7. And then...
Have a credit card
Have a unique group email
address
Enter contact details
8. More details...
Have a credit card
Have a unique group email
address
Enter contact details
Enter payment details
9. Oh okay...
Have a credit card
Have a unique group email
address
Enter contact details
Enter payment details
Enter captcha
10. I just...
Have a credit card
Have a unique group email
address
Enter contact details
Enter payment details
Enter captcha
Receive automated phone
call
11. Losing the will to continue...
Have a credit card
Have a unique group email
address
Enter contact details
Enter payment details
Enter captcha
Receive automated phone
call
Handshake Consolidated
Billing account
12. ಠ_ಠ
Have a credit card
Have a unique group email
address
Enter contact details
Enter payment details
Enter captcha
Receive automated phone
call
Handshake Consolidated
Billing account
Manage root credentials,
including MFA
You might know GA from Antony’s keynote and recently MH370
Just to begin with, this is pretty hard in a bureaucracy
This was a major blocker. Requests went through helpdesk to the Exchange team and sat in a queue. Low priority.
Discovering email sub-addressing (thanks, DTA) was a huge victory
Enter the company name, country, address, city, state, post code, phone number
Enter your PIN from the robot
Manual intervention from the owner of consolidated billing
Either manage them yourself or give them to us (how to transfer?)
Organizations advertised at Re-invent, Dec 2016
We were frothing at the mouth over the summer break
Released in Feb 2017, we GeoHacked this together in March
It’s not self-service YET - still waiting for S3 SSO - but it’s fully-automated (it just needs a Cloud team member to run it)
The user hits R53 and gets directed to the Cloudfront distribution
This directs them to the S3 static website. When the user hits create, it directs them to the API Gateway, which invokes the Lambda.
The Lambda calls the Organizations API and creates an account. It then switches roles into the new account and creates the first user and assigns their temporary password.
And like everything at GA, it’s all in Terraform. So you can create or destroy the whole stack with a single command.
Acct name, group email address, first user and their (temp) password
Auth for the S3 website - we’re hooking up our IdP to Cognito
Unhelpful error messages, lots of spinning wheel
Do you need a budget code? How is the Cloud team informed? What if you hit a service limit?
The whole point of this - getting compute and storage into the hands of our scientists and developers much more quickly. IT is no longer a blocker - we’re leading the charge in getting this stuff to our smartest people.