nOps requires safe, secure, and AWS-approved access to your AWS accounts in order to give you the analysis, dashboards, and reports that you need. We only see what you want us to see in order to provide our services, no more, and we need you to give us permission first.

In order to credential and register multiple accounts, we leverage AWS Organizations, CloudFormation, StackSets, and Lambda.

Prerequisites

  • You must have Admin role permissions in AWS before you can add multiple AWS accounts to nOps using Terraform.

  • Access to the nOps public Github repository nOps Cloud Account Registration.

Once you’ve taken care of the prerequisites, the next steps are simple and straightforward.

Adding Multiple AWS Accounts (Terraform)

When you log in to your nOps account for the first time, a pop-up screen will appear. This pop-up screen will guide you on how you can add your AWS account(s) to nOps. The screen consists of four distinct sections:

  1. Select Cloud Type

  2. Getting Started

  3. Link Cloud Accounts

  4. Fetching

After the Link Cloud Accounts section, in the case of Adding Multiple AWS Accounts (Terraform), you need to perform these extra steps on the AWS console:

  1. Enable Stacksets in AWS Organizations and AWS CloudFormation.

  2. Use nOps Cloud Account Registration public GitHub repository to complete the onboarding process.

Select Cloud Type

In this first section Select Cloud Type, the first page is the Buy on AWS Marketplace page. This page will provide you with the details of what and how nOps charges its customers. You can subscribe to nOps in the AWS marketplace by clicking Subscribe to AWS Marketplace:

To skip the subscription right now, click I’ll do it later. If you skip, nOps will ask you to subscribe at the end of the setup process.

When you click Subscribe to AWS Marketplace, you will be redirected to nOps Cloud Management Platform page in the AWS Marketplace.

After you subscribe, the next page in this section is Cloud Account Type. On this page, select the type of the cloud account that you want to onboard and click Next:

In the scope of this article, we are going to deal with the AWS Account setup process.

Getting Started

In this section, you need to select the account setup method. In the scope of this article, we will deal with the IaaC Multiple Accounts Setup. Select the IaaC Multiple Accounts Setup option and click Next:

Link Cloud Accounts

The first page in the Link Cloud Accounts section informs you of the prerequisites. If you are adding multiple accounts after you’ve already been onboarded, go to Create an API key to learn how you can get the API key.

If this is your first time onboarding accounts in nOps, click Proceed to Create API Key:

On the second page in the Link Cloud Accounts section, enter:

  • An API key name

  • API Key description

  • Signature verification (optional)

After you add all the information, click Create API Key:

Once you click Create API Key nOps will generate an API key for you. Copy and save the API key for future use, and click Next:

When you click next, nOps will start checking for its connectivity with your AWS accounts. In order for nOps to establish a connection with your accounts and start the data ingestion, you need to:

  • Go to your AWS console to Enable Stacksets. See the next section for more details.

  • Go to the nOps Cloud Account Registration Github repo and follow the instructions in Terraform Multi Account Registration via Stackset section.

Once you complete these two steps, come back to the nOps setup, you will see the following screen. Click Refresh.

Enable Stacksets

To enable CloudFormation StackSets in AWS Organizations, go to AWS Organizations > Services. If you see Access disabled against CloudFormation StackSets, enable it.

Once enabled, against CloudFormation StackSets, you should see Access enabled:

To enable StackSets in AWS CloudFormation, go to CloudFormation > StackSets. If there is no prompt to enable StackSets, then skip this step.

If you see an option to enable the StackSets, then enable it:

Terraform Multi Account Registration via Stackset

Before you continue the onboarding process using Terraform code, make sure that you have:

  • nOps API Key

  • IDs of Organization Units you want to onboard.

  • Organization Root ID.

  • Master Payer Account ID.

To view the details about your organization including Organization Unit IDs, Root ID, and Master Payer Account ID, see Details About Your Organization.

nOps Terraform code is available in a public GitHub repository nOps Cloud Account Registration. You need to:

  1. Clone this repository —

  2. Navigate to `nops-cloud-account-registration/nops-aws-account-register/terraform-multi-acc-register-via-stacksets/examples/complete/`.

  3. Update the values in `example-vars.auto.tfvars` file to match the values of your organization —

  4. Install Terraform version 0.15.1.

  5. Inside the `nops-cloud-account-registration/tree/main/nops-aws-account-register/terraform-multi-acc-register-via-stacksets` directory, run —

    1. terraform init

    2. terraform plan

    3. terraform apply

This will start the onboarding process. You can monitor the progress from the terminal where you ran the Terraform commands or you can also monitor the progress from the AWS CloudFormation console.

In the CloudFormation console, find the stack with the name member-consolidated-nops-account-register, open it and go to the Stack Instances tab:

After a few minutes (depending on the number of accounts) all stacks should be in state “CURRENT”.

Fetching

Once your AWS accounts are linked successfully, you will see the following screen:

It might take several hours for nOps to fetch the data from your AWS account.

Once nOps fetches all the data, if you didn’t subscribe to the nOps on the AWS Marketplace at the beginning of the setup, you will see the following screen with an estimate of how much saving you are missing out on based on the ingested data:

To subscribe click Subscribe to AWS Marketplace.

If you’ve already subscribed, congratulations! The setup process is now complete and you will see the following screen:

Note: It can take up to 24 hours before you start seeing the different nOps dashboards and compliance views populated with data from your workload.

If you have any questions, please contact us at help@nops.io, or by phone at +1 866-673-9330.

On initial ingestion, nOps will pull the data from AWS accounts based on the following durations:

  • Cost data: 6 months look back + current month.

  • Rules: Current date.

  • CloudTrail Events: 14 days look back.

Did this answer your question?