Auto Setup

This section explains how an Admin can onboard AWS accounts into CloudCADI using the Auto Setup flow.

Step 1 - Navigate to Onboarding Section

1. Log in to CloudCADI using an Admin account.

   

2. From the left navigation menu, click Onboarding.

3. You will be redirected to the Data Source List page.

   

Step 2 - Add a New Data Source

1. Click on the Add Data Source button at the top of the page.
2. From the list of cloud providers, select AWS.

Step 3 - Choose AWS Onboarding Type

1. On the Connect AWS Accounts screen, select one of the following options:

2. Auto Setup – Fast onboarding via Organizations. (recommended)

3. Manual Setup – Step by step user controlled setup.

   Auto Setup Requirement

   Auto Setup is supported only if the CloudCADI deployed account is:

   • The AWS Organizations management account, or
   • A member account configured as a delegated administrator.

4. Proceed using Auto Setup.

   

Step 4 - Grant Permissions and Define Cost Export Path

1. Download the CloudFormation stack template.

   

2. Deploy the stack by following the onboarding guide. This will create a role with the required permissions, including:

   • Organization-level read access
   • CloudFormation StackSet read and execute access

   Deployment Requirement

   Ensure the CloudFormation stack is created:

   • In the same AWS account where CloudCADI is deployed.
   • In the same region as the CloudCADI deployment.

3. Open the AWS CloudFormation Console.

4. Under Prepare template, select Choose an existing template.

5. Under Template source, select Upload a template file.

6. Upload the downloaded CloudFormation template file and click next.

   

7. Under specify stack details. Enter stack name.

8. For DeployedAccountType, select SELF if the CloudCADI deployed account is the AWS Organizations management account. Select DELEGATED_ADMIN if it is a member account configured as a delegated administrator.

   Enable Delegated Administrator

   Follow these steps to enable a delegated administrator in AWS Organizations:

   1. Sign in to the AWS Management Account and open AWS Organizations → Services.

   2. Find AWS CloudFormation StackSets and click Enable trusted access.

   3. Click Navigate to Console.

      

   4. Under Delegated Administrators, click Register delegated administrator.

      

   5. A popup will appear. Enter the Delegated Administrator Account ID and click Register Delegated Administrator.

   6. The member account can now perform the required actions.

      

9. Click Next.

   

10. Under Configure stack options, scroll to the bottom, acknowledge the required capabilities by selecting the checkbox, and click Next.

    

11. Under Review and create, scroll down, verify all configuration details, and click Create stack.

    One-Time Setup

    • This CloudFormation stack deployment is a one-time setup.
    • CloudCADI automatically creates the required cross-account roles using StackSets when you select accounts from the UI.

12. Enter the management account cost export path in the required format:
    <bucket-name>/<prefix>/<export-name>

    Important

    • The provided bucket must belong to the Management Account. If not, cost data will not be available for other accounts.

    • If you are using a cross-account bucket (for example, when the deployed account is a member account), ensure that the appropriate bucket policy is configured to allow access.

13. Refer to the AWS Cost & Usage Data Export (FOCUS) for detailed steps.

14. Click Next. The cost export path and required permissions are validated, and the accounts are fetched and displayed in the UI.

    

Step 5 - Select AWS Accounts

1. CloudCADI displays the list of AWS Accounts discovered under the organization.

2. Select the AWS Account you want to onboard.

   

3. After selecting the Account, click Done.

Step 6 - Onboarding Process Initiation

After confirmation:

1. The onboarding process typically takes 10–15 minutes to complete.

2. A popup message appears indicating that AWS onboarding has started.

   

3. You will be redirected to the Data Sources list page.

4. You will be notified once the accounts are onboarded.

   

Step 7 - Verify Data Source Creation

1. Navigate back to Data Source List tab.
2. Confirm that the AWS Accounts appears in the list.

3. Ensure the provider is shown as AWS with the configured Account name.

4. After successful onboarding, AWS cost and usage data becomes available across CloudCADI dashboards.

Update S3 Bucket Policy

1. In the AWS Console, navigate to the S3 bucket configured for cost export path.

   

2. Go to the Permissions tab and click Edit.

   

3. Add the following statement to the existing bucket policy and click Save changes.

   {
     "Effect": "Allow",
     "Principal": {
       "AWS": "<ROLE_ARN>"
     },
     "Action": [
       "s3:GetObject",
       "s3:ListBucket"
     ],
     "Resource": [
       "arn:aws:s3:::<BUCKET_NAME>",
       "arn:aws:s3:::<BUCKET_NAME>/*"
     ]
   }
   

Tip

• Replace <ROLE_ARN> with the Role ARN obtained during stack creation.
• Replace <BUCKET_NAME> with your S3 bucket name.

Warning

Do not remove existing statements in the bucket policy. Only add the above statement.