AWS Account Onboarding Overview
Welcome to CloudYali’s AWS Account Onboarding Guide. This document provides an overview of the onboarding process for connecting your Amazon Web Services (AWS) accounts to CloudYali. You have two onboarding options: Single Account Onboarding and Organization Level Onboarding.
CloudYali uses Cross Account IAM Roles to securely interact with your AWS resources, a method recommended by AWS for managing cross-account access. This approach ensures that you maintain complete control over your AWS resources without sharing credentials, passwords, or access keys with CloudYali.
Overview of Onboarding Options
Depending on your AWS setup, CloudYali offers two ways to onboard your accounts:
1. Single Account Onboarding
This option is ideal if you want to onboard individual AWS accounts. It involves creating a Cross Account IAM Role using a CloudFormation stack to allow CloudYali read-only access to your cloud resources.
-
Who Should Use This?
Use this option if you have one or a few AWS accounts that you want to manage individually. -
Features:
- Onboard one AWS account at a time.
- Gain read-only insights into each account’s cloud costs, resources, and usage.
For more details and step-by-step instructions, see the Single Account Onboarding Guide.
2. Organization Level Onboarding
If you manage multiple AWS accounts within an AWS Organization, this option streamlines the onboarding process by onboarding all member accounts using CloudFormation StackSets. This method is more efficient for large-scale AWS environments with multiple accounts.
-
Who Should Use This?
Choose this option if you have multiple AWS accounts under a central AWS Organization and want to manage them collectively. -
Features:
- Onboard all AWS accounts within an organization simultaneously.
- Use AWS StackSets to deploy cross-account roles across multiple accounts and regions.
- Simplify the onboarding process for large organizations with multiple teams and environments.
For more details and step-by-step instructions, see the Organization Level Onboarding Guide.
Security Considerations
At CloudYali, we take your security seriously and strive to provide a secure connection to your AWS accounts. The onboarding process uses Cross Account IAM Roles, which is the recommended approach by AWS for secure cross-account interactions.
Key Security Benefits:
- No Access Credentials Required: CloudYali does not need your AWS access credentials, logins, or passwords.
- Cross Account IAM Role: This ensures that CloudYali interacts with your AWS resources without needing direct access, providing read-only permissions.
- Limited Permissions: CloudYali will never request WRITE permissions, maintaining a minimal permissions principle.
- CloudFormation Templates: CloudYali provides CloudFormation templates that simplify the creation of IAM roles needed for onboarding while ensuring secure permissions management.
To view the CloudFormation template used in onboarding, click here.
General Onboarding Steps
Step 1: Log in to CloudYali Console
- Click on your username in the upper right corner of the CloudYali console.
- Select Settings from the dropdown menu.
- Click on Add AWS Accounts button.
- Click on Connect AWS Account
Step 2: Choose an Onboarding Method
- Single AWS Account: For a single account, use "Single AWS Account" section and follow the onboarding wizard.
See the Single Account Onboarding Guide for detailed steps. - Add AWS Organization: To onboard multiple accounts, use "Organization Accounts" section and follow the onboarding wizard.
See the Organization Level Onboarding Guide for detailed steps.
Step 3: Deploy the CloudFormation Stack
- CloudFormation Template: Use the provided link to access the CloudFormation template.
- Launch CloudFormation Stack: Copy the link generated by CloudYali and paste it into the AWS Console to launch the stack.
Note: Make sure you open the link in the same browser window where you are logged into AWS to ensure a smooth onboarding process.
Step 4: Verify Onboarding Status
- Wait for Account Detection: CloudYali will automatically detect the IAM role creation status and notify you when the account is successfully onboarded.
- Discovery Process: Once onboarding is complete, CloudYali will begin the cloud discovery process. You can view discovered assets in the Inventory tab.
Note: Onboarding an AWS account may take up to 10 minutes to complete.
Viewing and Managing AWS Accounts
Once your accounts are onboarded, you can:
- View Onboarded Accounts: Go to your user profile and select "Settings" to view all the onboarded accounts.
- Remove AWS Accounts: To remove an account, select it from the list and click "Remove". CloudYali will immediately stop syncing with that account, and the data will be removed.
Summary of Onboarding Options
| Feature | Single Account Onboarding | Organization Level Onboarding |
|---|---|---|
| Use Case | Individual AWS accounts | Multiple accounts in AWS Organization |
| Onboarding Method | CloudFormation Stack | CloudFormation StackSet |
| Permission Management | Cross Account IAM Role | Cross Account IAM Role |
| Efficiency | Onboard one account at a time | Onboard all accounts simultaneously |
| Access Level | Read-only | Read-only |
Next Steps
To get started with onboarding, please refer to the detailed guides below:
- Single Account Onboarding Guide: Step-by-step instructions for onboarding individual AWS accounts.
- Organization Level Onboarding Guide: Step-by-step instructions for onboarding multiple AWS accounts using AWS Organizations.
For additional help and troubleshooting, visit our Troubleshooting and Support section.
Frequently Asked Questions (FAQs)
How Secure is the Onboarding Process?
CloudYali uses Cross Account IAM Role for onboarding, which ensures that your credentials remain secure, and CloudYali only gains the read-only permissions required to analyze costs and resources.
Can I Onboard Multiple AWS Accounts Individually?
Yes, you can onboard each AWS account individually using the Single Account Onboarding process. There is no maximum limit to the number of accounts that can be onboarded.
What if I Need to Remove an AWS Account?
If you need to remove an onboarded AWS account, simply go to the Settings section in your user profile, select the account from AWS Accounts section, and click Remove. CloudYali will immediately stop syncing with that account.
© 2024 CloudYali. All rights reserved.
This documentation is continuously updated. Check back often for the latest information.