How it works
From the Connect multiple accounts at once screen you provide your management account ID, choose the region, and click Generate setup commands. Uniskai then shows a set of commands to run in AWS (via AWS CloudShell). The commands create a service-managed StackSet with auto-deployment enabled and deploy it to the organization's root, which creates the Uniskai access role in every account. Uniskai detects each connection and marks the account as connected.
Because the StackSet is service-managed with auto-deployment, accounts that join the organization later are onboarded automatically.
The objects involved in this setup:
Resource | Name / Type | Purpose |
StackSet IAM roles | StackSet administration role (management account) and execution roles (each account) | Allow CloudFormation to deploy across the organization's accounts. |
CloudFormation StackSet | Uniskai-StackSet-… (service-managed) | Deploys the access role across all organization accounts and auto-deploys to new ones. |
Access role | IAM role, one per connected account | The role Uniskai assumes in each account to read cost and inventory data and to take optimization actions. |
This method connects accounts with read/write access and does not offer an access-level choice.
Prerequisites
Before you start:
You know your AWS management account ID.
You can sign in to the management account to run the commands.
You can run the generated commands in AWS CloudShell.
Setup steps
Step 1 — Open the multiple-accounts screen
In Uniskai, open Account Manager → Add New Account → Amazon Web Services → Connect Multiple Accounts.
Step 2 — Select the connection method
Under Connection method, select Connect entire AWS Organization — "Enter your management account ID to onboard all organization accounts automatically."
Step 3 — Enter the management account ID
In the Management account ID field, enter your AWS management account ID (for example, 123456789012).
Step 4 — Select the region
Open the Region dropdown and select the AWS Region (default us-east-1).
Step 5 — Generate the setup commands
Under Start connection, click Generate setup commands. The button becomes active once a management account ID is entered.
Step 6 — Open AWS CloudShell in the management account
The screen switches to Run in AWS and shows: "Run these commands in account <management account ID>. Make sure you are logged into this account."
Sign in to that account and open AWS CloudShell.
The commands include a one-time token that expires in 1 hour. The screen shows a session timer (for example, "Session open — closes in 59m 30s"). Run the commands within that window.
Step 7 — Run each command block in order
Copy each block with its copy button and run it in CloudShell, in order:
Bootstrap IAM roles — enables CloudFormation StackSet access for the organization and creates the StackSet administration role, plus an execution role in every active organization account.
Create StackSet — creates the service-managed StackSet (with auto-deployment enabled) from the Uniskai template.
Deploy to accounts — deploys the StackSet to the organization's root, which creates the Uniskai access role in all accounts.
Run all three blocks in the same AWS account and shell ("Run this in the same AWS account and shell where you ran the first command").
Step 8 — Watch the connection status
Return to the Uniskai screen. It shows "Waiting for CloudFormation to start your stack instances — this usually takes 2–5 minutes."
The progress label updates (for example, "2 accounts connected so far"), and the status table moves each account from Pending to Connected, with a View environment → link→Account manager opens with added account
Results
After completing the steps:
The Uniskai access role exists in every account in the organization.
All organization accounts appear as Connected and are available from Account Manager.
Accounts that join the organization later are onboarded automatically.
Resources and cost data from the connected accounts become available across the Dashboard, Cloudview, and optimization features.
Key notes / limitations
Connects with read/write access. This method does not offer an access-level choice.
Auto-onboards future accounts. The service-managed StackSet with auto-deployment connects accounts added to the organization later, automatically.
Run the commands in the management account. Use the same account and shell for all three command blocks.
The setup token is one-time and expires in 1 hour. Generate and run the commands within the session window shown.
Verifying it worked
The connection is confirmed when the status table shows each account as Connected (green) with a View environment → link, and the connected accounts appear under the master in Account Manager. To verify on the AWS side, run aws cloudformation list-stack-instances --stack-set-name <your-stackset-name> in CloudShell and confirm each instance reports SUCCEEDED.







