Onboarding AWS Accounts to nOps with Terraform
nOps requires safe, secure, and AWS-approved access to your AWS accounts in order to give you the analysis, dashboards, and reports that you need. We only see what you want us to see in order to provide our services and we need you to give us permission first.
Prerequisites
-
Admin role permissions in AWS in order to add the AWS Payer and/or linked accounts to nOps using Terraform.
-
Access to the nOps public Github repository nOps Cloud Account Registration.
-
And API key generated from the nOps platform.
nOps Onboarding
When you log in to your nOps account for the first time, a pop-up screen will appear. This pop-up screen will guide you on how you can add your AWS account(s) to nOps:
- Select the IaaC Multiple Accounts Setup option and click Next.
-
This section informs you of the prerequisites needed to complete the process. To generate an API key, click Proceed to Create API Key.
-
In the Generate new API key section
Enter:
-
An API key name
-
API Key description
-
- After you add all the information, click Generate.
At this point, it’s time to move to Terraform to finish the process.
Terraform for AWS Linked Accounts
nOps AWS Integration Terraform Module
Description
https://github.com/nops-io/nops-integration/tree/main/platform/aws_setup_terraform#description
This Terraform module automates the process of integrating your AWS account(s) with nOps, a cloud management and optimization platform. It streamlines the setup of necessary AWS resources and permissions, enhancing the onboarding experience for nOps users.
Features
https://github.com/nops-io/nops-integration/tree/main/platform/aws_setup_terraform#features
- Automatic detection of existing nOps projects for the AWS accounts
- Creation of new nOps projects if none exist
- Handling of payer and linked AWS accounts
- Automatic setup of IAM roles and policies for nOps integration
- S3 bucket creation and configuration for payer accounts
- Integration with nOps API for secure token exchange
Prerequisites
https://github.com/nops-io/nops-integration/tree/main/platform/aws_setup_terraform#prerequisites
- Terraform v0.13+
- AWS CLI configured with appropriate permissions
- nOps API key
Usage
https://github.com/nops-io/nops-integration/tree/main/platform/aws_setup_terraform#usage
-
Clone this repository:
-
Create a
terraform.tfvars
file with your specific variables:aws_region = "us-west-2" api_key = "your-nops-api-key" system_bucket_id = "your-system-bucket-id"
-
Initialize Terraform:
terraform init
-
Plan and apply the Terraform configuration:
terraform apply
-
If you want to allow the role to be reconfigured:
terraform apply -var="reconfigure=true"
After your Terraform apply has finished, your accounts should list within the nOps platform.
Troubleshooting
- If you run this with an existing role, you may see an error like:
At which point you can run the command with the reconfigure variable set to true.
-
You can import the role to terraform state by running the following command
terraform import aws_iam_role.nops_integration_role NopsIntegrationRole-xxxxx