Guides
Getting Started
Important Concepts
Implementation overview
AWS Budget Vs CloudThrottle Budget
CloudThrottle Budget Concepts
How Containers Are Structured in AWS and Beyond
Partnering for Resilience
Acronyms
FAQ
Categories
AWS Integration
CloudThrottle Integration - Prerequisites
CloudThrottle Actions and Permissions Requirements
CloudThrottle Integrating: A Step-by-Step Guide
General Setup
Global Settings
Cloud Cost Modeler
Cloud cost Modeler
Cloud Cost Modeler's Default Reports
Knowledge Center
AWS Integration
CloudThrottle Integrating: A Step-by-Step Guide

CloudThrottle Integrating: A Step-by-Step Guide

This guide provides a structured approach for tenants to seamlessly integrate their AWS infrastructure with the CloudThrottle SaaS platform. Covering everything from setting up organization structures to configuring roles and permissions, this guide helps organizations enable comprehensive resource management and budget monitoring with CloudThrottle.

CloudThrottle Integration Guide for Tenant Setup:

Purpose: This document provides essential steps for tenants to configure their AWS infrastructure to integrate with the CloudThrottle SaaS platform for seamless resource management and budget monitoring.

Please contact CloudThrottle Support for detailed instructions, role and permission list, and CloudFormation script required for StackSet creation.



Definitions and Prerequisites:

  1. Tenant: Your Cloud Service Provider’s account structure, including your Payer Account and any Child Accounts. This encompasses all accounts within your cloud infrastructure.
  2. Jump Account: Create or designate a dedicated account within your cloud infrastructure that will serve as a secure bridge between your environment and the CloudThrottle SaaS Account.
  3. CloudThrottle SaaS Account: The CloudThrottle account where the application resides, facilitating communication with your cloud infrastructure.
  4. Child Accounts: Any sub-accounts (e.g., Dev, Prod, Sandbox) within your organization that CloudThrottle will manage.
  5. Note: CT7 is the alias for CloudThrottle used in account, role, or permission prefixes. For security purposes, the following account IDs are provided as placeholders; please contact CloudThrottle support for the exact CloudThrottle SaaS Account ID.
  6. Assumptions: For security purposes, the following account IDs are provided as placeholders
    • Tenant Root/Master Account ID: 555555555
    • Jump Account: 222222222
    • CloudThrottle SaaS Account: 777777777

1. Confirm or Set Up the Organization Structure

  • If the tenant already has an AWS Organization, ensure it includes all relevant accounts that CloudThrottle will manage.
  • Optional: Create clearly identifiable sub-organizations within the AWS Organization, such as Dev, Prod, Test, etc., to represent different environments or organizational needs.
  • Use standard naming conventions for organizational units (OUs) to maintain a clear and manageable structure. For example:
    • Dev – Development environment
    • Prod – Production environment
    • Test – Testing environment
  • Note: This structure allows CloudThrottle to target specific accounts within each environment for resource management, monitoring, and budget control.

2. Configure Roles for CloudThrottle Access

A. Create CloudThrottle Jump Account (CT7_Jump)

  • Purpose: This account will act as a secure access point or "jump account" for CloudThrottle to access tenant resources without managing resources directly.
  • Steps:
    1. In the existing AWS Organization, create or designate a management account specifically for the integration with CloudThrottle (Jump Account, Account ID: 222222222).
    2. This account will not hold active resources but will maintain a cross-account role that CloudThrottle will assume.

B. Set Up Cross-Account Role for CloudThrottle Access

  • Role Setup:
    • Create a role named ct7-cross-account-role in the Jump Account. This role will have a trust policy to allow only the CloudThrottle SaaS Account to assume this role.
    • Trust Policy: Ensure that the trust relationship specifies only the CloudThrottle SaaS Account ID (777777777).

3. Enable StackSet for Role Creation in Child Accounts

  • Purpose: To automatically create and manage roles within new or existing child accounts in the tenant’s AWS Organization. If you need help, please contact the CloudThrottle Support team.
  • Steps:
    1. In the Tenant Root/Master Account, create a CloudFormation StackSet (template provided by CloudThrottle upon request).
    2. Configure the StackSet to create a CT7MemberExecutionRole automatically in each child account as they are added to the organization.
    3. The CT7MemberExecutionRole allows CloudThrottle to manage resources like EC2, RDS, and ECS for designated accounts.

4. Create Organizational Roles in the Master Account

  • CT7OrganizationsRole:
    • Role Purpose: This role enables CloudThrottle to interact with AWS Organizations for account and budget management.
    • Steps:
      1. In the Tenant Root/Master Account, create the role CT7OrganizationsRole.
      2. Attach a trust policy that allows the Jump Account to assume this role.
      3. Important: This role is only for use by CloudThrottle and should be limited to organizational and budget access.

5. Configure Resource Access for Child Accounts

  • Role Assignment in Child Accounts:
    • Ensure that child accounts inherit the CT7MemberExecutionRole created by the StackSet.
    • This role will allow CloudThrottle to manage only the required resources (e.g., EC2, RDS) within each account, maintaining tenant control over their infrastructure.

6. Testing and Verification

  • CloudThrottle Access Verification:
    • CloudThrottle will provide instructions to verify the connection and access permissions without exposing tenant data.
  • Troubleshooting:
    • In case of issues, CloudThrottle support will assist in troubleshooting, ensuring secure interaction and adherence to tenant security policies.
In this category

Cloud cost Modeler

Overview of CloudThrottle's Cloud Cost Modeler Framework

Read article
In this category

Cloud Cost Modeler's Default Reports

Standard Reports templates provided along with Cloud Cost Modeler implementation

Read article
Looking for assistance with this template or custom Webflow development? Kickstart Studio has you covered.
Visit website
Guides
How Containers Are Structured in AWS and Beyond
CloudThrottle Budget Concepts
Partnering for Resilience
AWS Budget Vs CloudThrottle Budget
Implementation overview
Important Concepts
FAQ
Acronyms
Getting Started
Categories
AWS Integration
General Setup
Cloud Cost Modeler
© 2023 CloudThrottle