Skip to main content

AWS onboarding

Customers having their own AWS Organizations (and willing to preserve them after signing a contract with DoiT) have a simple onboarding process that eliminates most of the hassle typically involved with the onboarding process.

Step 1 Readiness (by Customer)

After signing a contract with DoiT, your customer success manager will provide you with an onboarding process overview and guide you through the readiness phase. Here is what to expect:

  1. Identify the management AWS account in your AWS Org (normally referred to as Master Payer Account).

  2. Under the management account, create a new IAM user with Administrator policy. You'll be using this user to manage your organization post onboarding.

    You can skip this step if you already have an IAM user with full permissions.

  3. Change the root email address on the management account to the one provided by DoiT.

  4. Remove 2FA from the root account (no worries, we'll re-enable it in the next step).

  5. Notify your customer success manager about completing the steps above.

Step 2 Initial Onboarding (by DoiT AWS Ops team)

  1. Reset the root password on AWS MPA account.

  2. Re-enable 2FA on the root account.

  3. Create doitintl_cmp IAM role to facilitate access from DoiT Management Platform.

  4. Create AWSAdmin IAM role (used to access billing data under AWS Channel Reseller Program).

  5. Onboard the Org to SPP using AWS Channel Management dashboard.

Step 3 Account Configuration (by DoiT AWS Ops team)

  1. Replace the existing payment method with a DoiT payment method.

  2. Set tax profile to the country matching DoiT's billing profile.

  3. Complete the Org email verification process (necessary because the root email has changed).

  4. Enable Cost and Usage Reports (if not enabled already).

  5. Create a new S3 bucket (named as doitintl-awsops-{id}) to store the AWS Cost and Usage report.

  6. Set up a new Cost and Usage report (doitintl-awsops-{id})).


Should I expect anything to break during the process?

No, the process was designed to be disruption free.

Will the features dependent on AWS Organizations continue to function?

All AWS-organization features (e.g. AWS SSO, AWS Backup, AWS Firewall Manager, Resource Manager, etc) will continue to function in exactly the same way as before.

Can you please share the IAM policies for the roles you're creating on master payer account?

Absolutely! You can find the policy for DoiT Cloud Management Platform at this gist. If your contract includes CloudHealth, its IAM policy is at this gist.

What if I need to access the management account using root credentials after onboarding?

Generally, we don't recommend using root credentials. Please review the AWS best practices on using root credentials. We will provide root credentials on request. You can place the request by contacting our global team