Account Onboarding Process – AWS

Let’s look at how you can associate your cloud accounts with CoreStack to make cloud monitoring and governance simpler and effective.

Note:
When logging into CoreStack, if there are no accounts setup to begin with, the user will be greeted with the following page:

Clicking on ‘Get Started’ will take the user to onboarding accounts page and can then proceed with the wizard as explained in the other sections.

Steps to add cloud accounts to CoreStack

  1. Steps to add cloud accounts to CoreStack
  2. Navigate to Cloud Accounts.
  3. From the Cloud Accounts screen, select the Public, or Private Cloud service provider from the list.

To add a single cloud account, click New Account and select the Single from the drop down

  1. A new screen appears with four sections – Authentication, Activation, Configuration and Authorization. Let’s begin with the Authentication section

Authentication

This is where you first associate your cloud account, by providing the relevant application ID, secret key and tenant ID, and selecting the type of configuration settings.

The following legend details the fields in Authentication section that must be filled to proceed further:

Field Field options Description
Account Name Required Enter the name of the Account. For example, AWS_Dev.
Description Optional Provide a short description about the account
Settings Required Here, you can select the configuration settings for your cloud account. There are three options to choose from – None, Express and Custom->
None – Select None if you do not want any governance automation for this cloud account.
Express – Express is like a quick setup wizard. If the user selects Express option the best practice configurations will automatically be setup for the cloud account.
Custom – User can select this if they want to tailor the configurations for the cloud account. All the options will be selected by default and you can uncheck them individually in the Configurations section.

Environment

Required
Select the appropriate environment for the cloud account which will determine the governance settings. For example, if the cloud account is for development, then select that from the list. The Environment list consists of – Production Staging QA, and Development.

Scope

Required

Select the scope for the account. The options are:
Private – Select Private if the cloud account is to be used only by the user setting up the account
Tenant – Select tenant if account will be shared across tenants associated.
Account – Select Account to share it with the entire team
Access Key Required Enter the unique Access Key associated with the AWS account.
Secret Key Required Enter the Application Secret Key.
Bucket Name Optional Enter the name of the AWS S3 bucket where the data and metadata related to the cloud account is to be stored.
Account Type Required

Account Type is mandatory to get the Billing bucked for the added account

  • Parent Account
  • Child Account

Once all the details required for Authentication is complete, Click on Next to proceed to Activation.

Note:
If the user selects Settings as ‘None’, then they would be directly taken to the end of the Authorization page and Onboarding completion page.

Activation

In the Activation section you can select the Compute, Storage, Network and Application Integration cloud resource types that can be managed by CoreStack.

Cloud Products that can be monitored by CoreStack are:

Cloud Products Types
Compute
  • ECS Clusters
  • EC2 – Instances, Shared Private Images, Key Pairs, Own Private Images, Security Groups, Elastics IPs, Reserved Instances, Load Balancers, Availability Zones
  • Lambda – Functions
Storage
  • S3 – Bucket
  • EBS – Snapshots, Volumes
Network
  • Virtual Private Clouds – Subnets, VPCs
Application Integration
  • SNS – Topics
  • SQS – Queues

Here’s how the Activation screen looks:

Click on a cloud resource to select/deselect a resource type to be managed using CoreStack. An example of how it works – you can select the type of Storage your cloud account must be associated with – S3 buckets, Elastic Block Storage (EBS) Snapshots and Volumes or both.

Note: By default, all the resource types will be selected.

Click Next to proceed to the Configuration section.

Configuration

Under Configuration, settings are provided to be able to manage the 4Cs of governance – CloudOps, Compliance, Consumption and Cost.

CloudOps

This section handles all the configuration settings associated with alerts, notifications and reports.

Alerts and Notifications

Alert Configuration

CoreStack issues alerts in the situation where set threshold limits are exceeded for the associated cloud account. The alerts set here appear in the CloudOps Dashboard under the Threshold Alerts section.

How to set a threshold?

Let us take the example of CPU alert under Compute – Instances. You can set an alert stating that a CPU Utilization above a threshold limit of say, 75%, is to be flagged. This alert will be sent as an email as well as displayed in the CloudOps Dashboard.

FieldDescription
ThresholdThis is where the numerical value can be provided.
Comparison
Operator
Operator set in this field will be used to compare the statistic with the set threshold. Options available are: Greater than Greater than or equal Lesser than or equal Lesser than
StatisticThis section determines how the actual performance value should be compared with the threshold for example. That is, should the average monthly CPU utilization be compared to the threshold or the maximum value hit at a specific time be compared to the threshold. There are four options available in the drop down – Average Minimum Maximum, and Sum
PeriodThe period, over which the specified statistic will be applied.
Evaluation PeriodThis is the number of times within a set period interval that CoreStack will check for a threshold violation. For example, if this is set to 2, and the period is set to 30 minutes, then CoreStack will check the threshold every 30 mins. And if there is a threshold violation more than 2 times, then it will trigger an alert and notification to the user via email and on the dashboard.

Activity Notifications

You can select the activities for which notifications should be sent as an email to you. The activity list is populated based on the Environment selected in the Authentication section.

Since we have selected Staging in our example, these are some of the activities listed:

Notifications

This section enables you to add the email and webhook using which notifications can be sent to you. Enter a valid email address and webhook in the respective fields.

Reports

Here, you can select the reports that will be sent to the user’s email address at the end of the day. The two reports available are:

Daily Cost by Cloud Accounts

This shows breakup of daily costs incurred by the cloud account.

Template Execution Summary

This report shows the number of templates executed during the day, how many of them were successful and how many failed.

Click on icon to move to the next part, within CloudOps

Compliance

Compliance is one of the pillars of good cloud governance. It is vital to configure the requisite settings right at the start to ensure compliance. This section is split into two sections: Governance Rules and Schedules.

Governance Rules

Tags
Policies

User can select the policies that you want to be applicable for th cloud account. There are different types of policies you can select from – Standards, Security and Cost Optimization.

Schedules

This is to provide rules for scheduling auto shutdown of the virtual machine associated with the cloud account.
The options available are:

Field Description
Shutdown Details The frequency of the shutdown must be mentioned here. For example, Daily.
Shutdown Time Select the time at which the VM shutdown must be initiated.
Restart Time Select the time at which the VM should get restarted.
Applicable Tags Add tags to specify which VMs should be auto showdown.

Click onto proceed to Consumption

Consumption

This section highlights the settings for VMs specific to this cloud account in the Self Service Catalog. Here you can select the Operating Systems, Preferred Regions and Preferred Compute Sizes for VMs.

Complete the selection for the following required fields –

FieldDescription
Operating
System
Select the OS that should be made available to VMs associated with this account.
Preferred
Region
Select the region to provision the resource.
Preferred
Compute Size
Select the preferred compute size for the VM.

Click onto proceed to Cost

Cost

You can configure the budget for this specific cloud account in this section. The budget displayed here is considered when computing the cost analytics and display accordingly in the Cost Analytics Dashboard. You can specify the Daily, Weekly and Monthly budget here.

User Defined

User can define their own budget and enter it in User Defined Section manually.

Auto Calculated

Auto Calculated Cost which is suggested is derived by the system based on the usage trends of the account currently reviewed.

Click on Next to proceed to the next step

Authorization

This is the last step in the Onboarding Process, wherein the user levels are to be defined. That is, here, you can define which roles can work with this cloud account.

You can view or change the role permissions in Settings > Roles.

View Onboarded Account

A user can review the details and selection of an AWS onboarded account by

  • Navigating to the icon on top of the page and select Cloud Accounts from the drop down list.
  • Select the account that needs to be reviewed from the list
  • Account details are made available in the following page

Edit Onboarded Account

Any details of an account can be edited, to do this:

  • Navigate to the icon on the top page and select Cloud Account from the drop down list
  • Choose the account you want to edit from the list, click on the icon
  • From the available list of resources, click on ‘Edit’ option
  • The next page available allows users to make changes to their selection (after they have entered correct Access Key & Secret Key for authentication)
  • Clicking on the Next button navigates the users to the following page – Activation, Configuration, Authorization.
  • At the end of Authorization, User can update the changes.