I want to transfer my account from AISPL to AWS. This is because, I had been running my application in AISPL account till now. Now I want to add my account to an AWS organisation of my employer whose seller of record is AWS. So that my employer can take care of all the consolidated billings in USD.
Currently, adding AISPL account into AWS account organisation is not supported and shows an error response of "You can only join an organization whose Seller of Record is same as your account".
What can I do to transfer my AWS account from AISPL to AWS so that I can add my account to AWS organisation ?
I had posted a query on AWS support for this and got the below reply.
Hello,
I understand you would like to update your AISPL account and utilize services from Amazon Web Services Inc. instead.
At this time your account utilizes services from AISPL (Amazon Internet Services Private Limited) which is the Indian AWS reseller for Indian customers.
The main difference between AWS accounts and AISPL accounts is the seller of record. AISPL accounts are administered by Amazon Internet Services Private Limited, but AWS accounts are administered by Amazon Web Services, Inc.
Accounts located in AISPL can update their account information, but will continue to be billed in INR and utilize services from AISPL. If you wish to utilize services from Amazon Web Services Inc. and update your preferred currency, then you will need to create a new AWS account.
More information can be found using the link below:
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-account-payment-aispl.html#determine-seller
We cannot transfer an account from AISPL to AWS. Need to create a new account for this.
Related
I have some engineers that have built some things using EC2 instances. I built these instances logged in with my AWS administrator account (Root user?). Now, I want to create a PROD "container" that only certain users can see. Secondly, I'd like billing for this to be completely separate, if possible, so we can bill the customer directly. I'm looking for a structure like this:
Customer 1
PROD
EC2 Instance 1
EC2 Instance 2
DEV
Customer 2
PROD
DEV
And then separately, I'd like to be able to say "Engineer 1 can access Customer 1 - DEV" or "Engineer 2 can access Customer 2 - PROD".
I know how to do this in Azure, but AWS is confounding me. What would the containers/folders above be called? Organizations?
You should setup different AWS Accounts for each application environment, e.g. "Customer 1 - DEV", "Customer 1 - PROD", "Customer 2 - DEV" and so on. This way you can leverage AWS IAM on the account level to grant individual developers access and have a clean boundary for billing as well. I'd stay away from using tags for cost allocation, as that's usually very hard to maintain clean.
To setup multiple AWS accounts, you need AWS Organizations. Organizations allows you to build a hierarchy of multiple AWS Accounts, just like an Azure Tenant with multiple Azure Management Groups and Subscriptions. In an AWS Organization you can designate one account as the "payer account" and that's the one that receives all the consumption charges for all managed accounts in your org. These charges are broken down per account, so you can easily chargeback that cost to your customers.
If you have more than a handful of accounts, I'd recommend building a landing zone. AWS Control Tower is a good point to get started though there are other options.
Use AWS Organizations and IAM Identity center. Create different accounts (and organizational units) for dev, prod, staging etc. workloads and grant access rights to certain accounts only for certain individuals. Even if the all accounts belong to same organization, you will be able to get cost reports for each account.
Rather easy to implement after reading documentation for those services.
Check also AWS Control Tower which can be used to create a secure landing zone for use case you described.
I'm the administrator of an AWS account that has 4 users. One of the users is racking up higher-than-expected costs.
I checked the Cost Explorer, but could not seem to configure it to view individual users.
As an administrator in AWS, how do I see all of the services this particular user has been using during a given period of time (e.g. the last 12 months)?
Thanks!
AWS resources are associated with an AWS Account, not a specific user.
If a user has the necessary permissions to create resources (eg an Amazon EC2 instance), then the instance is launched in the AWS Account, but there is no link back to the user that requested the resource.
You can, however, use AWS CloudTrail:
AWS CloudTrail is an AWS service that helps you enable operational and risk auditing, governance, and compliance of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.
It will show all API calls made by the user, including the Action ('launch an EC2 instance'), their IP address, timestamp, etc. Operations in the AWS management console will also be shown, since it makes API calls on behalf of the user.
CloudTrail keeps a history of the past 90 days, but you can create specific 'Trails' that retain data permanently. If you have not done this, then it will not be possible to see what they did prior to 90 days ago.
I have two accounts.
Account A : This has some aws resources which should not ideally have any downtime. This is registered under aaa#gmail.com
Account B : This account does not have any aws resources, but it has some aws credits. This is registered under bbb#gmail.com
I have the access to both accounts/both emails. How I can merge those two accounts so that I can utilize aws credits.
Any method with no downtime is preferred. After the merge/migration, I am willing to keep any account as my primary account.
Thank you.
Based on AWS knowledge center article your requirement doesn't seem to be supported:
Issue
I have resources on multiple AWS accounts, and I want to merge all the
resources together under one account. Is this possible?
Resolution
It's not possible to merge multiple AWS accounts together.
There is suggestion which might help you
However, you can use AWS Organizations to manage the permissions for
multiple AWS accounts, and then combine the billing in one
consolidated bill.
You can also transfer some AWS resources between AWS accounts. For
example, with Amazon Elastic Compute Cloud (Amazon EC2), you can share
custom AMIs between accounts, which allows you to transfer instances
between accounts. Because each AWS service is unique, the way to move
resources between accounts varies by service. For more details, see
AWS Documentation.
We currently have a webapp running in AWS Region Ireland (service for the UK) and are planing to expand the service into the US.
In order to be sure that the US users get a low latency experience we are considering mirroring the AWS resources used Ireland in the US.
The data for the US users should be stored in the US region, the UK data in Ireland. (There is no need to report across both regions).
We are thinking of building a centralised login services that runs in the Ireland region. After successful login the user will be redirected to the region where his data is stored. (The login service has to know in which region the data is stored)
Has anyone built something similar? Any recommendation how to approach this?
Would Amazon Cognito support such a setup (if we build the login service based on cognito)?
Currently Amazon Cognito does not support this out of the box.
But if you use Cognito User Pools with Federated identities the credentials you get can be used in any AWS region. Along with that you can store a custom attribute for the user defining the region to which that user belongs and then redirect them accordingly.
I am working on Amazon Web Service (EC2, S3) to set up an instances given the following detail on the account. (I don't have administrative rights to the Amazon account through the web browser)
Amazon Account Number
Access Key ID
Secret Access Key
Do anyone know how can I check the total usage cost spent through command line interface? I wouldn't want to give the owner a surprise of how much Amazon have charged him at the end of the month.
P.S.: To date of writing Amazon does not provide account charges information through the command line or API (According to #Eric Hammond). If Amazon does in the later date, please give me a head up. Thanks!
Amazon AWS does not currently provide account charges information through the command line or API.
Accrued account charges can be viewed through a login on the AWS web site:
http://aws-portal.amazon.com/gp/aws/developer/account/index.html?ie=UTF8&action=activity-summary