toggle the status to Yes once these services are enabled by the AWS Account. Click Done.
On the Create Role ARN Windows, enter the name of the S3 bucket where Cost and Usage Reports are stored.
...
Click on Navigate to Governance & Security > Administration > Click Account Management from the AWS.
Click Add Account.
Provide these details from the AWS Checklist dialog:
Select Master from the Account Type drop-down list.
Enter the Account ID of your AWS Master account.
Turn on the toggle to Yes, if you have administrator access for your AWS account.
Turn on the status toggle to Yes to enable the services provided by your AWS account. Refer to the image below:
Click Done.
Provide the details for your S3 bucket that contains CUR reports. Refer to the image below:
Click Create Role ARN to launch the Cloud Formation Template in the on your AWS Account. This will open a new browser tab or window and redirect to the AWS Login screen. Log in with You will be redirected to your AWS login page.
Log in to your AWS Master account credentials and click Create.
...
The cloud formation template will then create a CrossAccountRole as shown in the following screenshot.
...
Once the Cloud formation stack is created, return to the HyperCloud™ Portal. AWS master and linked account information will be displayed under the AWS Account tab. The following screenshot shows a sample list of accounts discovered from a sample customer AWS master account.
RoleARN Configured SuccessfullyAWS Master AccountAWS Linked Accounts
This completes the steps to add an AWS account to HyperCloud™ Platform.
...
and enter the details shown in the image below:
Click Create Stack. Clicking this button will create a CrossAccountRole in your Amazon account.
Navigate back to your HCP portal account. You will be able to view the following details under your Account Management page:
AWS Master accounts
Role ARN configuration status
List of AWS linked accounts
Link new or existing AWS accounts to your Organization
...
You can manage and create AWS linked accounts . This can be performed by an AWS Master Account which has organizations enabled.
From the AWS account tab, click on ADD LINKED ACCOUNT
Add linked accounts
AWS Master account can create a new AWS account or add an existing account to the AWS organization.
New account created with Role - OrganizationAccountAccessRole with using the HCP Cloud Account Management feature. You’ll need an AWS Master account and enable Organisations to link your AWS accounts.
Follow these steps to add your linked accounts:
Login to your HCP portal account.
Click Administration and navigate to Account Management > AWS > Click on Add Linked Account.
Click Create Account to create an AWS account with role OrganisationAccountAccessRole in your AWS Organisation.