Connecting Accounts with AWS CloudFormation

Introduction

This guide explains how to connect your complete AWS Organization to Cloudsaver using AWS CloudFormation StackSets. It covers different deployment methods, prerequisites, and configurations needed.

Logging into AWS Organization's Management Account

• Verify accounts belong to an AWS Organization
• Log in using the management account (identifiable by its 12-digit ID)
• Contact administrators if you lack credentials

Downloading the CloudFormation Template

1. Access the Connection Wizard through the Cloudsaver dashboard
2. Select CloudFormation as the connection method
3. Enter your AWS management account ID
4. Download the dynamically-generated YAML template containing a unique STS external ID

Two Deployment Options

Service Managed StackSets (SMSS)

Requires enabling all AWS Organizations features and activating trusted access. The process includes:

• Creating a stack on the management account first
• Deploying a service-managed StackSet to member accounts
• Naming format: CloudSaver-<AccountID>

Self-Service StackSets (SSSS)

Requires pre-establishing IAM roles between management and member accounts:

• AWSCloudFormationStackSetAdministrationRole in the management account
• AWSCloudFormationStackSetExecutionRole in each member account

Deployment Process

Both methods involve the following steps:

1. Upload the YAML file to CloudFormation
2. Configure deployment options
3. Specify target regions
4. Acknowledge CloudFormation's IAM resource creation permissions