Blog
Product

How to onboard any number of AWS member accounts with CloudFormation StackSet

CloudYali Team
February 10, 2024
5 min read
C

loudYali provides a secure and seamless connection to customer AWS accounts, for getting cloud resource and cost information. Our onboarding process utilizes the power of CloudFormation stack, ensuring a streamlined and secure experience for our users. Leveraging multiple AWS accounts is a recommended practice by AWS for several reasons, such as minimizing potential impact (blast radius) and easy cost attribution, etc. Many medium to large companies adopt a per-team or per-product AWS account approach, resulting in numerous accounts. To effectively manage these accounts, AWS Organizations is an excellent solution. It enables companies to establish multiple organizations with a large number of member accounts.

At CloudYali, we prioritize efficiency and understand the need for swift onboarding. Our account onboarding process typically takes no more than 3 minutes, utilizing the CloudFormation-based workflow. Within just 10 minutes, users gain access to crucial resource, security compliance, and cost information, all conveniently available through the CloudYali console. As soon as resource information is accessible, CloudYali initiates various security compliance checks, including AWS Foundational Security Best Practices and CIS AWS Foundations Benchmark v1.5.0 and v2.0.0. Additionally, our platform generates a comprehensive cost savings report, identifying any unused AWS resources.

We recognize that many of our customers manage hundreds of AWS accounts under their organizations. Onboarding each member account individually can be time-consuming and cumbersome. To address this challenge, based on valuable feedback, we have introduced a new CloudFormation StackSet-based onboarding workflow for member accounts. This workflow simplifies the process with a single-click onboarding, mirroring our existing single account onboarding functionality. Moreover, this approach offers the advantage of automatically onboarding any new member account added to the organization, eliminating the need for manual intervention. This ensures seamless connectivity between the new member AWS account and CloudYali.

Utilizing CloudFormation StackSet, CloudYali can efficiently execute the same CloudFormation Stack across all member AWS accounts. The process requires the Organization root ID and access to the organization root AWS account to create stack sets. By leveraging this capability, CloudYali ensures a consistent and streamlined onboarding experience for all member accounts.

get AWS Organization root id
AWS Organization root id

After obtaining the AWS Organization root ID, the CloudYali onboarding workflow can be initiated. CloudYali generates two AWS CLI commands that need to be executed in the organization root account. These commands are crucial for creating the CloudFormation StackSet with the necessary parameters, including a unique external ID and StackSet-specific configuration parameters.

CloudYali organization onboarding
CloudYali Organization Onboarding

One of the essential configuration parameters is auto-deployment Enabled=true, which ensures that any newly added member account is automatically onboarded. Another important parameter is RetainStacksOnAccountRemoval=true, which guarantees that the stack removes any created resources if the account is removed from the Organization.

CloudFormation Stackset CLI Commands
StackSet CLI Commands

The first command is responsible for creating the StackSet with the provided parameters and prepares it for execution in member accounts. The second command initiates the execution of the Stacks for the StackSet, targeting the specified deployment-targets. By default, CloudYali employs the organization root ID to deploy the StackSet to all member accounts. However, if necessary, this can be modified to target specific AWS accounts.

CloudFormation StackSet CLI execution
StackSet CLI Execution

Upon executing the second command, an operation ID is generated, enabling users to track the stack creation process. Once an AWS account is successfully onboarded, users gain complete visibility into cloud resource inventory, cost, and security compliance across all member accounts and regions. It is important to note that the organization root account needs to be onboarded separately, as per the design of AWS StackSet.

CloudYali Dashboard
CloudYali Onboarding Success

Overall, the utilization of StackSet allows for automated onboarding of any number of member accounts, while also providing an exceptional user experience. By leveraging this technology, CloudYali ensures efficient and seamless account management for our valued users.

CloudYali Team

Stay Informed

Get the latest updates, news, and exclusive offers delivered to your inbox.

By clicking Sign Up, you agree to our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong. Please try again.
FEATURED BLOGS

Discover Our Featured Blogs

Stay up to date with our informative blog posts.

Cloud FinOps

Introducing CloudYali Budget Alerts: Smart Cost Control for Your Multi-Cloud Infrastructure

CloudYali Budget Alerts makes it easy to manage cloud costs across multi-cloud infrastructures. With flexible budgets, advanced filters, and smart alerts, users can track spending in real-time across AWS and GCP. Whether you need a unified budget for multiple accounts, environment-specific budgets, or departmental cost allocation, CloudYali’s tools provide visibility and control to prevent budget overruns. Getting started is simple: set up your first budget to monitor critical expenses, then expand as needed. CloudYali Budget Alerts ensures you stay informed and in control of cloud spending, helping to eliminate waste and improve financial accountability.
Nishant Thorat
November 18, 2024
5 min read
AWS Cloud

Demystifying AWS PrivateLink and VPC Endpoint Services: Everything You Need to Know

Learn about the technical details of AWS PrivateLink and VPC Endpoint services, and how they can improve your network security and performance.
Nishant Thorat
November 15, 2024
5 min read