Managing Cloud Accounts
Different cloud providers use different names for similar functional resources. In Kion, we simplify multi-cloud management by helping you manage equivalent functional resources from any cloud provider with the same processes. To support this centralized management, we have grouped similar resources together. Accounts in Kion include AWS accounts, Azure subscriptions, and Google Cloud projects.
Though they sound similar, Google Cloud projects are different from Kion projects. Google Cloud projects are added as accounts in Kion.
Accounts are added to Kion projects, so you should build out your OU structure and projects before adding accounts. For more information on building an OU structure, see Structuring OUs.
Once an account is added, Kion will be able to perform actions inside the account, including accessing billing data, roles, policies, and permissions.
While most accounts are managed the same way in Kion, there are a few special cases you may want to consider:
- AWS GovCloud Accounts. You can include spending from any linked GovCloud accounts in the financial reports for your AWS commercial accounts without having Kion manage the GovCloud account. For more information, see Including or Excluding Spend from a Linked AWS Account.
- Azure Resource Groups. You can add individual Azure resource groups as their own accounts. Resource groups can have Azure roles and policies applied to them through Kion using cloud rules, without applying the roles and policies to the entire Azure subscription. This allows a more granular level of control when you only want users to see a particular resource group, or when you only wish to apply cloud rules to a particular resource group. You may not import both the resource group and its containing subscription to Kion.
Account Management Settings
To manage accounts in Kion, you must enable a few settings:
- To manage accounts from supported cloud providers. Navigate to System Settings > Cloud Provider Settings. Enable the cloud providers you want to manage through Kion.
- To use the account cache to stage accounts. Navigate to System Settings > Account Settings. Enable the account cache.
- To create accounts through Kion. Navigate to System Settings > Account Settings. Enable account creation.
- Enable account creation on the billing source. For more information, see Enabling AWS GovCloud Account Creation through Kion, Enabling Azure Account Creation through Kion, and Enabling Google Cloud Project Creation through Kion.
In order to add an account to a project, you must also have the Project Manage Accounts permission.
Billing sources are cloud accounts where billing information is made accessible to Kion. For AWS, this is a management account (previously a master payer). For Azure, this is an Azure CSP, EA, or MCA account. For Google Cloud, this is a billing account and a service account. Before you adding accounts to projects in Kion, you must add their billing sources. For more information, see What is a Billing Source?
You can add accounts to Kion by adding existing accounts that you have already created in a cloud provider console or by creating new accounts. Creating accounts through Kion adds the account to your existing cloud provider organization structure as well as to Kion. Creating accounts in Kion, rather than the cloud provider portal, allows you to attach them to Kion projects during creation, ensuring cloud rules, funding, and cloud access roles are applied as soon as they are created.
When adding an account to Kion, existing or new, you can alternatively choose to add it to the account cache. Adding it to the account cache lets you stage the account to be added to a project later on.
For information on adding new and existing accounts to Kion, see Add an Account.