Automatic Onboarding of AWS accounts
This topic explains how to perform automatic onboarding of AWS accounts to Prevasio. The onboarding process is performed using the AWS onboarding wizard that you access from the Prevasio interface.
The onboarding wizard is user-friendly and self-explanatory. This section aims to offer additional details you might require.
For additional security information, see Permissions required by Prevasio to scan your AWS accounts.
Before you start
Make sure you are logged on to AWS Console with administrative permissions to deploy a CloudFormation stack and preferably permissions to read the AWS Organization service and the Organization accounts hierarchies. For further details, see Permissions required by Prevasio to scan your AWS accounts.
Required permissions
Your AWS account requires permissions to allow you to create CloudFormation and IAM resources.
(Optional) If you plan to onboard multiple AWS accounts and you want to display AWS Account Names in the Prevasio Dashboard, it's necessary to establish a role within your management account that grants us permission to execute the describe-account command.
For further details, see in AWS documentation .
Access the AWS Onboarding Wizard
To open the AWS onboarding wizard:
-
Login to Prevasio management console.
-
Select Onboarding > from the Prevasio left panel.
-
Follow the steps as explained in the wizard.
Two methods to onboard AWS accounts
You can select from two methods to onboard AWS accounts to Prevasio:
-
Onboarding multiple accounts
Note: Throughout the onboarding process, it is required to be logged into an AWS account that has access permissions to read through your company AWS Organization Management Service Account in order to automatically detect and onboard all the company accounts and organization(s) or organizational units (OUs). To learn more about the AWS Organizations terminology and concepts, see AWS Organizations terminology and concepts .
Refer to the Required permissions, if you want to see Account Names (in addition to Account ID) in the Prevasio Dashboard.
-
Onboarding a single account (used typically for Proof of Concepts and trials or if the customer prefers to avoid using an AWS Administrative account that has the required permissions for the company AWS Organization. In such a case, your admin will need to onboard each account individually as described in the wizard).
While the onboarding process varies between the two methods, both will lead to the same outcome. However, onboading using the single account method is much more time-consuming, especially with a large number of AWS accounts to be onboarded.