Skip to main content
Skip table of contents

AWS Organizations

This guide explains how to add an AWS Organization to Cloudaware and enable the auto-discovery of organizational member account within AWS Organization.

Summary

 

To integrate AWS Organization with Cloudaware:

  1. Add the AWS Organization Management Account using an AWS IAM Role.

    • Create a CloudFormation stack in AWS using the Cloudaware template:

      • CloudAware Role Name: replace auto-generate with a relevant name, e.g. CloudawareRole

      • External ID: generate in Cloudaware

  2. Create AWS CloudFormation StackSet in AWS Organization for auto-collection of member accounts.

    • Create a CloudFormation stackset in AWS using the Cloudaware template:

      • CloudAware Role Name: replace auto-generate with a relevant name, e.g. CloudawareGlobalRole

      • External ID: generate in Cloudaware and save it for step 3

  3. Add AWS Organization to Cloudaware.

    • IAM Role Name: use the name of the role created for a stackset in step 2

    • External ID: use the External ID from step 2

 

For detailed instructions, refer to the in-depth guidelines below.

Prerequisites

 

  1. Ensure that AWS Organizations is in use. Read more

  2. Ensure that all features is enabled in your AWS Organization. NOTE: this action is irreversible! Read more

  3. Ensure that you have registered an account with Cloudaware. Read more

Add AWS Organization Management Account to Cloudaware

Use this guide to learn how to add an AWS Account to Cloudaware using an IAM Role.

Once the account is added, view AWS Organizations data in Cloudaware CMDB. Go to CMDB Navigator → select AMAZON WEB SERVICES on the left → Security, Identity, Compliance → Organizations:

AWS Organizations - AWS Organizations data in CMDB.png

Create CloudFormation StackSet in AWS Organization

 

Use AWS CloudFormation StackSets to roll out the Cloudaware CloudFormation stack over multiple AWS accounts in your AWS Organization. This will enable auto-discovery of AWS Organization member accounts in Cloudaware.

 

  1. Log in to AWS Console. Select All Services → section Management & Governance → CloudFormationStackSets.

  2. Click Create StackSet.

    AWS Organizations - setup in AWS - create CloudFormation StackSet.png

  3. Select 'Service-Managed Permissions'.

If you prefer using Self-Managed permissions, set up:

  1. Select 'Template is ready' → 'Upload a template file'. Click Choose file and upload the Cloudaware CloudFormation template used when adding the AWS Organization Management account and creating a stack.

    AWS Organizations - setup in AWS - upload the template file.png


    Click Next.

  2. Provide a meaningful name to the stackset. Replace auto-generate in CloudAware Role Name with a custom name*, e.g. CloudawareGlobalRole. Insert External ID** used for adding AWS Organization Management Account to Cloudaware.

    AWS Organizations - setup in AWS - access parameters.png

Note that these IAM Role Name and External ID are required for adding an AWS Organization to Cloudaware.

  1. Set up the policies. Click Next.

  2. Configure StackSet options, such as tags and execution configuration. Check the box I acknowledge that AWS CloudFormation might create IAM resources with customised names.

  3. Set deployment options.

You can limit the stackset deployment to specific Organization Units to limit account discovery in the AWS Organization. Learn more on how to specify the OUs as deployment targets. 

IMPORTANT: If a specific Organization Units (OU) is already onboarded by Cloudaware and you would like to add one or more additional OUs, create a StackSet with new OU(s) specified, using exactly the same Role Name and External ID that were used when adding the first OU.

Click Next.

  1. Review the StackSet details. Click Submit. Allow some time for the StackSet to be created.

Please allow some time for the stackset to be created.

Add AWS Organization to Cloudaware

 

  1. Log in to Cloudaware account → Admin.

    AWS Organizations - setup in Cloudaware - admin.png

     

  2. Find Amazon Web Services. Click +N CONFIGURED.

    AWS Organizations - setup in Cloudaware - admin - N configured.png

  3. Select the tab 'Organizations' → +ADD AWS ORGANIZATION.

    AWS Organizations - setup in Cloudaware - add AWS Organization.png

     

  4. Fill out the form:

    Screenshot 2025-01-16 at 4.55.43 PM.png

    WHERE

    Name - provide a meaningful AWS Organization name
    Partition - select the partition of AWS Organization Management Account (Public Cloud is pre-selected as aws by default)
    IAM Role Name - insert the name of Cloudaware IAM Role that was used when creating a stackset in AWS Organization
    External ID - insert the External ID that was used for creating stackset in AWS Organization Management Account
    Management Account - select the AWS Organization Management Account from the list

    Click CHECK. Once validation is passed, click SAVE.

Please allow some time for Cloudaware to automatically collect AWS Organizational member accounts.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close