This topic describes the steps to add Amazon web service account using the HyperCloud™ cloud account management feature. HyperCloud™ can manage AWS account of the following type:
- Master Account – Onboard Master account for the following capabilities:
- Create new member accounts in your organization
- Invite existing accounts to join your organization
- Generate resource optimization i.e. Instance Analysis, Reserved Instance analysis, Serverless analysis
- Manage Governance and Security for Master and member accounts both.
- Budget Management and Cost & Usage
- Service Orchestration
- Member Account – Onboarding member account for the following capabilities
- Manage Governance and Security for Master and member accounts both.
- Budget Management and Cost & Usage. Resource optimization is not available for Member accounts.
- Service Orchestration
- Standalone (root) – Typically used by small medium businesses who don't use AWS Organizations similar to a Master account.
Prerequisites for onboarding AWS Cloud Account
Ensure the following before onboarding cloud accounts
- Administrator Account credentials for Console access for Master, member or standalone are available.
Note: Admin Access is only required one-time to setup a Cross Account Role. The Cross account role is restricted and only HyperCloud™ is permitted to access the role via Trust Relationship.
- Cost Explorer is enabled on AWS account (Master or Member)
- Cost and Usage Reports are enabled in the AWS billing service (not applicable to AWS member account) at least 24 hours prior.
- Create new or use an existing cost & usage report. Record the name of the CUR Report
Note: The CUR report must have an hourly granularity.
-
- Obtain the S3 bucket name from the Cost & Usage Report selected in the previous step.
- Ensure AWS Account has permissions to read the S3 bucket as well as read the Cost and Usage report data from the S3 bucket. (not applicable to AWS member account).
- (Optional) To enable Service Orchestration on this AWS Account, HyperCloud™ in this release still needs the api key and secret access key. Ensure the following
- A dedicated IAM user with only programmatic Access is created in the AWS IAM.
- Ensure API Key and Secret are created for this IAM user.
- Attach the following policies to this dedicated IAM users either using the AWS Console or from Governance & Security Identity if the AWS Account is already added to HyperCloud™ Platform
- Attach the following policies
- AmazonEC2FullAccess
- AmazonVPCFullAccess
- AmazonEKS* (For Kubernetes)
Note: For enabling terraform based deployments, configure additional permissions/policies based on the service that will be provisioned via HyperCloud™ Platform.
Adding AWS Cloud Account using HyperCloud™ Account Management
This topic describes the steps to add an AWS Master Account to HyperCloud™ Platform which will automatically configure a CrossAccount-RoleARN. Repeat the same steps to add a standalone or a member AWS Account.
- Login to HyperCloud™ Platform Under the Administration Tab, Click on Account Management. Under the AWS tab
- Click on Add Account From the Account Type Drop-Down select Master.
- Toggle the status to yes if you have admin access for the AWS account ID provided. Ensure that the Prerequisites for managing AWS Accounts using HyperCloud™ Platform are satisfied
- Toggle the status to Yes once these services are enabled by the AWS Account. Click Done.
- On the Create Role ARN Windows, enter the name of the S3 bucket where Cost and Usage Reports are stored.
- Click on Create Role ARN to launch the Cloud Formation Template in the AWS Account. This will open a new browser tab or window and redirect to the AWS Login screen. Login with your AWS Master account credentials and click Create.
- The cloud formation template will then create a CrossAccountRole as shown in the following screenshot.
- Once the Cloud formation stack is created, return to the HyperCloud™ Portal. AWS master and linked account information will be displayed under the AWS Account tab. Following screenshot shows a sample list of accounts discovered from a sample customers AWS master account.
RoleARN Configured SuccessfullyAWS Master AccountAWS Linked Accounts
- This completes the steps to add an AWS account to HyperCloud™ Platform.
Creating Linked Accounts or adding Existing Accounts to your organization
HyperCloud™ Account management can be used to manage and create AWS linked accounts. This can be performed by an AWS Master Account which has organizations enabled.
- From the AWS account tab, click on ADD LINKED ACCOUNT
Add linked accounts
- AWS Master account can create a new AWS account or add an existing account to the AWS organization.
New account created with Role - OrganizationAccountAccessRole with