This page is for AWS account owners where their AWS accounts currently do not have access for ITS.
Why this is needed
ITS is consolidating AWS accounts so they can be managed consistently under a new UM AWS Organization. As part of that move, UM also needs a standard “access role” in each UM AWS account so our central team can complete onboarding tasks and manage required account integrations.
What you will do
You will click a link that opens an AWS CloudFormation Quick create stack page in your AWS account. On that page, AWS will show you the Template URL and the template contents (via View template) before anything is created, and you must explicitly choose Create stack to proceed.
Safety reminder
Only continue if you trust this template’s source and the Template URL matches what you expect, and review View template before you create the stack. If anything looks unfamiliar or broader than expected (especially permissions), stop and contact AWS Support before proceeding.
Step 0: Log into your aws account
Whatever method you normally use, log into your account before clicking the CloudFormation link.
Step 1: Open the setup link
Click the button below to open AWS CloudFormation in your AWS account and start the setup.
Set up access in my AWS account
Step 2: Review what will be created
On the “Quick create stack” page, expand View template to review what this setup will create in your account. This stack creates an IAM role (mcloud-admin-API) in your account that ITS’s management account (arn:aws:iam::733182407373:root) can complete the account move.
Make sure you are in the right account by checking the account number in the top right corner.
Step 3: Create the stack
Scroll down, acknowledge that AWS CloudFormation might create IAM resources with custom names, and choose Create stack to finish.
Step 4: Confirm completion
Wait until the stack status shows CREATE_COMPLETE in CloudFormation.
That’s it. The new role now exists in your account. Our script will identify the new role and move the account the next time we run it. You will get an automated email at that point indicating the new organization.