This topic describes how to integrate (“onboard”) your AWS account with Zesty. Integration connects your account so you can benefit from the Zesty platform features.
Integrating an account needs to be done when:
A new organization joins the Zesty platform (you’ll be automatically prompted to integrate).
You want to add an account to an existing organization on the Zesty platform.
You want to add (or remove) Zesty products to an existing integrated account.
During the integration process, you will be transferred to your AWS Management Console. There, you’ll use a CloudFormation stack to create an IAM role which then integrates your AWS account with Zesty.
Prerequisites
Access to the Zesty platform.
The AWS account to be integrated has permissions to create IAM roles and CloudFormation stacks.
You can see required permissions on the Integrate account page.
To integrate a Management account, information about the CUR
To create a Zesty-compatible CUR, see Create a legacy CUR.
Kompass Management account AWS prerequisites:
crawler-cfn.yml file in the CUR S3 bucket
Note: this file may not be present until up to 24 hours after first creating a CUR.CUR permissions
Permissions to create Athena resources (S3, Athena, Glue Data catalog)
Before you begin, it is recommended to connect to AWS using the account that you are integrating.
You can integrate an AWS account in the following ways:
As a Linked account
As a Management account
Use this option to integrate an AWS Management account and upload its CUR.
(If you want to upload the CUR for an AWS Linked account, contact Customer Support.)You can also integrate an AWS Management account without uploading a CUR by using the Linked account flow.
Click an option to continue:
To integrate a Linked account with Zesty:
Open the Integrate account page:
If you are already on the page, skip to #2.
From the Admin section of the Zesty platform main menu, select Organization Settings > Accounts.
The Accounts page displays existing accounts.
Do one of the following:
To integrate a new account, click Add account then choose the type of AWS account to integrate.
If you chose Linked account, skip to #3.
If you chose Management account, see Integrate a Management account.
To add permissions to an existing account, from that account’s Action menu, click Update permissions.
The Integrate account page is displayed.
.png)
In Step 1, choose whether to integrate the AWS account as a Linked account or a Management account.
In Step 2, choose the products to integrate with.
In Step 3, select the region where to create the stack.
In Step 4, create the IAM role:
Review and approve the security content of the IAM role.
Click Create IAM role.
You will be redirected to the AWS Console to create a CloudFormation stack.
Note: If you are logged into a different account, change to the account that you are integrating.
In the AWS Console, scroll down to the Capabilities section and select I acknowledge that AWS CloudFormation might create IAM resources.
Click Create stack.
Navigate to the AWS Outputs tab, copy the ZestyRoleArn and paste the full value in the Role ARN field.
For example:
Click Connect account.
Zesty takes a few moments to finalize the integration.
If you receive an error message or require other assistance, contact Customer Support.
To integrate a Management account with Zesty:
From the Zesty platform main menu, select Organization Settings > Accounts.
The Accounts page displays existing accounts.Enable Zesty permissions, by doing one of the following:
To create a new account, click Add account.
On the Choose provider page of the Create new account wizard, click AWS (the cloud provider to link with Zesty).
Skip to the next step.To add additional permissions to an existing account, from that account’s Action menu, click Update permissions.
If you are adding permissions to a Management account (formerly known as Master Payer), it is marked with a blue badge:
Configure the connection:
This step uses CloudFormation to configure permissions for Zesty.
In Step 1 (Permission presets), do the following:
If you are configuring Zesty Disk, select Zesty Disk.
You can select other permissions, too.
If you are configuring Commitment Manager, select Read-only.
You can select other permissions, too.If you are updating your permissions from ‘Read-only’ to ‘Managed,’ select Managed.
This automatically selects the necessary permissions.
You can select other permissions, too.
In Step 2 (CUR), do the following:
If you are configuring Zesty Disk, select I will provide the CUR later/it is a sub-account. (If you have already enabled a CUR, you can select I have a CUR report already enabled and then enter the S3 bucket name.)
If you are configuring or updating Commitment Manager, select I have a CUR report already enabled and then enter the S3 bucket name.
In Step 3, select a region in which to create the stack.
Your choice in this step is not relevant.
In Step 4, approve the permissions to be assigned to the IAM role.
In Step 5, click Create IAM role.
The AWS Quick create stack page is opened.
In the AWS console, scroll down to the Capabilities section.
Select I acknowledge that AWS CloudFormation might create IAM resources with custom names, then click Create stack.
In the AWS console, the CloudFormation > Stacks page is displayed.
The Events tab shows the different events taking place. When the process is done, the CREATE_COMPLETE status is displayed.
Verify the integration:
From the AWS console CloudFormation page, select the Outputs tab and copy the ARN value.
If the ARN value is not displayed, refresh the table until it is.
In the Zesty platform Verify Integration screen of the wizard, paste the entire ARN value (including arn:) in the ROLE ARN field, then click Connect.
Unless you have more accounts to connect, click No.
Zesty takes a few moments to finalize the integration and prepare the new account.
The Create new account wizard is completed.
If you receive an error message or require other assistance, contact Customer Support.