Deploying a Role to Enable the Organization Root Account to Trust Child Accounts
You can link multiple child accounts in bulk to the root account.
Note
To enable the root account of your organization to trust child accounts, we recommend using StackSets.
Follow the steps below to complete the deployment.
Step 1: Upload the template.
Upload the pre-downloaded CloudFormation template to the appropriate AWS service and click Next.
Note
Ensure the file is accurate and accessible.
Step 2: Configure the Parameters.
Configure the required parameters and click Next.
The following parameters are required.
Account ID: Enter the AWS account ID of the Virtana account that you intend to trust.
Note
Ensure the account ID is correct to avoid configuration issues.
External ID: Provide the customer organization ID. This parameter adds an additional layer of security, ensuring requests are authenticated and originate only from your organization.
Note
Provide the customer organization ID. This parameter adds an additional layer of security, ensuring requests are authenticated and originate only from your organization.
Role Name: Use the same role name that you configured when running the first CloudFormation template. A default role name is provided, but you can customize it if needed.
Note
Consistency is critical. The role name must be identical across the root account and the roles created via the StackSet for linked accounts. Any mismatch may result in deployment failure.
Step 3: Configure Settings.
Choose the settings that best align with your organizational requirements and click Next.
Note
Double-check all settings before proceeding to ensure compatibility with your use case.
Step 4: Verify.
After the process is complete, verify that the roles have been successfully created in the child accounts.
Note
Verifying the roles ensures that the trust relationship has been properly established. You can do this from Virtana. For more information, see Adding Linked Accounts in Bulk
Related Topics