Managing Cloud Accounts


Accounts in are cloud provider accounts. In AWS, they are AWS accounts. In Azure, they are Azure subscriptions. In Google Cloud, they are projects (Google Cloud projects are different from projects and are added as accounts).

Accounts can only be added to projects, so you should build out your OU structure before adding any accounts.

There are two features available in that you may want to enable based on your needs:

  • Account Cache
  • Account Creation

Account cache allows you to add existing accounts to without attaching them to a project. This is a good practice if you want to preload your accounts so they are quick and easy to assign to a project.

Account creation allows you to programmatically create accounts.

One thing to note with AWS accounts: when they are created, it can take up to 24 hours for all the services in the AWS account to become available. In our experience, we usually don't see a delay longer than a few minutes, but it does happen. So, if you want a reliable process, it's best to create the AWS accounts and leave them in the account cache for 24 hours before attaching them to projects.

For AWS, programmatic account creation is done through the AWS Organizations API. needs access to a few APIs in the AWS management account to perform the action, but if you added the standard IAM role called cloudtamer-service-role to the AWS management account, then should have the access necessary.

AWS limits the number of AWS accounts that can be created via AWS Organizations. Make sure you submit an AWS support ticket to raise the service level limit before you reach your service limit. Again, it's a good practice to allow the accounts to remain in the account cache once they are created for 24 hours to ensure all services are enabled in them before you attach them to projects. Account creation requires account cache to be enabled. A good workflow for creating an AWS account is:

  1. Create an AWS account from the account cache.
  2. Wait 24 hours.
  3. Assign the AWS account to a project.

Enabling Account Cache and Account Creation

To enable the account cache and account creation, see the Account Creation Settings article.

To set the placeholder email field for account creation, see the AWS Account Creation Settings article (requires login; learn more here).

Adding Accounts

To programmatically create AWS GovCloud Accounts, please refer to the Enable Programmatic AWS GovCloud Account Creation article.

You can read about adding other accounts in the Add an Account article.

Was this article helpful?
0 out of 0 found this helpful