Versions Compared

Old Version 2

changes.mady.by.user John Gerlock

Saved on

compared with

New Version 3

changes.mady.by.user John Gerlock

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Ensure “AWS Account Management” is enabled

  2. Ensure “CloudFormation StackSets“ is enabled

  3. Collect the “Organization Id”

...

Collect your AWS Organization ID

Before running the CloudFormation template, you will need to retrieve the organization ID (prefixed with r-), it can be found in the “AWS Organizations” service page (r-hd2b in the example)

...

Running the AWS CloudFormation template

...

  • Create the “organization role”, that will give Data Theorem the capability to list AWS accounts belonging to the organization for onboarding purpose, and perform discovery.

  • Create a CloudFormation StackSet that will take care of creating a role in each children account of the organization (with the SecurityAudit role, to enable discovery on the account)

  • Note that all the created roles will be bound to Data Theorem, and require an external ID.

Before running the CloudFormation template, you will need to retrieve the organization ID (prefixed with r-), it can be found in the “AWS Organizations” service page (r-hd2b in the example)

...

On the next section, input the following details:

...