Pre-requisites
A pre-requisite to enable creation of AWS Linked accounts is that the Master account should be Onboarded already with all Onboarding pre-requisites. Apart from the usual set of permissions required for governing cloud resources, master accounts should have the following access permissions to be able to create child accounts.
| Service | Access Required |
|---|---|
| Organizations | ListRoots, DetachPolicy, DescribeAccount, CreateAccount, DescribePolicy, ListChildren, ListPolicies, ListAccountsForParent, ListAccounts, DescribeOrganization, UpdatePolicy, AttachPolicy, CreatePolicy, DescribeCreateAccountStatus |
| sts | * |
How to?
Navigate to Cloud Accounts New Account Create New
Provide the Account Name (to be referred within CoreStack) and Select Parent Account from the dropdown.
Once you click on “Continue” button, the account creation will be done in 2 steps:
Step 1 – Create Account
Provide child account name (as required to be created in AWS) and the email address
Once you click on “Next” button at top right, the account creation will be initiated in the background and you will get a success / error message displayed. You can only proceed to next step only if this is successful.
Note: In case of an error, you can retry this from the “Associated Accounts” list.
Step 2: Create IAM User
Provide admin username and password
Select authorize option to enable CoreStack to create an user for onboarding
Next Steps
CoreStack will create an Onboarding_Default user with access key/secret key with all required policies associated for Onboarding. This user will only have programmatic access (No AWS console access).
- On successful account creation, the account details will be emailed to the account owner
- Once the child account is created successfully, user can click the onboard button as below
The Onboarding page will pre-populate the account name, access key/ secret key (non editable). User can select other inputs such as environment, scope and select the master account.
Follow regular Onboarding steps as provided under AWS Onboarding section.
To know how to onboard your AWS Account? Goto AWS Account Onboarding