Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Next »

Overview

This topic describes the steps to add Amazon web service account using the HyperCloud™ cloud account management feature. HyperCloud™ can manage AWS account of the following type:

  1. Master Account – Onboard Master account for the following capabilities:

    1. Create new member accounts in your organization

    2. Invite existing accounts to join your organization

    3. Generate resource optimization i.e. Instance Analysis, Reserved Instance analysis, Serverless analysis

    4. Manage Governance and Security for Master and member accounts both.

    5. Budget Management and Cost & Usage

    6. Service Orchestration

  2. Member Account – Onboarding member account for the following capabilities

    1. Manage Governance and Security for Master and member accounts both.

    2. Budget Management and Cost & Usage. Resource optimization is not available for Member accounts.

    3. Service Orchestration

  3. Standalone (root) – Typically used by small and medium businesses that don't use AWS Organizations similar to a Master account.

Prerequisites for onboarding AWS Cloud Account

Ensure the following before onboarding cloud accounts

  1. Administrator Account credentials for Console access for Master, member, or standalone are available.

Note: Admin Access is only required one-time to set up a Cross-Account Role. The Cross account role is restricted and only HyperCloud™ is permitted to access the role via Trust Relationship.

  1. Cost Explorer is enabled on AWS account (Master or Member)

  2. Cost and Usage Reports are enabled in the AWS billing service (not applicable to AWS member account) at least 24 hours prior.

    1. Create new or use an existing cost & usage report. Record the name of the CUR Report

Note: The CUR report must have an hourly granularity.

    1. Obtain the S3 bucket name from the Cost & Usage Report selected in the previous step.

    2. Ensure AWS Account has permissions to read the S3 bucket as well as read the Cost and Usage report data from the S3 bucket. (not applicable to AWS member account).

  2. (Optional) To enable Service Orchestration on this AWS Account, HyperCloud™ in this release still needs the API key and secret access key. Ensure the following

    1. A dedicated IAM user with only programmatic Access is created in the AWS IAM.

    2. Ensure API Key and Secret are created for this IAM user.

    3. Attach the following policies to this dedicated IAM users either using the AWS Console or from Governance & Security  Identity if the AWS Account is already added to HyperCloud™ Platform

    4. Attach the following policies

      1. AmazonEC2FullAccess

      2. AmazonVPCFullAccess

      3. AmazonEKS* (For Kubernetes)

Note: For enabling terraform based deployments, configure additional permissions/policies based on the service that will be provisioned via HyperCloud™ Platform.

Adding AWS Cloud Account using HyperCloud™ Account Management

This topic describes the steps to add an AWS Master Account to HyperCloud™ Platform which will automatically configure a CrossAccount-RoleARN. Repeat the same steps to add a standalone or a member AWS Account.

  1. Login to HyperCloud™ Platform  Under the Administration Tab, Click on Account Management. Under the AWS tab 

  2. Click on Add Account  From the Account Type Drop-Down select Master.

  1. Toggle the status to yes if you have admin access for the AWS account ID provided. Ensure that the Prerequisites for managing AWS Accounts using HyperCloud™ Platform are satisfied

  1. Toggle the status to Yes once these services are enabled by the AWS Account. Click Done.

  2. On the Create Role ARN Windows, enter the name of the S3 bucket where Cost and Usage Reports are stored.

  1. Click on Create Role ARN to launch the Cloud Formation Template in the AWS Account. This will open a new browser tab or window and redirect to the AWS Login screen. Log in with your AWS Master account credentials and click Create.

  1. The cloud formation template will then create a CrossAccountRole as shown in the following screenshot.

  1. Once the Cloud formation stack is created, return to the HyperCloud™ Portal. AWS master and linked account information will be displayed under the AWS Account tab. The following screenshot shows a sample list of accounts discovered from a sample customer AWS master account.

RoleARN Configured SuccessfullyAWS Master AccountAWS Linked Accounts

  1. This completes the steps to add an AWS account to HyperCloud™ Platform.

Creating Linked Accounts or adding Existing Accounts to your organization

HyperCloud™ Account management can be used to manage and create AWS linked accounts. This can be performed by an AWS Master Account which has organizations enabled.

  1. From the AWS account tab, click on ADD LINKED ACCOUNT

Add linked accounts

  1. AWS Master account can create a new AWS account or add an existing account to the AWS organization.

New account created with Role - OrganizationAccountAccessRole with

  • No labels

© 2020 CloudSphere