Onboarding
The goal of this document is to:
- Outline the different scenarios for onboarding.
- Explain how to onboard accounts in different scenarios.
- Outline the consequences of the different methods of onboarding.
Terminology
| Term | Description |
|---|---|
| AWS Organizations | An entity that you create to consolidate your AWS accounts so that you can administer them as a single unit. More information on terminology and concepts here. |
| Management Account | An AWS account with an AWS Organization. The Management Account owns all billing-information of everything in the Organization. |
| Workload Account | A "standard" AWS account. The account can not have AWS Organizations, as an account with AWS Organizations automatically becomes a Management Account. |
| Standalone | An AWS account that does not manage or belong to an Organization. |
| Linked | An AWS account that does not manage, but belongs to an Organization. |
Scenario 1 - Workload Account (Standalone)
There is only one way to onboard a Standalone Account, and it's very simple:
- Order a new Crayon AWS Management Account in CloudIQ.
- Sign in to the account.
- Send an invitation from the Crayon AWS Management Account to the Standalone Account.
- Accept the invitation on the Standalone Account.
Workload Account (Standalone) - Illustration
The user logs in to the Crayon AWS Management Account using an IAM-user. The user sends an invitation.
The invitation is accepted, and the account is onboarded.
Scenario 2 - Workload Account (Linked)
Again, there is only one way to onboard this type of account.
- Order a new Crayon AWS Management Account in CloudIQ.
- Log in to the Workload Account and leave the Organization it is currently under.
- Sign in to the new Crayon AWS Management Account.
- Send an invitation from the Crayon AWS Management Account to the Standalone Account.
- Accept the invitation on the Standalone Account.
Workload Account (Linked) - Illustration
The account to be onboarded resides in a different Organization.
Customer leaves the Organization.
An invitation is sent from the new Crayon AWS Management Account.
The invitation is accepted.
Consequences - Workload Account (Linked)
Billing data
It's important to note that billing information is owned by the Management Account. This means that the following information will need to be backed up, if you wish to keep it:
- Historical billing data.
- Invoices
Cost Allocation Tags
Cost allocation tags are managed by the Management Account. When moving a Workload Account from one Management Account to another, you also move the management of the cost allocation tags.
You will most likely have to reactivate the cost allocation tags.
Scenario 3 - Management Account
There are two ways to onboard a Management Account:
-
Delete the Organization on the Management Account, converting it to a Standalone Account. Onboard the account as you would a Standalone Account.
-
Onboard the Management Account as-is, by performing a CTA.