Skip to main content

Configure Commitment Management

If you'd prefer to walk through configuring Commitment Management (CM) with nOps, please contact your nOps Sales representative.

If you'd prefer to configure on your own, please follow the steps outlined below.

Prerequisites

  1. Access to the management account of the AWS Organization
  2. Ability to create and access a new email account or address (using an alias will work)

Create an email address

In order to enroll in Commitment Management, you will need to create one email address for this purpose under the company domain, such as nops-cm@company.com. If your email service uses aliasing, that will work too. We recommend yourname+cm@company.com in that situation.

Follow your internal process to get access to your nops-cm@ email account.

Add a new AWS account to the AWS Organization

Login to your AWS management/payer account and follow the steps.

  1. Navigate to the AWS Organization page.

  2. Click on Add an AWS account

  3. Add account information (we recommend Company nOps CM for the name) using the new email address and click Create AWS account

Configure the Payer roles

While the account creation processes, we will create the necessary AWS resources to successfully finish the Commitment Management configuration. We have the option to deploy these resources using either Terraform or Cloudformation. Please refer to each section for additional details on how to deploy with each tool.

On nOps platform, redirect to commitment management page in Compute Copilot module.

User can see Terraform and CloudFormation method. Lets use terraform method.

Terraform

We have our own Terraform module for Commitment Management on the Terraform public registry that can be used to finish this configuration, follow the steps below to deploy it on your accounts.

Features

  • Creation of an S3 bucket and CUR report
  • Creation IAM roles with the necessary permissions required by the nOps platform
  • Automatic detection of payer and child accounts for correct creation of only necessary resources

Prerequisites

  • Terraform v1.2+
  • AWS CLI configured with appropriate permissions

Usage

Onboarding Payer account

The below example shows how to add the management (root) AWS account integration:

The CUR report name and bucket name are only required to deploy the module to the Payer account.

  1. Being authenticated on the Payer account of the AWS organization, add the following code:
provider "aws" {
alias = "root"
}

module cm_onboarding {
providers = {
aws = aws.root
}
source = "nops-io/nops-commitment-management/aws"
# Make sure the bucket name is unique globally, this is a requisite by AWS
cur_bucket_name = "company-cm"
# CUR report display name
cur_report_name = "company-cm"
}
  1. Initialize Terraform:
terraform init
  1. Plan and apply the Terraform configuration:
terraform plan -out=plan

terraform apply plan

By now, you should receive confirmation the new account has been created.

Create a Password for the new AWS account

  1. Open aws.amazon.com.
  2. Log in as a root user email.
    1. Enter your nops-cm@company.com (or yourname+cm@company.com) email.
    2. Click Next.
    3. Click the Forgot password? link.
  3. Reset your password.

Onboarding child account

Onboarding child accounts is performed using the same module, it already contains the logic to react when its being applied on any account that is not root. Make sure you're logged in to the new child account and follow the same deployment steps as with the Payer account.

provider "aws" {
alias = "child"
}

module cm_onboarding {
providers = {
aws = aws.child
}
source = "nops-io/nops-commitment-management/aws"
# No variables are required to deploy this module on child accounts
}

CloudFormation

As mentioned in the step 1 , click on Run CloudFormation Stack you will be redirected to the AWS console to run the stack.

We supply a ready to be used CloudFormation template.

You will need to enter 2 variables in stack template.

Report nameBucket
company-cmcompany-cm

Run it on your payer account to create the CUR report, IAM roles and S3 bucket we will use to gather data.

https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?stackName=nops-sharesave-setup&templateURL=https://s3-external-1.amazonaws.com/cf-templates-1o8svzqapyba5-us-east-1/2022095DAy-nops-sharesave-setup4moad088den

By now, you should receive confirmation the new account has been created.

Create a Password for the new AWS account

  1. Open aws.amazon.com.
  2. Log in as a root user email.
    1. Enter your nops-cm@company.com (or yourname+cm@company.com) email.
    2. Click Next.
    3. Click the Forgot password? link.
  3. Reset your password.

Configure the new linked account

After logging into the linked account, Click on the Run CloudFormation Stack from step 3 or run the following CloudFormation stack

https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?stackName=nops-sharesave-roles&templateURL=https://s3-external-1.amazonaws.com/cf-templates-1o8svzqapyba5-us-east-1/2023353p12-nops_sharesavev2qp14lq7vf3

When this has completed and the stacks have run successfully, please submit nOps with the following information:

  • Payer account number
  • CM linked account number
  • CM bucket name

And we can complete the configuration process on a short call.