Configure Commitment Management
If you'd prefer to walk through configuring Commitment Management (CM) with nOps, please contact your nOps Sales representative.
If you'd prefer to configure on your own, please follow the steps outlined below.
Prerequisites
- Access to the management account of the AWS Organization
- Ability to create and access a new email account or address (using an alias will work)
Create an email address
In order to enroll in Commitment Management, you will need to create one email address for this purpose under the company domain, such as nops-cm@company.com. If your email service uses aliasing, that will work too. We recommend yourname+cm@company.com in that situation.
Follow your internal process to get access to your nops-cm@ email account.
Add a new AWS account to the AWS Organization
Login to your AWS management/payer account and follow the steps.
-
Navigate to the AWS Organization page.
-
Click on Add an AWS account
-
Add account information (we recommend Company nOps CM for the name) using the new email address and click Create AWS account
Configure the Payer roles
While the account creation processes, we will create the necessary AWS resources to successfully finish the Commitment Management configuration. We have the option to deploy these resources using either Terraform or Cloudformation. Please refer to each section for additional details on how to deploy with each tool.
On nOps platform, redirect to commitment management page in Compute Copilot module.
User can see Terraform and CloudFormation method. Lets use terraform method.
Terraform
We have our own Terraform module for Commitment Management on the Terraform public registry that can be used to finish this configuration, follow the steps below to deploy it on your accounts.
Features
- Creation of an S3 bucket and CUR report
- Creation IAM roles with the necessary permissions required by the nOps platform
- Automatic detection of payer and child accounts for correct creation of only necessary resources
Prerequisites
- Terraform v1.2+
- AWS CLI configured with appropriate permissions
Usage
Onboarding Payer account
The below example shows how to add the management (root) AWS account integration:
The CUR report name and bucket name are only required to deploy the module to the Payer account.
- Being authenticated on the Payer account of the AWS organization, add the following code:
provider "aws" {
alias = "root"
}
module cm_onboarding {
providers = {
aws = aws.root
}
source = "nops-io/nops-commitment-management/aws"
# Make sure the bucket name is unique globally, this is a requisite by AWS
cur_bucket_name = "company-cm"
# CUR report display name
cur_report_name = "company-cm"
}
- Initialize Terraform:
terraform init
- Plan and apply the Terraform configuration:
terraform plan -out=plan
terraform apply plan
By now, you should receive confirmation the new account has been created.
Create a Password for the new AWS account
- Open aws.amazon.com.
- Log in as a root user email.
- Enter your nops-cm@company.com (or yourname+cm@company.com) email.
- Click Next.
- Click the Forgot password? link.
- Reset your password.
Onboarding child account
Onboarding child accounts is performed using the same module, it already contains the logic to react when its being applied on any account that is not root. Make sure you're logged in to the new child account and follow the same deployment steps as with the Payer account.
provider "aws" {
alias = "child"
}
module cm_onboarding {
providers = {
aws = aws.child
}
source = "nops-io/nops-commitment-management/aws"
# No variables are required to deploy this module on child accounts
}
CloudFormation
As mentioned in the step 1 , click on Run CloudFormation Stack you will be redirected to the AWS console to run the stack.
We supply a ready to be used CloudFormation template.
You will need to enter 2 variables in stack template.
Report name | Bucket |
---|---|
company-cm | company-cm |
Run it on your payer account to create the CUR report, IAM roles and S3 bucket we will use to gather data.
https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?stackName=nops-sharesave-setup&templateURL=https://s3-external-1.amazonaws.com/cf-templates-1o8svzqapyba5-us-east-1/2022095DAy-nops-sharesave-setup4moad088den
By now, you should receive confirmation the new account has been created.
Create a Password for the new AWS account
- Open aws.amazon.com.
- Log in as a root user email.
- Enter your nops-cm@company.com (or yourname+cm@company.com) email.
- Click Next.
- Click the Forgot password? link.
- Reset your password.
Configure the new linked account
After logging into the linked account, Click on the Run CloudFormation Stack from step 3 or run the following CloudFormation stack
https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?stackName=nops-sharesave-roles&templateURL=https://s3-external-1.amazonaws.com/cf-templates-1o8svzqapyba5-us-east-1/2023353p12-nops_sharesavev2qp14lq7vf3
When this has completed and the stacks have run successfully, please submit nOps with the following information:
- Payer account number
- CM linked account number
- CM bucket name
And we can complete the configuration process on a short call.