Multi-Account Deployment
Deploy the unusd.cloud read-only IAM Role across your entire AWS Organization using CloudFormation StackSets.
Prerequisites
- An active unusd.cloud account with your
ExternalID(visible at the bottom left of the dashboard, labeledID:) - AWS Organizations with admin access to the management account
- The unusd.cloud CloudFormation template
Step 1: Create the StackSet
aws cloudformation create-stack-set \
--stack-set-name unusd-cloud-spoke-role \
--region eu-west-1 \
--capabilities CAPABILITY_NAMED_IAM \
--template-body file://spoke-role.yml \
--parameters ParameterKey=ExternalID,ParameterValue=YOUR_EXTERNAL_ID
Replace YOUR_EXTERNAL_ID with your unusd.cloud Customer ID.
Step 2: Create Stack Instances
Deploy across your Organization by targeting the root OU or a specific OU:
aws cloudformation create-stack-instances \
--stack-set-name unusd-cloud-spoke-role \
--deployment-targets OrganizationalUnitIds=r-xxxx \
--regions eu-west-1 \
--operation-preferences FailureToleranceCount=5,MaxConcurrentCount=5
Replace r-xxxx with your Organization root ID or target OU ID. The IAM Role only needs to be deployed in one region since IAM is a global service.
Step 3: Monitor Deployment
Track progress via CLI or the CloudFormation console:
Step 4: Add Accounts in unusd.cloud
Once the IAM Roles are deployed, add each AWS account in the unusd.cloud dashboard. Skip the role deployment step since StackSets already handled it.
For organizations with a large number of accounts, contact support@unusd.cloud to automate the account registration.
Keep on chasing 🧡