Documentation
Start typing to search…

πŸš€ AWS Automatic Onboarding

This article describes how to get started with automatic onboarding with AWS.

The Automatic Onboarding process simplifies the onboarding process by running a script that validates the process and automates the setup of AWS permissions, policies, and data collection configurations.

πŸ“

Before starting the flow ensure that:

  • You have AWS organization permissions to create IAM roles.
  • The account you want to onboard is a payer account (not a linked account)

From the Accounts dropdown list, click Add account, click the AWS icon, and choose the Automatic option.

Automatic Onboarding Process Flow

The automatic onboarding script:

  1. Creates an IAM role in the payer account, allowing Umbrella to access cost data securely.
  2. Attaches required Policy to Role, to grant the necessary permissions.
  3. Configures Cost and Usage Report (CUR) with the proper configuration.
  4. Create an S3 bucket to host the CURs and configures Umbrella's access to it.
  5. (Optional) Connects Linked Accounts to Umbrella Cost:
    • A Cloud Formation stack creates an IAM Policy and Role for each linked account in your organization, allowing Umbrella to provide cost saving recommendations for every linked account.
    • The setup also includes automatic detection of future linked accounts, ensuring roles and policies are created for them automatically.
    • The linked accounts will be validated automatically within one hour of the initial onboarding. No action is needed on the platform- after validation, the linked accounts will appear as connected on the Linked Accounts page.

ℹ️

Onboarding Script Validations Purpose and Actions

To ensure a smooth onboarding experience, our script performs multiple validations:

  1. Ensures onboarding is performed on a payer account, not a linked account.
  2. Validates that Cost & Usage Reports (CUR) are enabled, correctly configured, and stored in an accessible S3 bucket.
  3. Checks that the IAM Role for Umbrella exists.
  4. Ensures the provided S3 bucket name is valid/ exists.
  5. Checks if the required Lambda/Stack exists.

Automatic Onboarding Wizard Steps

Choose how you would like to complete the onboarding

1. AWS Details

Enter your AWS Root Account ID, select the account name that will be displayed in Umbrella, and click Next.
Note: We will create the bucket that will host the CUR files in us-east-1 region by default.

2. Validate Access

Download the two files (AnodotPayer.yaml + Connect2Anodot.sh).

There are two common options to run the script:

1. Automatic onboarding using CloudShell πŸ’«

  1. In the AWS console navigate to CloudShell.
  2. Click on Action > Upload file, and upload the file AnodotPayer.yaml you just downloaded.
  3. Repeat step #2 for the file AnodotLinkedAccounts.yaml (If you selected the option to connect linked accounts).
  4. Repeat step #2 for the file deploy_anodot.sh.
  5. Run the command bash ./deploy_anodot.sh (this will run the script).
  6. Go to AWS CloudFormation page.
  7. When the status of the Stack anodot-Onboarding changes to CREATE_COMPLETE, it means the process is complete. You can now return to the Umbrella console and click Next to continue.

Note:

  • The files should be named as indicated above, avoiding duplicates such as AnodotPayer(1).yaml, AnodotPayer(2).yaml.

  • If you selected the option to connect linked accounts, you will see two stacks. There is no need to wait for the linked accounts stack to complete before continuing the onboarding process in the Umbrella console.


2. Automatic onboarding general flow (Preferred workspace such as Terminal)

  1. Prepare the AWS profile for your management account in AWS. If you do not have it, you can run the following command to see it: cat ~/.aws/config
  2. To verify that this is the account you want to onboard, run the following commands:
    1. export AWS_PROFILE=<profile-name>
    2. aws sts get-caller-identity
  3. Run the script by running the command: bash ./deploy_anodot.sh
  4. Go to the Umbrella platform, and click Next.

πŸ“

Validating Account

After clicking on Next, Umbrella validates all your AWS details. This step can take up to 1 hour.
We will inform you once the validation is done so that you will be able to connect your linked account. Note: In case you do not want to connect your linked accounts you can ignore the email and we will notify you again after the entire process is done and you can see data in your account.


3. (Optional) Linked Account Status

Connect your linked accounts to Umbrella to see recommendations.

  • If you connected your linked accounts automatically as part of the onboarding automation, skip this step.
  • If not, for guidance on how to connect your linked accounts click here .

4. Process Data

This step can take up to 48 hours (depending on when we will receive your files from AWS).
We will notify you by email once it is done and you can see data in your account.

πŸ””

For Umbrella Cost to be able to create recommendations for your account, you will need to connect all the linked accounts to the platform. You can find the full instructions here.

Updated 27 days ago

What’s Next