Skip to content

Latest commit

 

History

History
24 lines (17 loc) · 1.62 KB

BOOTSTRAP.md

File metadata and controls

24 lines (17 loc) · 1.62 KB

Bootstraping a new account

These is the list of tasks that need to be done via ClickOps in a new AWS Account before you can deploy org-kickstart.

Root Tasks

  1. Add MFA to root
  2. Enable IAM access to billing (this is still a thing in 2023?)
  3. Go to Organizations and create an Organization
  4. Go to AWS SSO, and enable it
  5. Add yourself as a user
  6. Create a pre-defined Permission Set named TempAdministratorAccess. Probably want the duration as 4 hours.
  7. Assign the Permission Set to the new Payer/Org Management Account
  8. Activate trusted access with AWS Organizations to use service-managed permissions for CloudFormation stacksets (must be done via console)

Log out of root and never use it again.

On your machine

  1. Check Email and create your IAM Identity Center account.
  2. Add MFA to that account
  3. Import Admin creds to environment

You're now ready to run org-kickstart