Overview
By default, Cloudfix does not scan your Management Account. This article describes how to create a CloudFormation stack in your management account that will allow CloudFix to scan resources in that account.
Prerequisites
Before you begin, ensure that you have access to the AWS management account and access to CloudFormation stacks.
Solution
- Log in to your AWS management account.
- Navigate to the CloudFormation service and select the "Stacks" option.
- In the "Existing Stacks" section, locate the "CloudFix" stack and make note of the values for the "ExternalId" and "TenantId" parameters. These values will be used in the next step.
- Click on the "Create stack" button located at the top-right corner.
- In the "Specify template" section, choose the "With new resources" option.
- In the "Template URL" field, enter the following URL: https://cloudfix-templates.s3.amazonaws.com/cloudfix-resource-account-roles.yaml
- In the "Parameters" section, enter the following parameters:
- Name: cloudfix-resource-account-roles
- CloudFix account: 061081614506
- CloudFixSnsTopicName: cloudfix-stack-prod-cloudfixiamrolesprodBB1500ED-6MARQETT6Q9M
- ExternalId: [copy this from the main onboarding stack]
- TenantId: [copy this from the main onboarding stack]
- ManagementAccountId: [typically the account number of the account that you are in]
- Version: 3.0.xx [copy this from the existing child stacks]
- ResourceSuffix: (leave empty)
- In the "Tags" section, add the following tags:
- Key: cloudfix:fixerId, Value: CloudFix Infrastructure
- Key: cloudfix:originalResourceId, Value: Role Stack
- Key: cloudfix:executionDate, Value: 2023-05-06 (change to today's date)
- Click "Next" and review the stack settings.
- Click "Create stack" to deploy the CloudFix resource account roles stack.
You have now successfully created the CloudFix resource account in the management account. This stack will allow CloudFix to scan the account for new cost savings.