← Documentation
AWS

AWS Cloud Onboarding Guide

Step-by-step instructions for connecting your AWS accounts to Park Your Cloud using IAM roles and CloudFormation. Choose your method below.

1

Navigate to Accounts and Start AWS Onboarding

Screenshot: AWS Accounts Onboarding — Choose method
Expand

Where you are: The AWS Accounts Onboarding screen.
How to get here: Click Accounts in the top navigation bar, then select AWS from the dropdown.

OptionWhen to use it
Discover automaticallyYou have an AWS Organization set up. The system will scan all accounts using an IAM role. Best for most users.
Add manuallyYou want to add one account at a time, or you do not have organization-wide permissions.
Select Discover automatically if you manage multiple AWS accounts under an AWS Organization (recommended).
Select Add manually if you only want to add a single account or have limited AWS permissions.
Once selected, click the Continue button at the bottom right.
Tip

If unsure, go with Discover automatically. You will still review and confirm each account before it is added.

2

Configure IAM Role (Step 1 of 5)

Screenshot: Configure IAM Role — Step 1 of 5
Expand

A 5-step wizard on the left sidebar. You are on Step 1: IAM role config.

Note

If you have already onboarded some AWS accounts before, this flow will not affect them. It only adds new accounts not yet onboarded to PYC.

FieldWhat to enterExample
IAM Role NameName for the IAM role PYC will create in your AWS Management Account.role_pyc_org
Management Account IDYour 12-digit AWS Management (root/master) Account ID.000000000000
Note

At the bottom of the screen you will see an External ID (e.g., pyc-00000000000). This is a unique security token auto-generated by PYC. Copy this value — you will need it when deploying the CloudFormation stack in the next step. Do not change or ignore it.

1Enter your desired IAM Role Name (or keep the default role_pyc_org).
2Enter your AWS Management Account ID.
3Note down or copy the External ID shown at the bottom.
4Click Save, then click Continue.
3

Create CloudFormation Stack (Step 2 of 5)

Screenshot: Create CloudFormation Stack — Step 2 of 5
Expand

A CloudFormation template file (pyc_management_template.yaml). This template creates an IAM role in your AWS Management Account that allows PYC to list all accounts in your organization.

1Click Download (top right of the code block) to download the YAML file, or click Copy to copy the content.
2Open your AWS Console and go to CloudFormation.
3Create a new Stack and upload this template file.
4When prompted for parameters, use the IAM Role Name from Step 2 (e.g., role_pyc_org) and the External ID (e.g., pyc-00000000000).
5Deploy the stack and wait for status CREATE_COMPLETE in AWS.
6Come back to PYC and click Verify to confirm the role was created successfully.
7Once verified, click Continue.
Why this is needed

This IAM role gives PYC read-only permission to list all AWS accounts under your Organization. Without it, PYC cannot discover accounts automatically.

4

Configure Account Role (Step 3 of 5)

Screenshot: Configure Account Role — Step 3 of 5
Expand

A single input field for the IAM Role Name to be created in your individual AWS member accounts.

FieldWhat to enterExample
IAM Role NameName for the role to be created in each member account. Keep the default or use a custom name.role_pyc_acc
Note

This is different from the role in Step 2. The Step 2 role was for your Management Account (to list accounts). This role is for each member account (to allow PYC to start/stop EC2 and RDS resources).

1Enter your desired IAM Role Name or keep the default role_pyc_acc.
2Click Save, then click Continue.
5

Create CloudFormation StackSet (Step 4 of 5)

Screenshot: Create CloudFormation StackSet — Step 4 of 5
Expand

Another CloudFormation template (pyc_account_template.yaml). This deploys an IAM role across all your member accounts at once using a StackSet — no need to do it account by account.

1Click Download or Copy to get the template.
2Open your AWS Console and go to CloudFormation > StackSets.
3Create a new StackSet using this template.
4Deploy it to all accounts in your AWS Organization (or specific OUs/accounts if preferred).
5Use the IAM Role Name from Step 4 (e.g., role_pyc_acc) and the same External ID when prompted.
6Wait for the StackSet to complete deployment across all accounts.
7Come back to PYC and click Continue.
Why this is needed

This role gives PYC permission to start and stop EC2 and RDS resources in each member account. The StackSet deploys it to all accounts in one go.

6

Validate Accounts (Step 5 of 5)

Screenshot: Validate Accounts — Step 5 of 5
Expand

All 5 steps on the left sidebar are marked Complete. This is the final step of the onboarding wizard.

1Click the Verify button at the bottom right.
2You will see a confirmation message: "Request submitted. Account discovery is in progress and results will be updated shortly."
3Wait for five minutes until the process is complete, then click Finish.
Note

PYC uses the IAM roles you set up to scan your AWS Organization and discover all member accounts. This runs in the background and may take a few moments. Discovered accounts will appear in your Accounts list automatically.