Get instances for multiple tenants

Is there any way to query the API for a list of instances under one or more tenants?
I’d hoped that we’d be able to have an account within the master account that could obtain instance lists from other tenants but appears it’s just locked to the one that the user resides in.
We need our internal billing system to be able to query usage across multiple tenants but I can’t see how to achieve this without having a user account within each tenant.
Same goes for provisioning - can a master user/account provision in to another tenant on behalf of an organisation?

Hello @markp! I hope you are doing well.

Unfortunately, a user in each tenant would be required in these scenarios, which would be used to query the data in each tenant. There was a similar request I made on our Ideas section, which would allow administration from the master tenant. However, there are ISO restrictions, noted in the thread, that prevents this possibility.

There are some options on the provisioning front. You could create the clouds in your primary tenant and share them, either publicly or privately, to your tenants. If the cloud is in your primary tenant, you could provision to the cloud and then assign the instance to the tenant afterwards (you assign the VM and can move the associated instance). That said, once the instance is assigned to the sub tenant, it will not be visible or configurable in the primary tenant, only the VM can be seen in the cloud view to be able to reassign if needed. You could pull costing from the primary tenant though, specifying specific tenants for example, such as in the “Cloud Cost” report. As well, there is an “Instance Inventory Summary” report, which can give you details on your instances in tenants as well.

I’d read more here on assigning clouds and resources, if it seems a fit:
https://docs.morpheusdata.com/en/latest/administration/tenants/configuring_multi_tenancy.html?#resources

Hope that helps!

Thanks very much for the detailed response and information. I can see the pro’s and con’s as well as the implications of such functionality, however it would be advantageous to have visibility across tenants in some respects - even if it was just read-only for reporting purposes.

This was my solution (idea) to become sox compliant and obtain access to items inside of the subdomain service boundary of a subtenant in morpheus: