1. Home
  2. Setup
  3. Activate your AWS Cloud Account

Activate your AWS Cloud Account

Before You Start

During the activation process, you will require two pieces of information:

  1. The account number of your AWS account.
    If your company uses AWS Organizations and this is the first account you are activating, it is ideal (but not mandatory) to activate your master account first.
    If you start by activating a linked account, PyraCloud will “discover” your master account for you. Then you, or another user in your organization, will be required to activate the master account. If you start by activating your master account, PyraCloud will “discover” your linked accounts and offer you the option of activating them individually, after the master account is activated.
  2. A person within your organization with enough permissions to perform the onboarding process. The user should have enough permissions to execute a CloudFormation script that will create an IAM Role in the account to be activated.

Activate your AWS Cloud Account

To complete the activation experience, follow the steps below.

Sign in to PyraCloud at https://portal.softwareone.com/.

Figure 1 – Sign in to PyraCloud

Once the PyraCloud dashboard has loaded, click on Manage in the navigation menu and click on Cloud Tenant Setup.

Figure 2 – Navigate to Cloud Tenant Setup

Add your AWS account

On the Cloud Tenant Setup page, click the Add Cloud Account tile.

Figure 3 – Add Cloud Account

On the Add Cloud Account page, select Amazon Web Services. Then, enter a Friendly Name for the account, the AWS Account Number, and choose and AWS Region to execute the CloudFormation script in.

Next, click on the Add Cloud Account button.

Figure 4 – Add Cloud Account Details

When you click Add Cloud Account, your browser should open a new tab with the login page for the AWS Console. Sign into the AWS Console.

Note: Your pop-up blocker may prevent this new browser tab from opening. You must allow the pop-up and possibly click the Add Cloud Account button again.

Figure 5 – Sign into the AWS Console

On the Create Stack page, review the settings PyraCloud will use to activate your AWS account. Leave these settings and check the ‘I acknowledge that AWS CloudFormation might create IAM resources with custom names checkbox. Click Create.

Figure 6 – Acknowledge and click Create

The CloudFormation script will then start executing. The CREATE_IN_PROGRESS status indicates the activation is still in progress.

Figure 7 – Create in Progress

This page will refresh every 5 minutes while the script executes, but you can refresh the page manually to get more frequent updates. As the script executes, you will notice more items in the Events log.

Figure 8 – Events Log

When the script has completed, the status will change to CREATE_COMPLETE.

Figure 9 – Create Complete

Switch back to the PyraCloud browser tab with Cloud Tenant Setup.

Figure 10 – PyraCloud Cloud Tenant Setup

Give PyraCloud a few minutes to synchronise your AWS account details and refresh the page. If you are using AWS Organizations and have linked accounts, these will be shown as Not Activated in the list.

Figure 11 – Sync Status shown as Success or not Activated

Next Steps

Now that you’ve completed the activation of your master account, you may wish to perform some further steps to help PyraCloud build a more complete view of your cloud spend. To do this, follow the steps in the Add More Linked Accounts section below.

You may also want to control whether PyraCloud will sync your tag changes made in PyraCloud, back to your AWS account. Follow the steps in the Sync Your Tags to AWS section below.

Take full advantage of PyraCloud Cloud Management

Once your AWS account is activated, there are further steps you can take to ensure that PyraCloud provides a more complete view of your cloud spend.

Add More Linked Accounts

Many organizations have several AWS accounts in their AWS Organizations hierarchy. In some cases, it is not the same person who owns each of those accounts. Therefore, it is necessary for each account owner to activate the accounts they own.

To activate more linked accounts, follow the steps below:

  • Sign in to PyraCloud and navigate to Cloud Tenant Setup.
  • Expand the AWS account containing the linked accounts you want to add.
  • Next to the linked account, click the Activate button.
Figure 12 – Expand Master Account and Activate

You will then perform the same process as for the master account. Follow steps 4 through 10 in the Add your AWS account section above.

Add Multiple Linked Accounts

It is possible to select multiple linked accounts and start the activation process automatically for all selected accounts.

To be able to automate multiple linked account activations, all selected accounts are assumed to have some basic permissions. These permissions are automatically applied if the linked account has been created as a part of an organization.

If a linked account hasn’t been created as a part of an organization, but instead has only been linked to it, you will need to manually grant access to the role OrganizationAccountAccessRole with the permission cloudFormation:CreateStack to be able to activate that account automatically.

How it Works

Activating multiple linked accounts is done in a similar way to single account activation, except at the beginning it grants AssumeRole permissions to the master account. To be able to handle the process automatically for multiple accounts, without prompting the user for additional settings for each account, the additional AssumeRole permission is applied. This is only needed at activation. Granting this permission is done using a similar approach to single account activation. It does this using CloudFormation, SNS and Lambda by deploying new AWS resources to handle this process.

To activate more linked accounts, follow the steps below:

  • Sign in to PyraCloud and navigate to Cloud Tenant Setup.
  • Expand the AWS account containing the linked accounts you want to add.
  • Next to each linked account that you would like to activate, select the checkbox and click the Activate Selected button .
Figure 13 – Expand Master Account and Activate Multiple

Sync Your Tags to AWS

When you onboard your AWS accounts for the first time, PyraCloud works in read-only mode by default. This means that the Tag and Resource Manager feature can import your resources and tags from AWS, but it cannot synchronise any tag changes you make in PyraCloud back to AWS.

If you would like Tag and Resource Manager to synchronise tags back to AWS, you need to change the level of access PyraCloud has for your AWS account.

The following access levels are available:

Sync resources only, no tags – write back of tags disabled

Tag and Resource Manager will download your resources to PyraCloud without the tags currently assigned in AWS. Any changes to tags will be stored in PyraCloud only. This setting requires read-only access to your AWS account and will not make any changes to resources or tags in your AWS account.

Sync resources and tags – write back of tags disabled

Tag and Resource Manager will download your resources to PyraCloud including the tags currently assigned in AWS. Any changes to tags will be stored in PyraCloud only. Any tags assigned to resources in AWS will overwrite the tags for the corresponding resource in PyraCloud. This setting requires read-only access to your AWS account and will not make any changes to resources or tags in your AWS account.

Sync resources and tags – write back of tags enabled

Tag and Resource Manager will download your resources to PyraCloud including the tags currently assigned in AWS. Any changes to tags will be synchronised back to your resources in AWS. This setting requires read-write access to your AWS account and will only make changes to tags.

To change the level of access PyraCloud has for an AWS account, follow the steps below:

Sign in to PyraCloud and navigate to Cloud Tenant Setup. Expand the AWS account in question and click on Change Access next to the account you wish to modify.

Figure 14 – Expand Master Account and Change Access

In the Change PyraCloud Access Level select your desired access level and click Change.

Figure 15 – Change PyraCloud Access Level

Review the updated access level for the account.

Figure 16 – Updated Access Level

Sync AWS Cost Explorer Recommendations

PyraCloud Recommendations will download recommendations from AWS Cost Explorer, which includes Reserved Instance purchase recommendations for Amazon EC2, Amazon RDS, ElastiCache, Amazon ES, and Amazon Redshift. If the following setting is enabled, then PyraCloud will download AWS Cost Explorer recommendations for this account. This setting is enabled by default.

To enable/disable Cost Explorer access in PyraCloud for an AWS account, follow the steps below:

Sign in to PyraCloud and navigate to Cloud Tenant Setup. Expand the AWS account in question and click on Change Access next to the account you wish to modify.

Figure 17 – Expand Master Account and Change Access

In the Change PyraCloud Access Level select your desired access level and click Change.

Fig 18- Enable/Disable Cost Explorer

Review the updated access level for the account.

Fig 19- Review Updated Access Level

How To Locate your AWS Account Number

To locate your AWS account number, follow the steps below:

  1. Sign in to the AWS Console at https://console.aws.amazon.com/console/. In the top right profile menu, select My Account.
Figure 20 – AWS Console – My Account

Your AWS Account Id is shown at the top of the page:

Figure 21 – AWS Account ID

Enable your Enterprise Discount Program (EDP) commitment amounts in PyraCloud

If you are taking advantage of AWS’ EDP you can view your commitment amounts in PyraCloud. PyraCloud will show you how you are spending against your commitment, so that you can track and plan for upcoming spend. Please reach out to our support team to get setup today.

Figure 22 – Enabling EDP in PyraCloud
Updated on March 9, 2020

Was this article helpful?

Related Articles