AWS Partition Configuration
If you want to have the option of managing GovCloud accounts when Kion is running in commercial or vice-versa, you will need to set up an account in the corresponding partition to provide Kion with access. After choosing an account for this purpose (we recommend keeping this account empty and using it only for access), follow the steps below to setup partition access keys.
To configure AWS to allow communication between GovCloud and commercial:
- Go to Settings > AWS Regions.
- Click Download CloudFormation and run in AWS.
- In AWS, go to IAM > users > cloudtamer service user > security credentials > create access key.
- Go back to Kion and in the Select an AWS Partition dropdown menu select a partition.
- Copy key and secret key generated by AWS, and paste them into the AWS Access Key ID and AWS Secret Access Key fields.
- Click Save.
Now when you add an existing AWS account to Kion in that partition, the cloudtamer-service-role will trust that account. This limits the number of AWS access keys that Kion has to encrypt and store in the database.
AWS Region Selection
The regions setting is a list of the AWS regions that Kion supports. Currently, all the AWS commercial regions and the AWS GovCloud regions are supported. If AWS creates a new region, you will need to manually place a check in the new region. These selections do not affect which regions a user is able to access via the AWS console. You must limit those permissions via IAM policies.
If a region is checked, then:
- It allows users to apply AWS CloudFormation templates in that region.
- It allows users to apply AWS AMIs in that region.
- It allows users to apply AWS Service Catalog Portfolios in that region.
- It allows Kion to monitor and estimate spend in that region.
To allow Kion to manage a region:
- Click Settings in the left navigation menu.
- Click the Regions tab.
- Select an AWS partition type.
- Select the desired region checkbox.
- Click Update.
Default Region Selection
You can specify a default AWS region in your User Settings.
- In the left navigation menu, click Settings> My User Settings.
- Click the Default Regions tab.
- Make a selection from the Default AWS Commercial Region dropdown menu to set the default region.