Sign Up for New AWS Account using Nucleator Naming Conventions

How to sign up for a new AWS account for a Nucleator Customer using conventions and best practices that will make using Nucleator really easy.

Icon

Review Naming Conventions
Create an AWS Account for use with Nucleator

Conventions
Create an AWS Account for use with Nucleator

Conventions

To keep things consistent across the different ways to refer to and log into the management console for an AWS Account, we recommend AWS Account Names with two parts:

customer_name: a descriptor of the customer on who's behalf the Account was created. This may be your own organization, or someone else's.
account_name: a descriptor of the underlying purpose of the account. For example, "master", "test1", "adhoc"

Customer Name

Note that Customer name must contain only lowercase alphanumeric characters and the dash character. The Customer name will be used in S3 bucket names and AWS CloudFormation template names, which must follow this convention. If a customer name that does not match these restrictions is used, the command line tool will print an error message noting that the customer name is invalid.

Account Friendly Name

The Account "Friendly Name" is used as a convenient way to refer to one of a particular Customer's AWS Accounts. It must be unique within the Customer. We will often refer to the Account Friendly Name as account_name or simply as "account". Like the Customer name, the account name may contain only lowercase alphanumeric characters and the dash character. If an account name is used that does not meet these restrictions the command line tool will print an error noting that the account name is invalid.

AWS Account Name

When you sign up for an AWS Account, it will ask you for a Name. You may think that this should be the name of a human, but we recommend using this name to identify both the Customer and the Friendly Name of the resulting AWS Account. While you can use whatever name you'd like for the AWS Account Name, to avoid confusion we strongly recommend that you name the Account using the Nucleator Customer Name and Account Friendly Name separated by a dash, for example:

# generally: {{customer_name}}-{{account_name}}
 
47lining-test1
othercustomer-analytics
yetanothercustomer-production

This AWS Account Name will show up prominently in the header bar (upper right) whenever you log into the root Account. We will also use the two components (Customer Name and Account Friendly Name) to identify the Account in all of the Nucleator config files.

The first (and, sometimes, the only) Account created with which Nucleator will be used is often referred to as the "Master" Account. The Master Account may also be used as a Master Account for AWS Consolidated Billing.

Example Account Names:

master-47lining
test1-47lining
internalcustomer-yourcompany

Account Email Address

AWS requires that each AWS Account must have an independent email address. You specify the email address for the Account at the time that you create the account, and use the email address to login to the the AWS Console using the Account's "root credentials", which consist of this email address and the the Account's root password. We suggest using a consistent naming convention for the email addresses associated with AWS Accounts.

Recommendation

Icon

The remainder of this section is a recommendation based on best practices that we've developed at 47lining. Nucleator is not dependent upon these and you may choose to use different conventions.

At 47Lining, we explicitly create new email forwarders for this purpose, and use the convention:

{{account_name}}.accounts.aws.{{customer_name}}@47lining.com

The convention provides for independent namespaces for multiple IaaS providers, if needed. In this convention, a consolidated accounts.aws.{{customer_name}}@47lining.com forwarder is established. This forwarder provides a managed, customer-specific distribution list that applies to all of the purpose-specific AWS Accounts for that customer. All of the purpose-specific {{account_name}}.accounts.aws.{{customer_name}}@47lining.com addresses for that customer forward to accounts.aws.{{customer_name}}@47lining.com

Example Account Email Addresses:

master.accounts.aws.47lining@47lining.com
test1.accounts.aws.47lining@47lining.com
customers_customer.accounts.aws.distributor_customer@47lining.com

AWS Console Shortcut Link

After creating a new AWS Account, a shortcut link to the root console can be established using the IAM Console. These always take the form https://{{shortcut}}.signin.aws.amazon.com/console

To avoid confusion or proliferation of naming conventions, we recommend using the Account Friendly Name and the Customer Name, separated by a hyphen:

https://test1-47lining.signin.aws.amazon.com/console
https://master-47lining.signin.aws.amazon.com/console
https://customers_customer-distributor_customer.signin.aws.amazon.com/console

Create an AWS Account for use with Nucleator

You may be able to use an existing AWS Account with Nucleator, but we suggest creating a new one. Nucleator makes it easy to manage AWS Resources across AWS Account boundaries, and AWS Accounts serve as very useful containers and boundaries for AWS Resources.

To create a new AWS Account, visit the AWS Console: https://console.aws.amazon.com/

Choose "I am a new user" to create a new AWS Account.

Sign-in using root account credentials

Icon

If you are visiting the console using your AWS Console shortcut link for an existing account, you will need to choose the small link "Sign-in using root account credentials" beneath the Sign In button to get to the "Sign In or Create an AWS Account" Page.

Complete the Account Signup process using the conventions described above:

Complete AWS Account Signup

Icon

Account Name: {{acccount_name}}-{{customer_name}}
Account Email: {{account_name}}.accounts.aws.customer_name@47lining.com
Console Shortcut: https://{{account_name}}-{{customer_name}}.signin.aws.amazon.com/console

Next: Establish IAM Users and Minimal Configuration in New AWS Account