Onboard end customers

Distributors and resellers can initiate end customer onboarding in the DoiT console.

Required permission

• Distributor/reseller/end customer: Your DoiT account must have the Admin role.

• End customer: You must have the following permissions on the AWS management accounts that you want to connect:

  iam:CreatePolicy
  iam:CreateRole
  iam:AttachRolePolicy
  iam:GetRole
  cloudformation:CreateStack
  cloudformation:GetTemplateSummary
  sns:Publish

  You can also attach to your user or role the AWS managed policy AdministratorAccess policy, which fully covers the permissions above but grants broader access.

Onboard a customer

The onboarding process of an end customer consists of three parts, conducted by users with the Admin role along the hierarchy.

Part 1: Add customer

This part is performed by the distributor or reseller:

1. Sign in to the DoiT console.

2. Add a customer. Make sure to select the correct reseller as parent when configuring the customer profile.

Part 2: Assign contract

The distributor or reseller admin user needs to create a contract for the end customer before the end customer can start connecting cloud accounts.

Part 3: Connect cloud account

This part is performed by the end customer:

1. Activate the DoiT account upon receiving the welcome email and complete the sign-up process.

2. Sign in to the DoiT console, launch the connection wizard using either of the following ways:

   • On the Home page, select Connect your AWS Management Account.

     

   • Navigate to the Assets page, select Amazon Web Services from the left-hand menu, and then select Connect new account.

     

3. Review the information displayed on the DoiT console.

4. Enter the AWS management account that you want to connect.

   

5. Select Next.

6. Follow the instructions on the DoiT console.

   注意

   Currently, the ChannelOps service supports only legacy CUR.

   

   1. Sign in to the AWS Billing and Cost Management console.

   2. Create a legacy CUR export with the following settings:

      • Export type: Legacy CUR export

      • Export content: For Additional export content, select Include resource IDs. Select Split cost allocation data.

      • Data table delivery options: For Time granularity, select Hourly.

      • Compression type and file format: Select Parquet (recommended) or gzip.

      • Configure S3 bucket: Make sure to select or create an S3 bucket in the us-east-1 region. Buckets in other regions will fail validation.

   3. Switch back to the DoiT console, enter the name of the S3 bucket where you have created the CUR. DoiT reads CUR files exclusively from the specified bucket and automatically discovers new CUR files in it.

   4. In the DoiT console, select Open AWS CloudFormation Console.

   5. In the AWS CloudFormation console, create a stack using the DoiT template.

   6. Select Next to continue.

7. Once the AWS account has been successfully connected, CUR files in the S3 bucket are validated:

   • Valid CURs are listed on the page. Currently, only one CUR is supported.

   • If none of the CURs is valid, the DoiT console displays why they are invalid so you can make corrections.

   You can always select Refresh to validate CURs in the S3 bucket.

   

8. Select Confirm and proceed.

9. (Optional) Enable insights.

   In this last step, you can select Link new account to start enabling AWS Trusted Advisor Insights, AWS Cost Optimization Hub insights, and AWS Security Hub insights.

   Or, you can select Complete to finish the onboarding process and enable insights later.

   

Validation

Review the onboarding progress and take necessary actions.