Account Onboarding Process – AWS

In this section, we will look at how you can associate your cloud accounts with CoreStack to make cloud monitoring and governance simpler and effective.

Steps to add cloud accounts to CoreStack

1. Log into CoreStack with your credentials.

2. Navigate to Cloud Accounts.

3. The Cloud Accounts screen appears. Select the Public/Private Cloud Service Provider from the list. Here are the onboarding processes for the different cloud providers:

To add a single cloud account, click New Account and select the Single option from the drop down, as shown:

4. A new screen appears with four sections – Authentication, Activation, Configuration and Authorization. Let’s begin with the Authentication section.

Authentication

This is where you first associate your cloud account, by providing the relevant application ID, secret key and tenant ID, and selecting the type of configuration settings.

These are the fields in the Authentication section that must be filled in order to proceed further:

Field Description
Account Name Enter the name of the Account. For example, AWS_Dev.
Description Provide a short description about the account.
Settings Here, you can select the configuration settings for your cloud account. There are three options to choose from – None, Express and Custom.

  • None – Select None if you do not want any governance automation for this cloud account.
  • Express – Express is like a quick setup wizard, wherein the best practice configurations will be automatically setup for the cloud account.
  • Custom – If you want to tailor the configurations for the cloud account, select custom. All the options will be selected by default and you can uncheck them individually in the Configurations section.
Environment Select the appropriate environment for your cloud account as it determines the governance settings. For example, if the cloud account is for development, then select that from the list. The Environment list consists of – Production, Staging, QA and Development.
Scope Select the scope for your account. That is:

Private – Select Private if the cloud account is to be used only by you

Tenant – Select tenant if account will be shared across tenants associated.

Account – Select Account to share with entire team

Access Key Enter the unique Access Key associated with the AWS account.
Secret Key Enter the Application Secret Key.
Bucket Name Enter the name of the AWS S3 bucket where the data and metadata related to the cloud account is to be stored.

Click Next to proceed to the next section.

Activation

5. In the Activation section you can select the Compute, Storage, Network, and Application Integration cloud resource types that can be managed by CoreStack.

Cloud Products that can be added to be monitored by CoreStack are:

Cloud Products Types
Compute
  • ECS Clusters
  • EC2 – Instances, Shared Private Images, Key Pairs, Own Private Images, Security Groups, Elastics IPs, Reserved Instances, Load Balancers, Availability Zones
Storage
  • S3 – Buckets
  • EBS – Snapshots, Volumes
Network
  • Virtual Private Clouds – Subnets, VPCs                   
Application Integration
  • SQS – Queues
  • SNS – Topics   

Here’s how the Activation screen looks:

Click on a cloud resource to select/deselect a resource type fo be managed using CoreStack. An example of how it works – you can select the type of Storage your cloud account must be associated with – S3 buckets, Elastic Block Storage (EBS) Snapshots and Volumes or both.

Note: By default, all the resource types will be selected.

Click Next to proceed to the Configuration section.

Configuration
6. Under Configuration, we can provide the requisite settings to manage the 4Cs of governance – CloudOps, Compliance, Consumption and Cost.

CloudOps

This section handles all the configuration settings associated with alerts, notifications and reports.

Alerts and Notifications

Alert Configuration

CoreStack issues alerts in the situation where set threshold limits are exceeded for the associated cloud account.The alerts set here appear in the CloudOps Dashboard under the Threshold Alerts section.

Let us take the example of CPU alert under Compute –  Instances. You can set an alert stating that a CPU Utilization above a threshold limit of say, 75%, is to be flagged. This alert will be sent as an email as well as flash in the CloudOps Dashboard.

Here’s where you can set the threshold limit:

 

Field Description
Threshold This is where the numerical value can be provided.
Comparison Operator Greater than, Greater than or equal, Lesser than or equal, Lesser than
Aggregation This section determines how the actual performance value should be compared with the threshold for example. That is, should the average monthly CPU utilization be compared to the threshold or the maximum value hit at a specific time be compared to the threshold. There are four options available in the drop down – Average, Minimum, Maximum and Sum.
Period The time interval to check if the actual metric is crossing the threshold set. You must specify period time in multiples of 60 seconds.
Evaluation Period This is the number of times within a set period interval that CoreStack will check for a threshold violation. For example, if this is set to 2, and the period is set to 30 minutes, then CoreStack will check the threshold every 30 mins. And if there is a threshold violation more than 2 times, then it will trigger an alert and notification to the user via email and on the dashboard.

 

Activity Notifications

You can select the activities for which notifications should be sent as an email to you. The activity list is populated based on the Environment selected in the Authentication section.

Since we have selected Development in our example, these are some of the activities listed:

Notifications

This section enables you to add the email and webhook using which notifications can be sent to you. Enter a valid email address and webhook in the respective fields.

Reports

Here, you can select the reports that will be sent to the user account at the end of the day. The two reports available are:

Daily Cost by Cloud Accounts

This shows breakup of daily costs incurred by the cloud account.

Template Execution Summary

This report shows the number of templates executed during the day, how many of them were successful and how many failed.

Compliance

Compliance is one of the pillars of good cloud governance. It is vital to configure the requisite settings right at the start to ensure compliance. This section is split into two sections: Governance Rules and Schedules.

 

Governance Rules

Policies

Here, select the policies that you want to be applicable for your cloud account. There are different types of policies you can select from – Standards, Security and Cost Optimization.

Schedules

This is to provide rules for scheduling auto shutdown of the virtual machine associated with the cloud account.

The options available are:

Field Description
Shutdown Details The frequency of the shutdown must be mentioned here. For example, Daily.
Shutdown Time Select the time at which the VM shutdown must be initiated.
Restart Time Select the time at which the VM should get restarted.
Applicable Tags Add tags to specify which VMs should be auto showdown.
Consumption

This section highlights the settings for VMs specific to this cloud account in the Self Service Catalog. Here you can select the Operating Systems, Preferred Regions and Preferred Compute Sizes for VMs.

Fill these fields:

Field Description
Operating System Select the OS that should be made available to VMs associated with this account.
Preferred Region Select the region to provision the resource.
Preferred Compute Size Select the preferred compute size for the VM.
Cost

You can configure the budget for this specific cloud account in this section. The budget displayed here is taken into account when computing the cost analytics and display accordingly in the Cost Analytics Dashboard. You can specify the Daily, Weekly and Monthly budget here.

User Defined 

User can define their own budget and enter it in User Defined Section manually.

Auto Calculated 

Auto Calculated Cost which is suggested is derived by the system based on the usage trends of the account currently reviewed. 

Authorization

This is the last step in the Onboarding Process, wherein the user levels are to be defined. That is, here, you can define which roles can work with this cloud account.

 

You can change the role permissions in Settings > Roles.

View onboarded account details

Already onboarded a cloud account on CoreStack? Here’s how you can view the details:

  1. Navigate to Cloud Accounts.
  2. Select the cloud account you want to view. For example, if it is an AWS account, click on AWS and then from the list that appears on the right, click on the Account Name or select “View Settings” to view more options.

 

The complete account details, including the configuration settings, appear as shown:

This shows a summary of all the information provided during the four-step onboarding process: Authentication, Activation, Configuration and Authorization.