By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Streamlined SaaS onboarding for AWS Organizations

0

Does anyone know if there is a way to streamline customer onboarding at the AWS organization level? This AWS blog post provided an approach limited to single-account use cases. I want to automate the onboarding process for a SaaS application in AWS organizations so that the role created for the SaaS is at the organization level, allowing it to assume a role across selected child accounts. https://aws.amazon.com/blogs/apn/new-aws-cloudformation-stack-quick-create-links-further-simplify-customer-onboarding/

EDIT

So, my thoughts about a possible workflow is as follows:

  1. A Cloudformation template creates a role (super/org role, if you will) that can be assumed at the organization level. The role has the privilege to assume access to any child account.
  2. A process discovers all child accounts and asks the owner which accounts should be onboarded.
  3. The owner selects preferred accounts and onboarding proceeds.
  4. On-demand onboarding can be done for any other account using the already-created role.
Topics
Security, Identity, & ComplianceManagement & GovernanceSaaS on AWS
Tags
Security, Identity, & ComplianceAWS OrganizationsAWS Account ManagementSaaS on AWS
Language
English
Kennedy
asked 9 months ago336 views
1 Answer
0

Hi,

You should give a read to the other blog posts:

They go on a slightly different path than what you describe but what they suggest to remain "Well-Architected" is useful.

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content