Add an Account
You can add accounts to Kion by connecting existing accounts that you have already created in a cloud provider console or by creating new accounts in Kion which are automatically added to the cloud provider management account as well.
When adding an account to Kion, existing or new, you can choose to add it to a project or to the account cache.
- Adding it to a project makes it available for funding and federation through Kion.
- Adding it to the account cache lets you stage the account to be added to a project later on.
- Follow the steps in Getting Started with Account Management to build your organization structure, enable account creation, and add billing sources.
- Ensure you have the appropriate account management permissions in your cloud provider management account.
- Before adding AWS GovCloud accounts. Kion uses partition keys to access GovCloud. When connecting a GovCloud account, your commercial management account needs to have a GovCloud management account linked to it. Your management account needs to have permissions to create GovCloud accounts (this is a different permission than normal account creation permissions).
- Before adding Azure accounts. You can add individual Azure resource groups as their own accounts. Resource groups can have Azure roles and policies applied to them through Kion using cloud rules, without applying the roles and policies to the entire Azure subscription. This allows for more granular control when you only want users to see a particular resource group or when you only wish to apply cloud rules to a particular resource group. You may not import both the resource group and its containing subscription to Kion, so it is important to decide the path you would like to take before you start adding accounts.
Where Can You Add Accounts?
Accounts can be added to Kion in a few places:
- Accounts > All Accounts. Navigate to Accounts > All Accounts and click Add. Select whether you want to add new accounts or existing accounts. This brings up the account wizard.
- The Accounts tab of a project. Navigate to the project details page of the project you want to add the account to. Select the Accounts tab and click Add. Select whether you want to add new accounts or existing accounts. This brings up the account wizard.
- The Quick Connect menu. The Quick Connect button is always available at the top of your screen next to the global search. Click the Quick Connect button. Click Accounts. Select whether you want to add new accounts or existing accounts. This brings up the account wizard.
- The Accounts Not in Kion list of a billing source. This option is only for existing AWS and Azure accounts. Navigate to Accounts > Billing Sources. Click the name of the billing source the account you want to add is under. Expand the Accounts not in Kion list. Click the ellipsis menu next to the account you want to add, and select whether you want to add it to a project or to the account cache.
The Account Wizard
The account wizard helps you create or connect any number of accounts from any of our supported cloud providers using a simple standardized process.
To connect or create accounts:
- Select whether you want to add AWS, Azure, or Google Cloud accounts.
- Select the type of account you want to add. The available account types depend on which cloud provider you selected. The options include:
- AWS. AWS Commercial or AWS GovCloud.
- Azure. Azure Resource Groups or Azure Subscriptions.
- Google Cloud. Google Cloud Projects.
While the process to connect accounts is the same across cloud providers, different providers have some unique settings. For more information on these cloud provider specific settings, expand the sections below.
- Skip account access checking. Enable this if you don't want Kion to verify the role is available. This allows you to preload accounts without having access to them.
- Add to cache or add to existing project. Add accounts to the Account Cache if you want to preload your accounts and attach them to projects later on.
- Linked Role. Leave this as
OrganizationAccountAccessRoleunless you changed the organization role during initial AWS account creation.
- Include spend from linked GovCloud/Commercial account. Enable this to include the spend data from a linked GovCloud or commercial account, if applicable. This lets you create combined financial reports without adding the linked account directly to Kion. For more information, see Reporting AWS GovCloud Spend.
- Sync account information with AWS Organizations. Enable this if you would like to keep the account name and account email updated with those specified in AWS Organizations. You need to ensure the IAM role in the management account has access to Organizations for this to work properly.
- Add to AWS Organizational Unit. Enable this to add the account to an existing or new AWS organizational unit. This won't affect the account's placement within Kion OUs.
In addition to following these steps, you may want to watch these quick demonstration videos.