Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

Overview

You can manage these Amazon Web Service (AWS) account types on the HyperCloud™ Platform (HCP):

  • Master Account – You can onboard an AWS Master account with the following capabilities:

    • Create new member accounts in your organization.

    • Invite existing accounts to join your organization.

    • Optimize your resources using Instance, Reserved Instance, and Serverless analysis.

    • Enforce Governance and Security for Master and member accounts.

    • Manage resource budget, cost, and usage.

    • Perform Service Orchestration.

  • Member Account – You can onboard AWS Member accounts with the following capabilities:

    • Enforce Governance and Security for Master and Member accounts.

    • Manage resource budgets, costs, and usage.

    • Perform Service Orchestration.

  • Standalone (root) –These types of accounts are typically used by small and medium businesses that don't subscribe to the AWS Organization.

Note
Resource optimization features are not available for Member accounts.

To onboard your AWS cloud account to the HCP portal, you’ll need to follow these steps:

Prerequisites for onboarding AWS Cloud Account

Before you onboard your AWS cloud accounts to the HCP portal, ensure that you meet these prerequisites:

  1. You will need Administrator access for AWS Master, Member, or Standalone consoles. [1]

  2. Ensure that the Cost Explorer is enabled on your AWS account.

  3. Enable Cost and Usage Reports (CUR) via AWS billing service. You need to activate these reports at least 24 hours prior to onboarding your AWS account to the HCP portal. Cost and Usage reports are not available for AWS Member accounts. You’ll need to:

    1. Create a new or use an existing CUR report.

      • To use the CUR report, note down the CUR Report name. [2]

    2. Retrieve the S3 bucket name from the CUR Report you create or select.

    3. You should have permission to read the S3 bucket and CUR Report data from the S3 bucket of your AWS account.

      • S3 and CUR Reports are not available for an AWS member account.

  4. Optionally, if you want to enable Service Orchestration on your AWS Account:
    You will need to enter the API key and Secret access key into the HCP portal. You’ll need to ensure that:

    1. You create a dedicated IAM user with exclusive programmatic Access on AWS Identity and Access Management (IAM.)

      1. You’ll need to create an API Key and Secret for the IAM user.

      2. You’ll have to attach these policies to your dedicated IAM users: [3]

        • AmazonEC2FullAccess

        • AmazonVPCFullAccess

        • AmazonEKS* for Kubernetes

      3. You can check if these policies are added to your IAM users via:

        • The AWS Console or,

        • The HCP portal.

          • Navigate to Governance & Security > Identity.

Notes

  • [1] You’ll need the Administrator access on a one-time basis to set up the cross-account role.

    • A cross-account role allows the HCP portal to access your AWS account via a Trust Relationship.

  • [2] The CUR report must be configured with hourly granularity.

  • [3] To enable Terraform based deployments, you’ll need to configure additional permissions and policies.

    • These permissions and policies vary and depend on the services provisioned via the HCP portal.

Add an AWS Account to the HCP portal

When you add an AWS Master Account to the HCP portal, the portal automatically configures a CrossAccount-RoleARN. To add a standalone or a member AWS account:

  1. Log in to your HCP portal account.

  2. Navigate to Governance & Security > Administration > Click Account Management from the AWS.

  3. Click Add Account.

  4. Provide these details from the AWS Checklist dialog:

    1. Select Master from the Account Type drop-down list.

    2. Enter the Account ID of your AWS Master account.

    3. Turn on the toggle to Yes, if you have administrator access for your AWS account.

  5. Turn on the status toggle to Yes to enable the services provided by your AWS account. Refer to the image below:

  6. Click Done.

  7. Provide the details for your S3 bucket that contains CUR reports. Refer to the image below:

  8. Click Create Role ARN to launch the Cloud Formation Template on your AWS Account. You will be redirected to your AWS login page.

  9. Log in to your AWS Master account and enter the details shown in the image below:

  10. Click Create Stack. Clicking this button will create a CrossAccountRole in your Amazon account.

  11. Navigate back to your HCP portal account. You will be able to view the following details under your Account Management page:

    1. AWS Master accounts

    2. Role ARN configuration status

    3. List of AWS linked accounts

Link new or existing AWS accounts to your Organization

You can manage and create AWS linked accounts using the HCP Cloud Account Management feature. You’ll need an AWS Master account and enable Organisations to link your AWS accounts.
Follow these steps to add your linked accounts:

  1. Login to your HCP portal account.

  2. Click Administration and navigate to Account Management > AWS > Click on Add Linked Account.

  3. Click Create Account to create an AWS account with role OrganisationAccountAccessRole in your AWS Organisation.

  • No labels

© 2020 CloudSphere