Accounts can be added to the Cloud Conformity platform in two ways
- Add account via UI
- Add account via API
Add account via UI
There are two ways you can add an account
Automated mode - These are accounts created using AWS Cloudformation. The Cloud Conformity Cloudformation template includes the Cloud Conformity custom policies - Part 1 and 2 and on creation of the Cloudformation stack, an IAM role is created. This role in turn gives cross account access so that Cloud Conformity can access your account.
- We recommend using Automated mode as it is easier from a user experience perspective.
- We recommend that the Cloudformation stack be launched in North Virginia, us-east 1. Although, you can launch the stack in any region but since the resources inside the template are AWS IAM resources, they will be created in North Virginia so there is no advantage in launching the stack in another region. Furthermore, if the stack is in another region, Cloud Conformity account access settings will not show the account as managed by CloudFormation.
Manual mode - In this type of account, you will need to manually create the IAM role which grants cross account access so that Cloud Conformity can access your account. You will also need to create the Cloud Conformity policies and attach it to the IAM role.
Steps to add an account via UI
- Click Add an account button on the accounts navigation of the Cloud Conformity Dashboard
- Enter Account name and Environment
- Depending on your preference, choose your authentication type as Automated setup or Manual setup
- Follow instructions on the next window
- Automated mode
- Manual mode
- Select the add-ons for your account. Currently, we provide the following options:
Communication post account addition
- When an account is set up, a default Email communication channel is created with triggers - Extreme and Very High risk failures and the organization administrator who created the account is notified in case of failures.
- Once an account is added, the conformity bot scans the user’s account and all failures which match the communication setting created, is notified on the Email of the organization administrator who created the account.
How many accounts can I add to one organisation and how will I be charged?
Customers with Cloud Conformity Subscription: There is no limit to the number of accounts you can add to an organisation. If you add more accounts than your Enterprise Agreement, you will be charged per additional account or as per the growth model in your contract.
Customers with AWS Marketplace Subscription: Once you hit your maximum accounts threshold as per your contract, you are not able to add cloud accounts to your organisation anymore. Please get in touch with your Sales representative or Account Manager to review your account threshold.