top of page

AWS onboarding

This page explains the onboarding process if you prefer to preserve your own AWS Organizations after signing up with

Step 1 — Readiness (by Customer)

After signing a contract with, your customer success manager will provide you with an onboarding process overview and guide you through the readiness phase.

Here is what to expect:

  1. Identify the AWS management account in your AWS organization (formerly known as Master Payer Account).

  2. Under the management account, create a new IAM user with Administrator policy. You'll be using this user to manage your organization post-onboarding.

    You can skip this step if you already have an IAM user with full permissions.

  3. Change the root user email address on the management account to the one provided by

  4. Remove MFA from the management account root user (no worries, we'll re-enable it in the next step).

  5. Notify your customer success manager about completing the steps above.


Step 2 — Initial Onboarding (by AWS Ops team)

  1. Reset the AWS management account root user password.

  2. Re-enable MFA on the management account root user.

  3. Create the doitintl_cmp IAM role to facilitate access from the Platform.

  4. Create the AWSAdmin IAM role to access billing data under the AWS Channel Reseller Program.

  5. Onboard the organization to SPP using AWS Channel Management dashboard.


Step 3 — Account Configuration (by AWS Ops team)

  1. Replace the existing payment method with a payment method.

  2. Set tax profile to the country matching's billing profile.

  3. Complete the organization email verification process (necessary because the management account root user email has changed).

  4. Enable Cost and Usage Reports (if not enabled already).

  5. Create a new S3 bucket (named as doitintl-awsops-{id}) to store the AWS Cost and Usage report.

  6. Set up a new Cost and Usage report (doitintl-awsops-{id})).



Will anything break during the process?

No, the process was designed to be disruption free.

What's the impact on AWS Organizations features?​

All AWS Organization features (AWS SSO, AWS Backup, AWS Firewall Manager, Resource Manager, etc.) will continue to function in the same way as before.

Where can I find the IAM policies for the roles you create on the management account?​

You can find the policy for Platform at this gist.

What if I need to access the management account using root user credentials after onboarding?​

We provide an IAM administrator role for you to perform daily admin tasks and access AWS resources. This is in line with the AWS Best practices to protect your account's root user.

In case you need to perform Tasks that require root user credentials, please open a support ticket to request to carry out the tasks.

See AWS management account root user credentials for more information.

Am I on a consolidated billing account or a dedicated payer account?​

If your account is a member account of one of the three consolidated payer accounts listed below, then you're on a consolidated billing account.

Payer account ID          Payer account name

561602220360               doitintl-payer-01

017920819041               doitintl-payer-02

279843869311               doitintl-payer-07

If your account is on a reseller payer account other than the three listed above, then you're on a dedicated payer account.

See also Payer account and member account.

Get in Touch

This is a Paragraph. Click on "Edit Text" or double click on the text box to start editing the content.

bottom of page