Contents x
    Integrate multiple accounts to Zesty with StackSets
    • 3 Minutes to read
    • Print
    • PDF
    Contents

    Integrate multiple accounts to Zesty with StackSets

    • 3 Minutes to read
    • Print
    • PDF
    Article summary

    This topic describes how to integrate (“onboard”) multiple AWS accounts (the master payer/Organization Management account and member/subaccounts) into Zesty using StackSets.

    Integrating with StackSets creates an IAM role for all subaccounts that the Org Management account sees. Because the subaccounts are created with the Zesty IAM role already in place, they are automatically integrated into the Zesty platform.

    Prerequisites

    • Access to the master payer account in your AWS Management Console

    • Permissions to use StackSets in your AWS Management Console

    • Trust relationship in place between the Org Management account and subaccounts for StackSet deployment

    • User access to the Zesty platform

    To integrate accounts using StackSets:

    1. Log in to your AWS Management Console.

    2. In a separate tab, log in to the Zesty platform.

    3. From the Zesty platform main menu, select Organization Settings > Accounts.

      The Accounts page displays existing accounts.

    4. Click Add account.
      The Create new account wizard begins.
      (You will not be completing the wizard, just using it to launch another screen.)

    5. On the Choose provider page of the Create new account wizard, click AWS.

    6. Configure permissions:
      This step uses CloudFormation to configure permissions for Zesty.

      1. In Step 1 (Permission presets), do the following:

        • If you are configuring Zesty Disk, select Zesty Disk.
          You can select other permissions, too.

        • If you are configuring Commitment Manager, select Read-only.
          This will automatically select the read-only Databases, S3, and EKS.
          You can select other permissions, too.

      2. In Step 2 (CUR), select I will provide the CUR later.
        If you have already enabled CUR, you can select I have a CUR report already enabled and then enter the S3 bucket name.

      3. In Step 3, select a region in which to create the stack.
        Your choice in this step is not relevant.

      4. In Step 4, approve the permissions to be assigned to the IAM role.

      5. In Step 5, click Create IAM role.
        The AWS Quick create stack page is displayed:

      6. From this page, you will need the Template URL, Stack name, and the Zesty ID Customer ID later.
        You can copy those to a temporary file or just leave this tab open for copying.
        Do not click Create stack at the bottom of the page.

    7. Create the StackSet:

      1. Return to the tab where the AWS Management Console was opened.

      2. Go to the CloudFormation > StackSets page.
        You can find this using the menu or by typing Cloudformation in the search box.

      3. In the top right of the page, click Create StackSet.
        The Create StackSet wizard is displayed.

      4. In Step 1 - Choose a template, do this:

        1. Scroll down to Prerequisite - Prepare Template and select Template is ready.

        2. In the Specify template section, select Amazon S3 URL as the source and then paste the Template URL from step 6f into Amazon S3 URL.

        3. Click Next

      5. In Step 2 - Specify StackSet details, do this:

        1. In the StackSet name section, paste the Stack name name from step 6f.
          You can enter a different name, if you prefer.

        2. (Optional) Enter a description.

        3. In the Parameters section, paste your Zesty Customer ID from step 6f.
          You will need this ID later in the procedure, too.

        4. Click Next.

      6. In Step 3 - Configure StackSet options, do this:

        1. In the Execution configuration section, select Inactive.

        2. Click Next.

      7. In Step 4 - Set deployment actions, do this:

        1. Scroll down to the Specify regions section.

        2. Select the regions in which to deploy the StackSet.
          The role can be deployed outside of the specified region and you do not need to create additional StackSets for this.

        3. Scroll down and click Next.

      8. In Step 5, review the  settings, then click Run.
        The new StackSet should be displayed within a few moments on the StackSets page.

    8. Send the StackSet permissions to Zesty:

      1. Click the name of the newly-created StackSet to view the associated metadata.

      2. Click the Template tab.
        The StackSet permissions are displayed.

      3. Click Copy to Clipboard.

      4. Paste the following into a message and send it to your Customer Service Manager:

        • The copied StackSet permissions

        • Your Customer ID from step 6f

    9. Close the Zesty Create new account wizard and the AWS Quick create stack pages.

    The CSM will do the account integration and contact you when that is complete.

    Was this article helpful?
    What's Next