Navigation:  Customers  


TIP: To optimize platform functionality, use Google Chrome.


This article is specific to AWS accounts and assumes you created a customer profile in StreamOne Ion. If the customer profile needs to be created, please read: How to Create a New Customer Profile


Request a New AWS Account

Submitting a request for a new AWS account via the platform initiates the process for the Cloud Ops team to establish a new member account. Important: It is not possible to request an AWS organization account (dedicated payer) through the platform. If you require an AWS organization account (dedicated payer), please submit a support ticket.



To request a new AWS account, complete these steps:

  1. From the Customer menu, select a customer in the list and double-click to open the profile.
  2. Navigate to the Cloud Billing menu on the left and expand, then click Cloud Providers.
  3. If the pricebook is missing, click Add, then select Amazon Web Services.
  4. Select Invoice Currency, then click Save.
  5. Click the drop-down arrow next to Amazon Web Service, then click on Amazon Web Services Master Pricebook, then click Edit.
  6. Toggle on the box next to Enable Provider in the Customer Portal, then click Save.
  • Ignore the "Pass RI optimization to customer." This feature is not available.


7. Click on Cloud Accounts on the left, then click Request, select Amazon Web Services, then click the second Request button.



Your request is routed automatically to the Cloud Support Ops team for your region for review and approval. You may be contacted (typically via email) for the required information to complete the request. 


The information required to create a new account includes:


  • A new email address to assign as root: The email must be unique and never used with Amazon or AWS. It should be a valid, active mailbox that can receive workflow messages from AWS for password reset notifications and other communications.
  • AWS Account Name or Nickname: What friendly name do you want to associate with the account?
  • The Support Type: Identify the AWS support plan currently associated with the account. AWS offers Business Support, Developer Support, or Basic/No Support. This information is critical to the accuracy of billing data.


Check your inbox for an email from TD SYNNEX (or Tech Data) with the subject: Customer Account Provision Request Received—Amazon Web Services (Customer Name). If you are in the US or CA, you can reply to streamonevendoropsamer@tdsynnex.com using the workflow email that would have been sent to the primary contact on the Account Information page in StreamOne Ion.



After the account has been created, follow up with the customer to make sure the steps below are completed:

  1. The Root account owner needs to complete a Password Reset. To access the AWS account, go to https://console.aws.amazon.com, enter the root email, and then navigate to the Recover Password page.
  2. Once the account owner has access to the account, the ARN Role should be created.
  3. If applicable, advise the root account owner to update the support to AWS Business Support or Developer Support at https://console.aws.amazon.com/support/plans/home. Click Support in the upper right-hand corner, then select Support Center. Click Change Plan, select Business (or Developer), and confirm the selection. Once the change has been made, the support status will be updated within minutes.
    • FYI... Regarding AWS Business Support Cost: Please advise your customers to disregard the $100 monthly charge or any prorated upfront charges for business support, as upfront support charges are not applicable for accounts in the TDS payers. AWS Business Support customer cost will be 10% of the total usage. Resellers earn margin on AWS Business Support.
    • Please contact your sales rep if Enterprise Support is needed. 


Resellers should complete the tasks below in StreamOne Ion:


Create IAM Role (ReadOnlyAccess)


Tip: We recommend you use two browsers to toggle between the AWS Console and the platform. When you complete the setup of the read-only access role in the AWS console, you paste the role ARN name in a specific field in the platform.


The Create IAM Role instruction window displays at the time you add the account. The instructions in this window are completed in the AWS console. 

(1) If you have access to the AWS account, please log into the AWS console IAM screen to complete the next steps. 

(2) If you do not have access, click Later


When you return to add the role (after the account was initially added), you can see the instructions by selecting the account from the list and double-clicking to open the Cloud Account dialog box. Scroll to the bottom to view the options. Click ROLE ARN



Note: Root access is not a requirement for a user to create a read-only role; it depends on the IAM user's access rights. 


    

Specific items to note in this instruction window are:



(1)  The Cross Account ID is standard for all AWS accounts linked in ION


(2)  The External ID number is unique to each account linked in ION


(3) The platform requires the Role ARN name in this field. 


(4) If the role was created correctly, the 'Verified' status will display in green (as shown in the image here).


(5) A description of the role of the ARN is optional.


(6) click Save


An AWS read-only access role allows for enhanced reporting features in the platform. 


For the full instructions and video tutorial, please read the article: How to Create the Role ARN for AWS Accounts


1.    Login to the Amazon IAM console

2.    Select Roles 

3.    Click Create Role

4.    Click AWS Account

5.    Select Another AWS Account

6.    Enter the Account ID: 328676173091

7.    Under Options, check the box next to Require external ID

 Enter the External ID: CA****** (This ID number is unique to each AWS account.)

***DO NOT Toggle on the "Require MFA" feature**** 

8.   Click Next


   Click on the image to enlarge.

9.     Search for the "ReadOnlyAccess" policy and check the box next to ReadOnlyAccess


Optional:  To enable the policy for the Security and Compliance Report, in the policy list, search for AWSSupportAccess and check the box on the left. Business Support is required for this report.  For more information, please read the Knowledge Base article: AWS Security and Compliance Report.


10.   Enter a Role Name. Example: IONReadOnly (Maximum 128 characters). (Use alphanumeric and '+=,@-_' characters.)  

11.   Enter a Description. Add a brief explanation for this policy. Example: Cloud Platform Read-Only Access for cost and usage data. maximum of 128 characters. (Use alphanumeric and '+=,.@-_' characters.)  A sample of the name and description are illustrated below.

12.  Click Create Role

13.  Click on the recently created Role Name to access the summary screen.

14.  From the summary page, using the icon located on the left of the Role ARN value, copy the ARN name (as illustrated as item 4 in the screenshot below).



15.  Back in StreamOne Ion, paste the Role ARN value in the Role ARN dialog box (see below)

16.  Click the "Not Checked/Check Now" action function to confirm role validation in the platform. Once the green Verified status appears, click "Save". If a red "No Access" message appears, please recheck the Role ARN value, making sure there is no space in front or behind the value when pasted. If the ARN Value is still not validating, please confirm the ReadOnlyAccess policy was properly created.


This screenshot shows a before and after view of the AWS Role ARN setting.

 

17.  Enter the Role description (optional)

18.  Save


Note: Requesting an AWS organization account (dedicated payer) through the platform is not possible. If you need an AWS organization account (dedicated payer), please open a support ticket.



Highly recommended TDS training class: Setting Up and Managing Your AWS Business on StreamOne Ion. This training will assist you in understanding how StreamOne Ion handles AWS business complexities, setting up your AWS business, understanding reports, and reconciling billing data. (This is partner-facing training.) 

To submit a support request, in StreamOne Ion, click the "?" icon in the upper right menu bar or click the Support button in the menu. Alternatively, you can click Submit a ticket in the Knowledge Base. Fill out all mandatory fields, or read How to Use StreamOne Freshdesk to Submit and View Support Tickets for more information.