Finishing up in your management account
substrate setupexits, you should add
.substrate.*to your version control system's ignore list (e.g.
.gitignore) and commit the rest of the files Substrate generated to version control.
Test out your shiny new integration between AWS and your identity provider by fetching some temporary AWS credentials to use today and to learn the command you can use to get new credentials tomorrow:
eval $(substrate credentials)
With this working, we can tidy up your management account.
As a final test before deleting your root access key, verify that you can run
substrate assume-role -management. If so, you can finally delete your root and OrganizationAdministrator access keys. They're simply security liabilities. Let's delete them:
substrate delete-static-access-keysto delete access keys for the Substrate IAM user in your management account
- 3.Scroll to the Access keys section
- 4.Select your root access key
- 5.Click Actions
- 6.Click Delete
- 7.Click Deactivate
- 8.Paste the access key ID into the confirmation prompt
- 9.Click Delete
From now on, the Credential and Instance Factories are how you access your organization via the command line.
While you're logged into your management account using the root credentials, follow these steps to delegate access to billing data to people and tools assuming IAM roles.
- 2.Open the IAM User and Role Access to Billing Information section
- 3.Check “Activate IAM Access”
- 4.Click Update
- 6.Click Enable Cost Explorer or Launch Cost Explorer (whichever is displayed)