Cross-Account Manager
Cross-Account Manager

Step 1. Launch the Solution in the Master Account

First, launch the automated AWS CloudFormation template in the master AWS account to deploy the Cross-Account Manager components.

  1. Log in to the AWS Management Console and click the button below to launch the aws-cross-account-manager-master AWS CloudFormation template.

                                Master template launch button

    You can also download the template as a starting point for your own implementation.

  2. The template is launched in the US East (N. Virginia) Region by default. To launch the Cross-Account Manager solution in a different AWS Region, use the region selector in the console navigation bar.


    This solution uses the AWS Lambda service, which is currently available in specific AWS Regions only. Therefore, you must launch this solution an AWS Region where Lambda is available. For the most current AWS Lambda availability by region, see AWS service offerings by region.

  3. On the Select Template page, verify that you selected the correct template and choose Next.

  4. On the Specify Details page, assign a name to your Cross-Account Manager stack.

  5. Under Parameters, review the parameters for the template and modify them as necessary. This solution uses the following default values.

    Parameter Default Description
    Config Bucket <Requires input> Name of a new Amazon S3 bucket that the solution will create. The Administrator uses this bucket to store account, role, and policy files for the solution-managed sub-accounts.
    Access Links Bucket <Requires input> Name of a new Amazon S3 bucket that the solution will create. The Administrator uses this bucket to store the user-accessible webpage with access links to managed sub-accounts
    Send Anonymous Usage Data Yes Send anonymous data to AWS to help us understand solution usage and related cost savings across our customer base as a whole. To opt out of this feature, choose No. For more information, see Appendix C.
  6. Choose Next.

  7. On the Options page, you can specify tags (key-value pairs) for resources in your stack and set additional options, and then choose Next.

  8. On the Review page, review and confirm the settings. Be sure to check the box acknowledging that the template will create AWS Identity and Access Management (IAM) resources.

  9. Choose Create to deploy the stack.

    You can view the status of the stack in the AWS CloudFormation console in the Status column. You should see a status of CREATE_COMPLETE in roughly five minutes.

  10. To see details for the stack resources, choose the Outputs tab. The following table describes some of these outputs in more detail.

    Key Description
    ConfigBucket Name of the Amazon S3 bucket to upload sub-account files for this solution
    AccessLinksBucket Name of the Amazon S3 bucket to store the webpage with links to access managed sub-accounts
    KMSKeyAlias The alias of AWS KMS key the Administrator must use to upload sub-account files (CrossAccountManager-Key)