...
To onboard your AWS cloud account to the HCP portal, you’ll need to follow these steps:
Table of Contents | ||||
---|---|---|---|---|
|
...
You will need Administrator access for AWS Master, Member, or Standalone consoles. [1]
Ensure that the Cost Explorer is enabled on your AWS account.
Enable Cost and Usage Reports (CUR) via AWS billing service. You need to activate these reports at least 24 hours prior to onboarding your AWS account to the HCP portal. Cost and Usage reports are not available for AWS Member accounts. You’ll need to:
Create a new or use an existing CUR report.
To use the CUR report, note down the CUR Report name. [2]
Retrieve the S3 bucket name from the CUR Report you create or select.
You should have permission to read the S3 bucket and CUR Report data from the S3 bucket of your AWS account.
S3 and CUR Reports are not available for an AWS member account.
Optionally, if you want to enable Service Orchestration on your AWS Account:
You will need to enter the API key and Secret access key into the HCP portal. You’ll need to ensure that:You create a dedicated IAM user with exclusive programmatic Access on AWS Identity and Access Management (IAM.)
You’ll need to create an API Key and Secret for the IAM user.
You’ll have to attach these policies to your dedicated IAM users: [3]
AmazonEC2FullAccess
AmazonVPCFullAccess
AmazonEKS* for Kubernetes
You can check if these policies are added to your IAM users via:
The AWS Console or,
The HCP portal.
Navigate to Governance & Security > Identity.
You’ll need to Configure SNS Topic For AWS Config
Notes
[1] You’ll need the Administrator access on a one-time basis to set up the cross-account role.
A cross-account role allows the HCP portal to access your AWS account via a Trust Relationship.
[2] The CUR report must be configured with hourly granularity.
[3] To enable Terraform based deployments, you’ll need to configure additional permissions and policies.
These permissions and policies vary and depend on the services provisioned via the HCP portal.
...
Log in to your HCP portal account.
Navigate to Governance & Security > Administration > Click Account Management from the AWS.
Click Add Account.
Provide these details from the AWS Checklist dialog:
Select Master from the Account Type drop-down list.
Enter the Account ID of your AWS Master account.
Turn on the toggle to Yes, if you have administrator access for your AWS account.
Turn on the status toggle to Yes to enable the services provided by your AWS account. Refer to the image below:
Click Done.
Provide the details for your S3 bucket that contains CUR reports. Refer to the image below:
Click Create Role ARN to launch the Cloud Formation Template on your AWS Account. You will be redirected to your AWS login page.
Log in to your AWS Master account and enter the details shown in the image below:
Click Create Stack. Clicking this button will create a CrossAccountRole in your Amazon account.
Navigate back to your HCP portal account. You will be able to view the following details under your Account Management page:
AWS Master accounts
Role ARN configuration status
List of AWS linked accounts
Link new or existing AWS accounts to your Organization
...
Login to your HCP portal account.
Click Administration and navigate to Account Management > AWS > Click on Add Linked Account.
Click Create Account to create an AWS account with role OrganisationAccountAccessRole in your AWS Organisation.