(Optional) Configure OpsCenter to manage OpsItems across accounts by using Quick Setup
Quick Setup, a capability of AWS Systems Manager, simplifies set up and configuration tasks for Systems Manager capabilities. Quick Setup for OpsCenter helps you complete the following tasks for managing OpsItems across accounts:
-
Specifying the delegated administrator account
-
Creating required AWS Identity and Access Management (IAM) policies and roles
-
Specifying an AWS Organizations organization, or a subset of member accounts, where a delegated administrator can manage OpsItems across accounts
When you configure OpsCenter to manage OpsItems across accounts by using Quick Setup, Quick Setup creates the following resources in the specified accounts. These resources give the specified accounts permission to work with OpsItems and use Automation runbooks to fix issues with AWS resources generating OpsItems.
Resources | Accounts |
---|---|
For more information about this role, see Using roles to collect AWS account information for OpsCenter and Explorer. |
AWS Organizations management account and delegated administrator account |
|
Delegated administrator account |
|
All AWS Organizations member accounts |
Note
If you previously configured OpsCenter to manage OpsItems across accounts using the manual method, you must delete the AWS CloudFormation stacks or stack sets created during Steps 4 and 5 of that process. If those resources exist in your account when you complete the following procedure, Quick Setup fails to configure cross-account OpsItem management properly.
To configure OpsCenter to manage OpsItems across accounts by using Quick Setup
-
Sign in to the AWS Management Console using the AWS Organizations management account.
Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/
. In the navigation pane, choose Quick Setup.
-
Choose the Library tab.
-
Scroll to the bottom and locate the OpsCenter configuration tile. Choose Create.
-
On the Quick Setup OpsCenter page, in the Delegated administrator section, enter an account ID. If you are unable to edit this field, then a delegated administrator account has already been specified for Systems Manager.
-
In the Targets section, choose an option. If you choose Custom, then select the organizational units (OU) where you want to manage OpsItems across accounts.
-
Choose Create.
Quick Setup creates the OpsCenter configuration and deploys the required AWS resources to the designated OUs.
Note
If you don't want to manage OpsItems across multiple accounts, you can delete the configuration from Quick Setup. When you delete the configuration, Quick Setup deletes the following IAM policies and roles created when the configuration was originally deployed:
-
OpsItem-CrossAccountManagementRole
from the delegated administrator account -
OpsItem-CrossAccountExecutionRole
andSSM::ResourcePolicy
from all Organizations member accounts
Quick Setup removes the configuration from all organizational units and AWS Regions where the configuration was originally deployed.
Troubleshooting issues with a Quick Setup configuration for OpsCenter
This section includes information to help you troubleshoot issues when configuring cross-account OpsItem management using Quick Setup.
Topics
Deployment to these StackSets failed: delegatedAdmin
When creating an OpsCenter configuration, Quick Setup deploys two
AWS CloudFormation stack sets in the Organizations management account. The stack sets use
the following prefix: AWS-QuickSetup-SSMOpsCenter
. If
Quick Setup displays the following error: Deployment to
these StackSets failed: delegatedAdmin
use the
following procedure to fix this issue.
To troubleshoot a StackSets failed:delegatedAdmin error
-
If you received the
Deployment to these StackSets failed: delegatedAdmin
error in a red banner in the Quick Setup console, sign in to the delegated administrator account and the AWS Region designated as the Quick Setup home Region. Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation
. -
Choose the stack created by your Quick Setup configuration. The stack name includes the following: AWS-QuickSetup-SSMOpsCenter.
Note
Sometimes CloudFormation deletes failed stack deployments. If the stack isn't available in the Stacks table, choose Deleted from the filter list.
-
View the Status and Status reason. For more information about stack statuses, see Stack status codes in the AWS CloudFormation User Guide.
-
To understand the exact step that failed, view the Events tab and review each event's Status. For more information, see Troubleshooting in the AWS CloudFormation User Guide.
Note
If you are unable to resolve the deployment failure using the CloudFormation troubleshooting steps, delete the configuration and try again.
Quick Setup configuration status shows Failed
If the Configuration details table on the
Configuration details page shows a
configuration status of Failed
, sign in
to the AWS account and Region where it failed.
To troubleshoot a Quick Setup failure to create an OpsCenter configuration
-
Sign in to the AWS account and the AWS Region where the failure occured.
Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation
. -
Choose the stack created by your Quick Setup configuration. The stack name includes the following: AWS-QuickSetup-SSMOpsCenter.
Note
Sometimes CloudFormation deletes failed stack deployments. If the stack isn't available in the Stacks table, choose Deleted from the filter list.
-
View the Status and Status reason. For more information about stack statuses, see Stack status codes in the AWS CloudFormation User Guide.
-
To understand the exact step that failed, view the Events tab and review each event's Status. For more information, see Troubleshooting in the AWS CloudFormation User Guide.
Member account configuration shows ResourcePolicyLimitExceededException
If a stack status shows
ResourcePolicyLimitExceededException
, the account
has previously onboarded to OpsCenter cross-account management by
using the manual method. To resolve this issue, you must delete
the AWS CloudFormation stacks or stack sets created during Steps 4 and 5 of
the manual onboarding process. For more information, see Delete a stack set and Deleting a stack on the AWS CloudFormation console in the
AWS CloudFormation User Guide.