Guides
Getting Started
Important Concepts
Implementation overview
AWS Budget Vs CloudThrottle Budget
Acronyms
FAQ
Categories
AWS Integration
CloudThrottle Integration - Prerequisites
CloudThrottle Actions and Permissions Requirements
CloudThrottle Integrating: A Step-by-Step Guide
General Setup
Global Settings
Cloud Cost Modeler
Cloud cost Modeler
Cloud Cost Modeler's Default Reports
Knowledge Center
AWS Integration
CloudThrottle Integration - Prerequisites

CloudThrottle Integration - Prerequisites

Instructions on setting up the essential prerequisites for integrating CloudThrottle with your cloud accounts. This guide details the process for creating and configuring a Jump Account, assigning limited permissions, and establishing cross-account access, ensuring secure and controlled management capabilities for resource and budget tracking across designated cloud accounts.

To enable seamless integration between CloudThrottle and your cloud accounts, it is necessary to set up a CloudThrottle Jump Account on your cloud infrastructure. This Jump Account functions as a secure bridge between CloudThrottle and the various child accounts within your organization. By establishing this link, the Jump Account gains the capability to manage specific resources across the cloud member accounts without requiring full administrative privileges.

Through the Jump Account, CloudThrottle can efficiently oversee and coordinate multiple child accounts, ensuring consistent governance, security, and compliance across your entire cloud infrastructure. With the Jump Account in place, you gain the ability to optimize resource usage, streamline costs, and track cloud spending effectively. Overall, the Jump Account serves as a crucial access point between CloudThrottle and your organization’s various cloud child accounts, providing centralized management capabilities and facilitating better control, security, and efficiency within your cloud ecosystem.

No Admin Access is required for the Jump Account. Instead, it operates with limited, task-specific permissions necessary for integration and resource management.

Points to Take Into Account Before Creating the Jump Account:

  • The account should not function as a master/payer account.
  • The account must be set up with limited cross-account access to enable specific interactions between CloudThrottle and the tenant’s Master and child accounts.
  • You have the option to either create a new account or use an existing one.

Prerequisites:

  1. Cross-Account Access to CloudThrottle
    • The account must be granted cross-account access to CloudThrottle.
    • This involves providing the Jump Account with permissions to access the ECR Repo in CloudThrottle (Contact the CloudThrottle Team for assistance).
  2. Permissions for Resource Management in Child Accounts
    • The Jump Account should have the necessary permissions to create, modify, delete, and update resources in member accounts through controlled cross-account access.
    • To achieve this, deploy the CloudFormation StackSet, which will create a CT7MemberExecutionRole in the existing child accounts of the organization.
    • Detailed instructions for this process can be found in the "Deploy CloudFormation StackSet to Create Member Execution Role" documentation.
  3. Actions Requiring Master Account Assumption
    • Creating New Accounts
      • Permission: organizations:CreateAccount
      • Purpose: To create new accounts under the tenant’s organization (CT7_Org).
    • Accessing AWS Organizations Information
      • Permissions:
        • organizations:ListAccounts
        • organizations:DescribeOrganization
        • organizations:ListOrganizationalUnitsForParent
      • Purpose: To retrieve details about the organization’s structure specifically under the Jump Account and its sub-organizational units, not the entire organization.
    • Scoped Budget Management and Cost Tracking
      • Permissions:
        • ce:GetCostAndUsage
        • budgets:ViewBudget, budgets:UpdateBudget
      • Scope: Limited to the Jump Account and its associated sub-organizational units, including any child accounts within these units.
      • Purpose: To track and manage budgets only within the accounts directly accessible by the Jump Account, ensuring budget observability within the specific structure required by CloudThrottle.

In this category

Cloud cost Modeler

Overview of CloudThrottle's Cloud Cost Modeler Framework

Read article
In this category

Cloud Cost Modeler's Default Reports

Standard Reports templates provided along with Cloud Cost Modeler implementation

Read article
Looking for assistance with this template or custom Webflow development? Kickstart Studio has you covered.
Visit website
Guides
AWS Budget Vs CloudThrottle Budget
Implementation overview
Important Concepts
FAQ
Acronyms
Getting Started
Categories
AWS Integration
General Setup
Cloud Cost Modeler
© 2023 CloudThrottle