Add an Account
You can add accounts to Kion by connecting existing accounts that you have already created in a cloud provider console or by creating new accounts in Kion which are automatically added to the cloud provider management account as well.
When adding an account to Kion, existing or new, you can choose to add it to a project or to the account cache. Adding it to a project makes it available for funding and federation through Kion. Adding it to the account cache lets you stage the account to be added to a project later on.
To access accounts through Kion, they must be attached to a project. You can attach accounts to projects when adding existing accounts, creating new accounts, or from the account cache. This guide goes over how to attach accounts to projects, but the projects must be created first. For more information about projects, see What is a Project?
- Before creating or connecting accounts, you must add a management account as a billing source. For more information, see What is a Billing Source?
- Before creating accounts, enable account creation in System Settings > Account Settings. You also need the appropriate permissions in the cloud provider management account you are using to create new accounts.
- Before creating accounts, enable account creation on the billing source. For more information, see Enabling AWS GovCloud Account Creation through Kion, Enabling Azure Account Creation through Kion, and Enabling Google Cloud Project Creation through Kion.
- Before adding accounts to the account cache, enable the account cache in System Settings > Account Settings.
- Before adding AWS GovCloud accounts, you may need to consider some permissions. Kion uses partition keys to access GovCloud. When connecting a GovCloud account, your commercial management account needs to have a GovCloud management account linked to it. Your management account needs to have permissions to create GovCloud accounts (this is a different permission than normal account creation permissions).
Where Can You Add Accounts?
Accounts can be added to Kion in a few places:
- Accounts > All Accounts. Navigate to Accounts > All Accounts and click Add. Select whether you want to add new accounts or existing accounts. This brings up the account wizard.
- The Accounts tab of a project. Navigate to the project details page of the project you want to add the account to. Select the Accounts tab and click Add. Select whether you want to add new accounts or existing accounts. This brings up the account wizard.
- The Quick Connect menu. The Quick Connect button is always available at the top of your screen next to the global search. Click the Quick Connect button. Click Accounts. Select whether you want to add new accounts or existing accounts. This brings up the account wizard.
- The Accounts Not in Kion list of a billing source. This option is only for existing AWS and Azure accounts. Navigate to Accounts > Billing Sources. Click the name of the billing source the account you want to add is under. Expand the Accounts not in Kion list. Click the ellipsis menu next to the account you want to add, and select whether you want to add it to a project or to the account cache.
Once an account is added, Kion will be able to perform actions inside the account, including accessing billing data, roles, policies, and permissions.
The Account Wizard
The account wizard helps you create or connect any number of accounts from any of our supported cloud providers using a simple standardized process.
To connect or create accounts:
- Select whether you want to add AWS, Azure, or Google Cloud accounts.
- Select the type of account you want to add. The available account types depend on which cloud provider you selected. The options include:
- AWS. AWS Commercial or AWS GovCloud.
- Azure. Azure Resource Groups or Azure Subscriptions.
- Google Cloud. Google Cloud Projects.
While the process to connect accounts is the same across cloud providers, different providers have some unique settings. For more information on these cloud provider specific settings, expand the sections below.
- Skip account access checking. Enable this if you don't want Kion to verify the role is available. This allows you to preload accounts without having access to them.
- Add to cache or add to existing project. Add accounts to the Account Cache if you want to preload your accounts and attach them to projects later on.
- Linked Role. Leave this as OrganizationAccountAccessRole unless you changed the organization role during initial AWS account creation.
- Include spend from linked GovCloud/Commercial account. Enable this to include the spend data from a linked GovCloud or commercial account, if applicable. This lets you create combined financial reports without adding the linked account directly to Kion. For more information, see Including or Excluding Spend from a Linked AWS Account.
- Sync account information with AWS Organizations. Enable this if you would like to keep the account name and account email updated with those specified in AWS Organizations. You need to ensure the IAM role in the management account has access to Organizations for this to work properly.
- Add to AWS Organizational Unit. Enable this to add the account to an existing or new AWS organizational unit. This won't affect the account's placement within Kion OUs.
In addition to following these steps, you may want to watch these quick demonstration videos.