Connection Wizard – CLI

Jul 29, 2024

Introduction

The Cloudsaver Connection Wizard’s CLI connector for AWS automates deployment of the Cloudsaver StackSet containing IAM cross-account roles and permission policies.

The connector uses an interactive bash or PowerShell script to rapidly deploy CloudFormation StackSets from your management account, first to the management account itself and then to any chosen member accounts.

To do this we’ll need to ensure two prerequisites are in place.

First, CloudFormation StackSets must be configured to operate with self-managed permissions from the management account and in the target member account.

Second, our local CLI must be configured with a profile that has credentials to access our AWS Organization’s management account.

To ensure StackSets can operate in self-managed permissions mode, we’ll need an adminstrative role the CloudFormation service can assume within our management account and an execution role the service can assume in each target member account.

Additional details on StackSets self-managed permissions, as well as guidance for setup, can be found within the AWS documentation.

To use the AWS CLI locally, we’ll need to first install the CLI for our operating system. . .
. . . then configure our CLI profile or access.

Additional details and setup guidance can be found within the AWS documentation.

For this tutorial, we’ll be in bash, using the AWS CLI installed on Windows Subsystem for Linux.

To verify our local profile credentials are configured for the management account, we’ll run two short commands. Even though we’re using bash, the commands for the AWS CLI itself are the same on any shell.

Getting Started

First, run a command for “organizations” with a “describe organization” sub-command. Then, run a command for “sts” with a “get caller identity” sub-command.

The results of “describe organization” identifies our Organization’s management account with the “MasterAccountID”. Here we see an account number ending in “1411”.

The results of “get caller identity” shows the account our CLI profile is currently configured to access. We ensure that matches our Organization management — or master account — ID which ends in “1411”.

Now that we’ve verified our pre-requisites, we’ll log into the Cloudsaver platform and begin the connection.

Open the Cloudsaver platform Connection Wizard with “”Get started”” from the Dashboard.

Choose “Connect AWS Account”.

We verified our credentials and management account already, so we’ll click “Next” on the first screen.

From our Connection Method screen, we’ll click “Select CLI”.

On the third screen, we see tabs for Windows or Linux operating systems, using PowerShell or bash respectively. Since we’re using Windows Subsystem for Linux, we’ll click “Linux” and copy the command.

The command includes a temporary authentication token and allows you to download a unique script which securely links the Cloudsaver platform and your AWS accounts.

Back in bash, we’ll paste and execute the command.

The Cloudsaver banner appears and the script first detects AWS accounts for which we have a profile configured.

The script has detected our management account, we’ll enter “Y” to connect it and wait for the process to execute.

After each successful deployment, a connection notification is sent to the Cloudsaver platform to update our connected accounts.

After connecting to our management accound, the script is now asking us which member accounts to connect. We have two member accounts.

Entering “1” lets us connect all accounts.

“2” would let us individually select accounts from a list.

And entering “3” lets us choose specific accounts by entering their 10-digit IDs.

We’ll choose “1” and connect both of our member accounts.

After connecting our member accounts, we’ve returned to an account selection option. Here we could select additional management accounts if we had them, but we’ve already connected our management account ending in “1411”. We’ll press enter to exit and go back to the Cloudsaver platform.

We can see the Connection Successful indicator update to successful.

In this article

Introduction
Getting Started

FEATURE	BENEFIT
Tag Automation & Batch Tag Processing	Employ powerful automation to quickly and accurately tag cloud resources minimizing manual tasks and saving valuable time and effort. Reduce security vulnerabilities and human errors with accurate and swift tagging.
Real-time, Native Cloud Sync	Tag changes are reflected in real-time in native cloud service provider environments. Data is timely and accurate and can be leveraged with additional CloudSaver and third-party tools.
Tag Explorer Query Engine	Utilize our patented filtering and search technology for rapid and efficient location of client data across resources, zones, accounts, and service providers. This capability drastically reduces mean-time-to-resolution by quickly identifying key cloud data. Its deep dive, robust exploration enables you to “find anything.”
Tag Intelligence Dashboards & Tools	Benefit from a guided tag health experience that automatically delivers valuable insights without the need for customized reports or dashboards. These insights cover both your entire tag environment and also specific categories.
Customizable Dashboards	Create customized dashboards to display data according to your specific needs, offering real-time visibility into cloud resources, tags and spend. Obtain timely, accurate, and relevant data for insightful analysis and to identify tagging gaps.
Efficient Tag Remediation	Benefit from suggested, spell-checked tag keys and values – detect and batch merge tag variations.
Legacy Tagging Solutions	Retroactively tag or modify tags on existing legacy resources during cloud migration, either individually or in bulk and eliminate time-consuming manual efforts for smooth integration into your cloud environment.
Multi-Tenant & Multi-Cloud	Manage every cloud data set from a single screen across resources, zones, accounts, and cloud service providers (AWS and Azure).
Tag Policy Compliance Monitoring	Ingest tag policies from native cloud environments to ensure consistent tag syntax and taxonomy.
User Role & Permission Console	Enhance security with Identity and Access Management features contained in the permissions assigned through tagging.
Configuration Management Database (CMDB) Integration	The CloudSaver platform seamlessly incorporates CMDB data related to known cloud infrastructure, offering precise control, efficient tagging, and enhanced visibility by viewing, filtering, and sorting cloud resources based on CMDB data.