Account Syncing
ConsoleMe will use the AWS credentials you provide to sync your accounts. We currently support syncing accounts from AWS Organizations, SWAG, local Configuration, and if none of these is configured, ConsoleMe will attempt to Sync the current account.
Sync Accounts from AWS Organizations
ConsoleMe can sync accounts from your AWS Organizations master account. To configure this option, you must have a role on your AWS Organization master account that ConsoleMe can assume with sts:AssumeRole.
To configure this option, the following configuration values should be set in your ConsoleMe yaml configuration file:
Sync Accounts from SWAG
ConsoleMe can sync your organization's accounts from SWAG's API url. If you're storing 3rd party accounts in SWAG that you do not wish for ConsoleMe to sync, you can use the expected_owners configuration to sync only the desired accounts.
ConsoleMe needs the following configuration values to sync accounts from SWAG:
Sync Accounts from Configuration
You can also optionally provide configuration that explicitly provides ConsoleMe with a mapping of your account IDs to account names. You can provide this list either in your local configuration, or (as an administrator) your dynamic configuration at https://your_consoleme_url/config.
Account IDs should be quoted in YAML so that they are interpreted as strings. Account IDs can start with the number 0, and the first number would be dropped if interpreted as an integer.
Here is the required configuration:
Fallback: Sync the Current Account
As a fallback mechanism, ConsoleMe will attempt to sync the current account using sts:getCallerIdentity and iam:listAccountAliases. ConsoleMe attempts to do this during initial installation if no other configuration has been provided.
Last updated