Settings in AWS License Manager

The Settings section of the AWS License Manager console displays settings for the current account. You must configure settings to enable certain functionality such as distribution of managed entitlements and self-managed licenses to your organization, as well as for performing cross-account resource discovery.

To edit License Manager settings

1. Open the License Manager console at https://console.aws.amazon.com/license-manager/.

2. In the left navigation pane, choose Settings.

3. Choose the tab containing the settings you wish to configure or modify. For example, choose Managed licenses to configure Account details.

4. Choose the relevant action for the setting you wish to configure or modify. For example, you might choose Edit or Turn on.

Settings topics

• Managed licenses
  • Account details
  • Cross-account resource discovery
  • Simple Notification Service (SNS)
• Linux subscriptions
• User-based subscriptions
  • AWS Managed Microsoft AD
  • Virtual private cloud
• Delegated administrators
  • Regions supported for delegated administrators
  • Register a delegated administrator
  • Deregister a delegated administrator

Managed licenses

The following settings are available for managed licenses.

Account details

You can review your account details to see information such as the account type, whether accounts in AWS Organizations are linked, the account's License Manager S3 bucket ARN, and the AWS Resource Access Manager share ARN. This section also enables you to link your AWS Organizations accounts.

To distribute managed entitlements or self-managed licenses within your organization, choose Link AWS Organizations accounts. The distributed grants for managed entitlements are auto-accepted by all of your member accounts. When you select this option, we add a service-linked role to the management and member accounts.

Note

To enable this option, you must be signed in to your management account and all features must be enabled in AWS Organizations. For more information, see Enabling all features in your organization in the AWS Organizations User Guide.

This selection also creates an AWS Resource Access Manager resource share in your management account, which allows you to seamlessly share self-managed licenses. For more information, see the AWS Resource Access Manager User Guide.

To disable this option, call the UpdateServiceSettings API.

Cross-account resource discovery

You can turn on cross-account resource discovery in order to manage license usage across all of your accounts in AWS Organizations.

To enable cross-account resource discovery in your organization, choose Turn on for cross-account resource discovery. When you turn on the cross-account resource discovery, AWS Organizations will automatically be linked to perform resource discovery across all of your accounts.

License Manager uses Systems Manager inventory to discover software usage. Verify that you have configured Systems Manager inventory on all of your resources. Querying Systems Manager inventory requires the following:

• Resource data sync to store inventory in an Amazon S3 bucket.

• Amazon Athena to aggregate inventory data from your accounts in AWS Organizations.

• AWS Glue to provide a fast query experience.

Note

The following AWS Regions don't require Amazon Athena or AWS Glue to query or aggregate inventory data for Systems Manager inventory to discover software usage:

• Asia Pacific (Jakarta)

• Israel (Tel Aviv)

Simple Notification Service (SNS)

You can configure an Amazon SNS to receive notifications and alerts from License Manager.

To configure an Amazon SNS topic

1. Choose Edit next to Simple Notification Service (SNS).

2. Specify an SNS topic ARN in the following format:

   arn:<aws_partition>:sns:<region>:<account_id>:aws-license-manager-service-*

3. Choose Save changes.

Linux subscriptions

You can configure settings for Linux subscriptions to control how the discovery and aggregation of your subscriptions are performed. You can choose the Regions for which you want to discover Linux subscriptions for, and whether you want to aggregate subscription data across your accounts in AWS Organizations. For more information, see Linux subscriptions in License Manager.

User-based subscriptions

The following settings are available depending on which products you require for user-based subscriptions.

AWS Managed Microsoft AD

License Manager requires AWS Managed Microsoft AD to be configured before you can work with user-based subscriptions. For more information, see User-based subscriptions in License Manager.

Virtual private cloud

License Manager requires your VPC to be configured, in addition to your AWS Managed Microsoft AD, when you use user-based subscriptions with Microsoft Office. For more information, see User-based subscriptions in License Manager.

Delegated administrators

You can register a delegated administrator to perform administrative tasks for managed licenses and Linux subscriptions in License Manager. To simplify administration, we recommend using the License Manager console to register a single delegated administrator for each feature of License Manager. Using this approach, you will have a single delegated administrator in your organization for License Manager.

Using the AWS CLI or SDKs, you can register different member accounts in your organization as the delegated administrator for each supported feature of License Manager. This results in different member accounts in your organization being able to perform administrative tasks for managed licenses and Linux subscriptions.

Important

To use the delegated administration features in the License Manager console, you must have the same member account registered as the delegated administrator for each feature of License Manager. If you registered more than one member account as the delegated administrator, you first have to deregister the existing member accounts, and then register the same account for each feature of License Manager.

Before you register a delegated administrator, you must enable trusted access with Organizations. For more information, see Inviting an AWS account to join your organization and Enable trusted access with AWS Organizations.

The following are the features for which you can register a delegated administrator:

Managed licenses

You can perform administrative tasks, such as sharing self-managed licenses with other member accounts, performing cross-account resource discovery, and distributing managed entitlements to other member accounts.

Linux subscriptions

You can perform administrative tasks, such as viewing and managing commercial Linux subscriptions you own and run across AWS Regions and your accounts in AWS Organizations. You can also create and manage Amazon CloudWatch alarms for your Linux subscriptions. The data must first be discovered and aggregated before it is visible in the License Manager console and any alarms can function if they are configured.

Important

Once registered, the delegated administrator has visibility into EC2 instances owned by accounts in your organization.

You can register and deregister delegated administrators using the AWS License Manager console, AWS CLI, or AWS SDKs.

Regions supported for delegated administrators

The following Regions support License Manager delegated administrators:

• US East (Ohio)

• US East (N. Virginia)

• US West (N. California)

• US West (Oregon)

• Asia Pacific (Mumbai)

• Asia Pacific (Seoul)

• Asia Pacific (Singapore)

• Asia Pacific (Sydney)

• Asia Pacific (Tokyo)

• Asia Pacific (Hong Kong)

• Middle East (Bahrain)

• Canada (Central)

• Europe (Frankfurt)

• Europe (Ireland)

• Europe (London)

• Europe (Paris)

• Europe (Stockholm)

• Europe (Milan)

• Africa (Cape Town)

• South America (São Paulo)

Show moreShow less

Register a delegated administrator

You can register a delegated administrator using the AWS CLI or AWS Management Console.

Console

To register a delegated administrator using the AWS License Manager console, perform the following steps:

1. Sign in to AWS as the administrator of the management account.

2. Open the License Manager console at https://console.aws.amazon.com/license-manager/.

3. Choose Settings from the left navigation pane.

4. Choose the Delegated administration tab.

5. Choose Register delegated administrator.

6. Enter the member account ID to register as the delegated administrator, confirm that you want to grant License Manager the required permissions, and then choose Register.

7. A message indicates if the specified account has been successfully registered as the delegated administrator License Manager.

AWS CLI

To register a delegated administrator for managed licenses using the AWS CLI, perform the following steps:

1. From the command line, run the following AWS CLI command:

   aws organizations register-delegated-administrator --service-principal=license-manager.amazonaws.com --account-id=<account-id>

2. Run the following command to verify that the specified account is successfully registered as the delegated administrator:

   aws organizations list-delegated-administrators --service-principal=license-manager.amazonaws.com

To register a delegated administrator for Linux subscriptions using the AWS CLI, perform the following steps:

1. From the command line, run the following AWS CLI command:

   aws organizations register-delegated-administrator --service-principal=license-manager-linux-subscriptions.amazonaws.com --account-id=<account-id>

2. Run the following command to verify that the specified account is successfully registered as the delegated administrator:

   aws organizations list-delegated-administrators --service-principal=license-manager-linux-subscriptions.amazonaws.com

Deregister a delegated administrator

You can deregister a delegated administrator using the AWS CLI or AWS Management Console.

Console

To deregister a delegated administrator using the AWS License Manager console, perform the following steps:

1. Sign in to AWS as the administrator of the management account.

2. Open the License Manager console at https://console.aws.amazon.com/license-manager/.

3. Choose Settings from the left navigation pane.

4. Choose the Delegated administration tab.

5. Choose Remove.

6. Enter the text remove to confirm you would like to remove the delegated administrator for License Manager and choose Remove.

7. A message indicates if the specified account has been successfully removed the delegated administrator for License Manager.

AWS CLI

To deregister a delegated administrator for managed licenses using the AWS CLI, perform the following steps:

1. From the command line, run the following AWS CLI command:

   aws organizations deregister-delegated-administrator --service-principal=license-manager.amazonaws.com --account-id=<account-id>

2. Run the following command to verify that the specified account is successfully deregistered as the delegated administrator:

   aws organizations list-delegated-administrators --service-principal=license-manager.amazonaws.com

To deregister a delegated administrator for Linux subscriptions using the AWS CLI, perform the following steps:

1. From the command line, run the following AWS CLI command:

   aws organizations deregister-delegated-administrator --service-principal=license-manager-linux-subscriptions.amazonaws.com --account-id=<account-id>

2. Run the following command to verify that the specified account is successfully deregistered as the delegated administrator:

   aws organizations list-delegated-administrators --service-principal=license-manager-linux-subscriptions.amazonaws.com

You can register a deregistered account again at any time.