Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            AWS Onboarding Process

            Modified on Sun, 30 Mar at 1:43 PM

            Wiv On Boarding Process - Payer

            Description

             

            Onboarding Process Overview

            Welcome to the initial setup guide. This document outlines the necessary steps to integrate your AWS Account with our FinOps automation platform, thereby enhancing your financial operations through effective resource management.

             

            Step 1: Establishing Connection with Org/Payer Account

            To initiate, connect your Org/Payer account. This primary account holds exclusive information crucial for comprehensive cost and usage analysis. Our system leverages this data to facilitate robust financial optimization strategies.

             

            Step 2: Configuration of Cost & Usage Report

            We facilitate a detailed Cost & Usage Report (CUR) specific to your AWS environment. This report is pivotal in identifying unnecessary expenditures and uncovering potential savings. It includes:

            • S3 Bucket Creation: A dedicated Amazon S3 bucket is created to house the CUR, ensuring your data is securely stored and readily accessible.

            • Athena Table and Crawlers: We configure an Athena Table and deploy crawlers to replicate the CUR data to Athena. This setup enables you to execute tailored queries on your report via Wiv, providing insights into cost-saving opportunities.

            • Lambda Invocation: An automated Lambda function is designed to trigger these crawlers, ensuring your data is regularly updated and accurate.

            Our preliminary checks ensure these configurations are non-existent prior to setup and verify that they fall within the AWS Free Tier.

             

            Step 3: Secure Access Configuration

            For enhanced security, an IAM Role with an external ID is created at the payer level. This role is pivotal in establishing a secure connection to your AWS account, safeguarding your data and operations.

             

            Step 4: Deployment of 'WivAccessRole'

            Upon successful connection with the payer account, deploy the 'WivAccessRole'. This IAM role is instrumental in extending optimization capabilities to all linked accounts. The deployment is designed to be user-friendly and can be completed swiftly as per the instructions provided.


             

             

             

            To initiate the onboarding process, please click on the 'Connect AWS Account'

             

             


             

            Login to your AWS Management Account (Payer) in us-east-1 region and click the above link

             

            The link will provide the stack name “WivOnBoarding” and “External id” parameter.

            The stack contain 4 nested stacks:

             

            • PreCheckStack

            • CUR

            • OrgRoleManagement

            • OrgRole StackSet (Member Account Permissions) 

             

             

            Deploy the StackSet at the Payer/Single Account 

            First, click on the "Connect AWS Account" to open the 'Create Stack Set' form.

             

             

            Leave all default values and check the box's than click 'Create Stack"

             

            It will take approximately 5 minutes to complete the installation of all stacks at the account.

             

            Wait until you see that all is completed:

             

             

            After the deployment was successfully you will need to provide
            "Role ARN" and "External id" from the nested stack "WivOnBoarding-OrgRoleManagement-XXXXXXXXXXXX"

             

             

             

             

            Adding AWS Organization Units/Linked Accounts to the Stackset

             

            Go to “WivOrgStackSet” under “Actions” click on “Add stacks to Stackset

             

             

             

             

            Under “Set deployment options” choose “Deploy to organization” to deploy the role for all organization Linked accounts. Or “Deploy to organizational units (OUs)” to target specific OUs (you will need to provide “AWS OU ID”)

             

            Under “Specify regions” choose “us-east-1” (this is not important as role is Global resource and not regional)

             

             

             

             

            Leave all other options as default and run the stackset.

             

            You will see all your chosen Linked accounts under “Stack instances” tab

             

             

             

            The end resolute should be “SUCCEEDED” message in “Operations” tab

             

             

             

             

            All resources that can be tagged have the following tags:

            • Wiv: Wiv-infrastructure

            • Wiv:Original:ResourceId: {StackName}-Stack

            The Following are Infrastructure Resources which are created during on-boarding process:

             

            IAM Roles:

            • WivAccessRole (in management and member accounts)

            • Various Lambda execution roles

            S3 Bucket:

            • For storing Cost and Usage Reports (CUR)

            Lambda Functions:

            • PreCheck Lambda

            • CUR Initializer Lambda

            • S3 CUR Notification Lambda

            • Cleanup Bucket Lambda

            Glue Resources:

            • Glue Crawler

            • Glue Database

            Athena Resources:

            • Athena Database

            • Athena Workgroup

            CloudFormation StackSet:

            • For deploying WivAccessRole to member accounts

            CloudWatch Log Groups:

            • For Lambda function logs

            EventBridge Rules:

            • For triggering Lambda functions based on S3 events

             





            Enabling Resource Costs

            To enable Wiv to extract resource costs accurately, please enable resource-level data tracking at daily granularity by following these steps:

            1. Navigate to Cost Management Preferences
            2. Select the Cost Explorer Tab
            3. Enable the "Resource-level data at daily granularity" option
            4. Select "All Services" (Note: This feature is available at no additional cost)
            5. Click "Save Preferences" to apply your changes










             

             

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0