Getting started

Creating an Organization

Creating Audit and Log Archive AWS Accounts

Management

Creating an AWS Account

Initial Setup

Billing Alerts

Configuring AWS SSO (IAM Identity Center)

Generating As-Built-Documentation

Environments

Configuring AWS Client VPN

Configuring Private Bastion

Deleting an Environment

Compliance

Configuring a standard

Reference

Choosing Email Addresses for your AWS Accounts

Checklist end-of-deployment

Configuring SSO for Microsoft Azure

Configuring SSO for G-Suite

Deploying Applications

Notification History

Removing Citadel Access from AWS Accounts

What’s deployed in my account

Troubleshooting

Common Issues

Finding the Root Cause of a Failed Job

Creating new environment failed

Fixing Network Access is not connecting to RDS

SSO G-Suite - Deploy Lambda Error

Common issues

Creating Audit and Log Archive AWS Accounts

Introduction

You will need to create Audit and Log Archive accounts inside AWS Organizations. (Citadel uses AWS Organizations to manage your AWS accounts.)

Follow these steps to get started with AWS and to create a single AWS account.

Creating an AWS account within your AWS Organizations

To start, sign in to the AWS console by clicking here.

(You must sign in as a user with AWS Organizations management permissions or as root user.)

Once logged in, you can create member accounts that are immediately associated with your AWS Organizations.

The information listed below is automatically copied from the management account to the new member account:

Account name
Phone number
Company name
Customer URL
Company contact email
Communication language
Marketplace (vendor of the account in some AWS Regions)

To create a member account in your organization, you must have the following permissions:

organizations:CreateAccount
organizations:DescribeOrganization – required only when using the Organizations console
iam:CreateServiceLinkedRole (granted to principal organizations.amazonaws.com to enable creating the required service-linked role in the member accounts).
Access to the AWS Management Console

To create an AWS account that is automatically part of your organization, go to AWS Organizations > AWS accounts, and click ‘Add an AWS Account’, seen below:

Creating the Audit AWS Account

Under the ‘Add an AWS Account’ form, fill out the items shown below:

For AWS account name, enter Audit or a similar name
For Email address of the account's owner, enter the email address of the account's owner. This email address cannot already be associated with another AWS account because it becomes the user name credential for the root user of the account. Follow these instructions to set your email
For IAM role name, leave it as default

After the account is created, under Organizations you should see a new account there with the name chosen. Copy the Account ID to a safe location because we will need this later when setting up Citadel.

Creating the Log Archive AWS Account

Follow the same instructions as creating the Audit account, except that:

For AWS account name, enter Log Archive or a similar name

After the account is created, under Organizations you should see a new account there with the name chosen. Copy the Account ID to a secure location because we will need it later when setting up Citadel.

← Previous

Creating an Organization

Initial Setup

On this page

Creating Audit and Log Archive AWS Accounts

Creating an AWS account within your AWS Organizations

Creating the Audit AWS Account

Creating the Log Archive AWS Account