AWS management account access for the DoiT Customer Solutions Team
As an AWS reselling partner, we require access to your management account (or master payer account, a.k.a. MPA) to manage the billing elements of your organizations to set up and monitor our reselling partner payment methods. In addition, access to your management account allows us to offer AWS Partner-Led Support for your organization.
Key points
-
For the DoiT Customer Solutions Team access, we leverage the same technology that we use to access AWS member accounts.
-
DoiT logs every access attempt with the related requested permissions and retains these logs for 365 days.
-
The DoiT Customer Solutions Team requires that access to intervene directly with AWS support if you opt in to an AWS Partner-Led Support plan.
-
Your DoiT account team uses that access to proactively advise you about potential savings.
-
As of March 2024, the required components are already installed on your management account through our AWS onboarding procedure, specifically via the AWS Service Catalog Product named
mpa-access
, which manages thedoit-support-gateway
CloudFormation Stack in theus-east-1
region.
Required components installed on the management account
We only require the following resources to be installed on your AWS management account:
-
Two AWS IAM Identity providers to federate DoiT-managed identities.
-
One AWS IAM support role named
DoiT-Support-Gateway
to allow access from the identities mentioned above. -
(Optional) One AWS IAM role named
SupportDiagnostics
to leverage AWS Partner-Led Support diagnostic tools.
Permissions granted to DoiT on the management account:
You can review the permissions we require at any time directly in our public CloudFormation Stack template.