Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Onboarding the root AWS account for your organization will allow us to onboard all the children accounts automatically.

This will also allow Data Theorem to automatically onboard new children accounts as they’re created in the future.

This feature is in preview and is not yet available in the user interface. To participate in this feature, contact support@datatheorem.com to retrieve the AWS CloudFormation Template file for your account.

The AWS CloudFormation template will perform the following actions:

  • Create the “organization role”, that will give Data Theorem the capability to list AWS accounts belonging to the organization for onboarding purpose, and perform discovery.

  • Create a CloudFormation StackSet that will take care of creating a role in each children account of the organization (with the SecurityAudit role, to enable discovery on the account)

  • Note that all the created roles will be bound to Data Theorem, and require an external ID.

Prerequisites

  • Administrator access to the management account for the AWS Organization

  • The “Organization Id” of your AWS Organization root

  • The AWS organization must have the following features enabled:

    • Trusted access for AWS Account Management

    • CloudFormation StackSets

  • The AWS Cloud Formation Quick Create link you received from Data Theorem

Enabling trusted access for AWS Account Management and CloudFormation StackSets

Log in to the AWS console with your AWS Organization Root Account and go to the AWS Organizations > Services page: https://us-east-1.console.aws.amazon.com/organizations/v2/home/services

  1. Ensure “AWS Account Management” is enabled

  2. Ensure “CloudFormation StackSets“ is enabled

image-20230814-190406.png

image-20230814-190439.png

Collect your AWS Organization ID

  1. Navigate to the AWS Organization Accounts page https://us-east-1.console.aws.amazon.com/organizations/v2/home/accounts and make a note of your organization ID. You will need this value in a later step. In the example below, the Organization ID is r-hd2b.

image-20230814-191241.png

Running the AWS CloudFormation Template

  1. Open the link you received from DT in your browser. This will open the AWS console. Sign in as a user with admin privileges in your AWS Organization root account. The link will open the Data Theorem Cloud Formation Template

  2. Input the r- prefixed Organization ID in the OrganizationalUnitIds field

  3. Click Next twice, and submit the Stack

  4. Wait for stack to complete

  5. Copy the outputs and email them to support@datatheorem.com. In the example below, the necessary values would be: DataTheorem-Service and arn:aws:iam::1111111111:role/DataTheorem-OrganizationOnboarding

image-20230814-192521(1).png

SCR-20240626-mywp.png

4-SCR-20240626-mywp.png

5-SCR-20240626-mywp.png

Step 5

Copy the outputs and email them to support@datatheorem.com. In the example below, the necessary values would be: DataTheorem-Service and arn:aws:iam::1111111111:role/DataTheorem-OrganizationOnboarding

5-SCR-20240626-mywp.png

  • No labels