scarrad
Flexera beginner

AWS Organisations

Hi

Optima supports AWS STS allowing a cross account trust to be created between Optima and an AWS account.  I'm unable to find any documentation relating to how Optima can then assume roles in child AWS accounts.   This would enable one Optima credential to be used to access all AWS accounts.  For large organisations that have many AWS accounts it's impractical to have one Optima credential for each account.

Labels (3)
0 Kudos
1 Reply
spomeroy
Flexera Alumni

Hi @scarrad ,

Optima only needs access to the Amazon Web Services (AWS) master payer account to pull in your Hourly Cost and Usage Report (HCUR).

I believe you may be referring to the Policy Automation functionality. If that's the case, currently we require an Identity and Access Management (IAM) role in every AWS account you wish to run policies against.

We understand the complications of managing this at scale. Customers typically leverage the AWS command line tool and/or API to automate the creation of the roles on the AWS side, and our Credential Management API to create the matching credential on the Flexera side.

Hope this helps.

Sean