Skip to main content

Onboarding an AWS Account

This guide walks you through connecting your AWS account to Factor Fifty.

Prerequisites

  • Access to the AWS account you want to onboard
  • IAM permissions to create roles and policies in the target account
  • A Factor Fifty project to add the environment to

Step 1: Create an IAM Role in Your AWS Account

Before adding your environment in Factor Fifty, you need to create an IAM role that allows Factor Fifty to access your AWS account.

Create the Role

  1. Open the IAM Console in your AWS account
  2. Navigate to Roles โ†’ Create role
  3. Select Custom trust policy as the trusted entity type
  4. Enter the following trust policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::872515262065:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "<EXTERNAL_ID>"
}
}
}
]
}
Important

Replace <EXTERNAL_ID> with the External ID shown in the Factor Fifty "Create environment" dialog. This ID is unique to your organization and is required for security.

  1. Click Next
  2. Search for and attach the AdministratorAccess policy

Permissions policies

  1. Click Next
  2. Enter the role name: FactorFifty-Onboarding
  3. Click Create role

Step 2: Add the Environment in Factor Fifty

  1. Navigate to your project in Factor Fifty
  2. Click Add new environment
  3. Fill in the required fields in Step 1:

Create environment - Step 1

FieldDescription
Account IDYour 12-digit AWS account ID
Environment nameA friendly name to identify this environment (e.g., "Production", "Development")
Role NameThe name of the IAM role you created (default: FactorFifty-Admin)
External IDAuto-generated unique identifier - use this value in your trust policy
  1. Click Validate
tip

After creating the IAM role in AWS, wait a few seconds before clicking Validate. AWS IAM role propagation can take a moment.

Step 3: Configure Environment Settings

Once validation succeeds, you'll proceed to Step 2:

Create environment - Step 2

Select SLA

Choose the appropriate Service Level Agreement for this environment:

SLADescription
ProductionFor production workloads requiring full support coverage
Non-ProductionFor development, testing, or staging environments
UnmanagedFor environments that only require visibility without active management

Enable Integrations

Select which integrations to enable for this environment:

  • FinOps: Cost management, optimization recommendations, and budget tracking
  • SecOps: Security monitoring, compliance scanning

Monitoring

Monitoring is automatically enabled for Production and Non-Production environments. For Unmanaged environments, monitoring is not available.

Create environment - Step 2 with selections

Step 4: Complete the Setup

  1. Review your selections
  2. Click Save

Your AWS account is now connected to Factor Fifty. The initial data sync will begin automatically and may take a few minutes to complete.

Troubleshooting

Validation Failed

If validation fails, check the following:

  1. Verify the Account ID: Ensure the 12-digit account ID is correct
  2. Check the Role Name: Confirm the role name matches exactly (default: FactorFifty-Admin)
  3. Verify the External ID: The External ID in your trust policy must match the one shown in Factor Fifty
  4. Wait for propagation: IAM roles can take up to 30 seconds to propagate. Wait a moment and try again
  5. Check the trust policy: Ensure the Principal ARN is exactly arn:aws:iam::872515262065:root

Permission Errors

If you receive permission errors after onboarding:

  1. Verify the AdministratorAccess policy is attached to the role
  2. Check that no Service Control Policies (SCPs) are blocking access
  3. Ensure the role hasn't been modified or deleted