Creating Shared Services and Member Accounts Accounts Using AWS Service Catalog Products

After you create AWS Service Catalog products for accounts, you can use those products to create a Commvault shared services account and Commvault member accounts in AWS Control Tower Account Factory.

Go to Account Factory in AWS Control Tower

1. Sign in to an AWS account that meets the following policy and permission requirements:

   • The AWSServiceCatalogEndUserFullAccess policy must be enabled.

   • The account must have the following permissions:

     • CreateAccount

     • DescribeCreateAccountStatus

     This set of permissions is part of the Admin role and is given automatically when you assume the Admin role. If permissions to provision accounts are delegated in your AWS environment, this set of permissions might need to be added directly to your AWS user account.

2. Go to AWS Control Tower.

3. In the navigation pane, go to Account factory.

   The Account factory page appears.

Create the Commvault Shared Services Account

1. Click Create account.

   The Create account page appears.

2. In the Account details section, enter the account email and display name.

3. In the Access configuration section, enter the IAM Identity Center email and user name.

4. In the Organizational unit section, select the Infrastructure OU.

5. Expand the Account factory customization section.

6. For Account that contains your AWS Service Catalog products, enter the ID of the blueprint hub account that contains your AWS Service Catalog products, and then click Validate.

   For more information about blueprint hub accounts, see Customize accounts with Account Factory Customization (AFC).

7. For Select a product, select the Commvault shared services account product.

8. If the blueprint contains parameters, you can specify values for the parameters.

9. For Deployment Regions, select the Regions to deploy the Commvault shared services account to, either Home Region or All governed Regions.

   Global resources such as Route 53 or IAM might need to be deployed to a single Region only. Regional resources, such as Amazon EC2 instances or Amazon S3 buckets, can be deployed to all governed Regions.

10. Select Create account.

    The Account factory page appears, with a message stating that AWS Control Tower is provisioning your account.

Create a Commvault Member Account

1. Click Create account.

   The Create account page appears.

2. In the Account details section, enter the account email and display name.

3. In the Access configuration section, enter the IAM Identity Center email and user name.

4. In the Organizational unit section, select the Workloads OU.

5. Expand the Account factory customization section.

6. For Account that contains your AWS Service Catalog products, enter the ID of the blueprint hub account that contains your AWS Service Catalog products, and then click Validate.

   For more information about blueprint hub accounts, see Customize accounts with Account Factory Customization (AFC).

7. For Select a product, select the Commvault member account product.

8. For Product version, select the version of the Commvault member account product to use.

9. Expand Blueprint parameters.

10. For CommvaultSharedServicesAccountID, enter the ID of the Commvault shared services account.

11. For Deployment Regions, select the Regions to deploy the Commvault shared services account to, either Home Region or All governed Regions.

    Global resources such as Route 53 or IAM might need to be deployed to a single Region only. Regional resources, such as Amazon EC2 instances or Amazon S3 buckets, can be deployed to all governed Regions.

12. Select Create account.

    The Account factory page appears, with a message stating that AWS Control Tower is provisioning your account.