Enterprise functionality is only available in our Enterprise Editions. Please contact firstname.lastname@example.org for details.
Larger Enterprise companies often require a layer of abstraction across their company. For example, multiple departments or projects within a company might have various billing/technical requirements that warrant separate but related RightScale accounts. To assist our Enterprise customers in the overall management of the RightScale platform across their company, RightScale offers an Enterprise component to the Dashboard that's only available in our Enterprise Edition.
The Enterprise feature within RightScale lets larger companies manage all of the RightScale accounts within their enterprise, which is comprised of a 'master' and one or more 'child' accounts. Each RightScale account within the enterprise will have separate cloud credentials. The main benefit of the enterprise is that the 'enterprise_manager' can create sharing groups within the 'master' account and then automatically grant child accounts access to those sharing groups without the need of sharing group invitations. In this way, the Enterprise Manager can control which ServerTemplates and Macros will be accessible to all users of a 'child' account.
If you are the 'enterprise_manager' and do not see the Sharing option (Design > MultiCloud Marketplace > Your Account Groups) in the 'master' account, you do not have 'publisher' role privileges. Contact email@example.com to get sharing enabled.
Actions and Procedures
Connecting AWS Consolidated Billing Accounts to RightScale
Connecting bills using this method is now considered legacy. For the most recent way to connect bill data that enables 100% bill accuracy and additional features, see the instructions for connecting AWS Hourly Cost & Usage CSVs
Cloud Analytics uses two primary data sources for helping you manage costs:
- Bill data - Bill information is collected from your public cloud provider to enable an accurate view of all of your costs across your accounts and services
- Usage data - Usage data is collected from RightScale Cloud Management to provide additional detail for slicing and dicing costs across many different dimensions
This page describes the legacy method for how to connect bill data for AWS. Learn about the data sources for Cloud Analytics, how to connect bills for other clouds, and how to connect usage data.
This section will walk you through setting up RightScale to work with your AWS Consolidated Billing accounts. Once set up, RightScale usage and cost reporting will be more accurate and reflect the benefits of Consolidated Billing, such as sharing Reserved Instances across accounts. This will enable you to optimize your costs across all your Consolidated Billing accounts and make better purchase option decisions.
Please note that in order to get the benefits of usage and cost reporting, you will need to connect all your AWS accounts to RightScale and have at least 'observer' permissions to each RightScale account. However if you'd like to get an overview of your costs per AWS account in the Cloud Analytics dashboard, all you need to connect to is the AWS Payer account.
In order to set up your AWS Consolidated Billing with RightScale, you need to have permissions to create RightScale accounts and connect to clouds. Therefore, the 'enterprise_manager' and 'admin' permissions are required. Please see the User Roles page for additional information.
You also need to be on a RightScale account which has access to the Consolidated Billing page. To check if you have access to this page, log into RightScale Cloud Management and navigate to Settings > Consolidated Billing.
If you do not have the required roles, or cannot see the Consolidated Billing page, please reach out to your RightScale account administrator, or email firstname.lastname@example.org.
In order for RightScale to
receive your AWS billing data and
recognize your Consolidated Billing account structure, AWS CloudWatch needs to be enabled to Receive Billing Alerts on your AWS Payer Account.
- Log into your AWS Payer Account.
- Navigate to the Billing & Cost Management menu option.
- Go into the Preferences menu option, select 'Receive Billing Alerts' and click Save preferences.
Now that CloudWatch Billing Alerts have been set up, you need to connect AWS to RightScale.
- Log into the RightScale Cloud Management dashboard.
- Navigate to Settings > Consolidated Billing. If you do not see this menu option, please note the prerequisites above.
- If you have connected all your AWS accounts to RightScale, this page will validate this by showing you all the AWS accounts under your Consolidated Billing group, and the links between these and the RightScale accounts they have been connected to.
- If you have not connected all your AWS accounts to RightScale, this page will give you the option to quickly create RightScale accounts and connect them to your AWS account.
- For each AWS account which has not been connected to RightScale, click the Create New Account link. This will open a dialog enabling you to enter a RightScale account name, and the AWS IAM credentials to establish the connection. If you need help in setting up AWS IAM, please read the step-by-step guide for setting up IAM with RightScale.
- Once you have connected all your AWS accounts to RightScale, it will take up to 24 hours for your cost reports to reflect the change.
Your AWS Master/Payer Account must be connected to a RightScale Account in order for Consolidated Billing to function correctly. If for some reason you have setup consolidated billing without connecting the Master AWS account to your Master RightScale account, you will need to make sure that the AWS account is connected to another RightScale account so that we have the proper permissions to setup consolidated billing for new accounts.
If you have any questions, or would like help in setting up your AWS Consolidated Billing with RightScale, please email email@example.com.
Create a New Child Account
Child accounts are an easy way to manage and control multiple accounts in RightScale through a single account. One benefit of having a child account is the ability to have a user enter in a set of cloud credentials that differ from the parent account. As an example, let's say you want to have a user add their own AWS account number to RightScale but still manage your own AWS credentials. You can provision a child account and have a user add in their own credentials while still being able to manage and control users to that account.
- You must be logged into an Enterprise account and have the 'enterprise_manager' role enabled.
If you would like to use RightScale API 1.5 to provision child accounts, you can do so. For more information, see Create a Enterprise Child Account in the API Users Guide.
- Go to Settings > Enterprise and click New Child Account.
- Enter the following:
- Child Account Name: The name of the child account that will be created under the parent account.
- Child Account Location: If you are connecting this account to AWS, we recommend that you choose a RightScale cluster that is in a different AWS region from where your primary AWS usage will be. Otherwise, we recommend you create the account in a cluster closest to the users of the child account so speeds will better for the users.
- Add cloud credentials after saving new child account: If you enable this option, you will be taken to the child account's clouds section to add cloud credentials for the account. For more information, see Add a Cloud Account to a RightScale Account.
- Click Save.
- Once a child account is created, all administrator users and their roles will be carried over to the child account. As an 'enterprise_manager,' you can manage roles from either the parent account or log in and manage users from the child account. All users with the 'admin' role will be able to manage users from the child account.
Invite a User to Join an Enterprise Account
Adding a user to a RightScale enterprise account by sending an account invitation grants access to the specified account, as well as defines the granted user role privileges within the account. Only users with 'enterprise_manager' user role privileges can send RightScale enterprise account invitations to other users. In order to invite a user to a RightScale enterprise account, you must send the invitation to the email address that the user will use to log into the RightScale Dashboard. Remember, RightScale users are identified by their email address, not by a name or username.
- 'enterprise_manager' user role privileges in the RightScale account into which you are going to invite a new user.
- Paid RightScale enterprise account - Required to invite users to a RightScale enterprise account and grant them non-Admin privileges.
Use the following procedure to permanently invite one or more users to join a RightScale enterprise account.
- Log into the RightScale dashboard using your 'enterprise_manager' user profile.
- Navigate to Settings > Enterprise > Invitations.
- Click Invite Users. Enter the email address for the user you want to send an invitation to, and use the Select Account drop-down to specify one or more accounts you want to invite the user to join. Each account you select along with its available permissions is displayed just below the drop-down. Note that you can deselect an account by clicking remove.
- Choose the permissions you want the user to have for a given account using the available checkboxes.
- Add additional user email addresses and account settings as needed.
- Click Send Invitations.
Temporary invitations allow enterprise managers to invite users to their account, but the invited user will be removed after a specified number of days. If the invited user already exists on the account, any additional permissions will be added for the listed number of days. In Settings > Enterprise > Invitations, there is a section for inviting permanent users with specified permissions and a section under it for inviting temporary users with specified permissions. If new temporary permissions are added to a user that already has temporary permissions, the new permissions and expiration period will supersede the previous one.
Manage IP Whitelists for Enterprise Accounts
You can manage IP whitelists by adding, modifying, or deleting Dashboard and API IP access rules that have been created on Enterprise parent and child accounts. Parent and child account holders of an Enterprise account have the ability to create a range of IP Whitelists. This feature is beneficial if account administrators would like to enable access to RightScale through a company's IP address, essentially blocking traffic from any other IP address. For more information, see Add an IP Whitelist Range.
To be able to properly manage this feature, Enterprise account managers can modify, add, or delete an IP Whitelist range that has been set from parent or child accounts of an Enterprise account. The instructions below explain how to use this feature.
- Requires 'admin' and 'enterprise_manager' user role privileges and Enterprise Edition account to configure this feature. Contact your account manager or firstname.lastname@example.org for more details.
- Go to Settings > Enterprise > IP Whitelists
Add a New Rule
- To add a new IP Range, click on New Rule
- Enter in the following details:
- IP Range (CIDR): Specify the IP Range in CIDR notation to control the range of IP addresses that will be allowed access for your account. 0.0.0.0/0 (default) allows access to any IP address whereas 0.0.0.0/32 denies access to all IP addresses. If you enter a range that does not include your own IP address, you may be denied access to your account.
- Description (Optional): This is a user-defined description to help describe the purpose of the IP Range.
- Accounts: A collection of one or more accounts to which the IP Whitelist will apply. Users with IP addresses outside of the whitelist range will not be able to access these accounts.
When you add an IP Whitelist Range, it will be viewable from the Access Controls tab (Settings > Account Settings > Access Controls) to the child or parent use with access to view that tab.
Edit an IP Whitelist Range
When parent or child accont memebers of the Enterprise account add an IP Whitelist Range from the Settings > Account Settings > Access Controls , the range will be viewable from the Enterprise IP Whitelists section. If you would like to modify this range, select the IP Whitelist Range and click Edit in the Selected Item window.
You will have the ability to modify the IP Range (CIDR), Description , and the Accounts of the selected range.
Delete an IP Whitelist Range
Additionally, if you would like to remove this range, you can do this by selected the IP Whitelist Range, clicking Actions, and then Delete.
Once you delete an IP Whitelist Range, it will be removed from the Access Controls tab (Settings > Account Settings > Access Controls) of the child or parent user that has access to view the tab.