Cloudivize Authentication

 

Definition IAM Role to Grant Cloudivize Access to Billing Reports

(This setting is optional) If you don’t provide billing report you will not be able to see the billing of each asset on your view

Cloudivize integrates into existing AWS Cost & Usage reports and shows you costs of the assets at your account in a clearer and more intuitive way.

To define Cost & Usage report follow AWS instructions here

Billing Report at "Consolidated Billing Accounts" Case

If you are not the owner of the Billing Report (e.g. in case of multiple AWS accounts and consolidated billing) then you need to provide access for the other account (let us call it secondary account) to the owning account, by creating IAM Role to delegate access

This role should grant access to two things:

  1. To query the predefined billing reports

  2. To access the S3 bucket that defined for the selected billing report

Note, the billing report is optional, Cloudivize can still work without an access to the billing report, but it will be missing the significant feature of asset charges attached to the specific asset

To create a role in the billing owning account follow the following steps

1. Create Policy
  • Sign in to the AWS Management Console as an administrator of the billing owner account, and open the IAM console
  • In the navigation pane on the left, choose Policies and then choose Create policy
  • Choose the JSON tab and copy the text from the following JSON policy document. Paste this text into the JSON text box, replacing the resource ARN (arn:aws:s3:::bucket-name/*) with the real one appropriate to your S3 bucket

 

    {

            "Version": "2012-10-17",

            "Statement": [

                       {

                               "Effect": "Allow",

                               "Action": "s3:GetObject",

                               "Resource": "arn:aws:s3:::<bucket-name>/*"

                       },

                       {

                               "Effect": "Allow",

                               "Action": "cur:DescribeReportDefinitions",

                               "Resource": "*"

                       }

             ]

     }

  • When you are finished, choose Review policy

  • On the Review page, give this policy a name you want. Review the policy Summary to see the permissions granted by your policy, and then choose Create policy to save your work

2. Create Role
  • Sign in to the AWS Management Console as an administrator of the billing owner account, and open the IAM console
  • In the navigation pane on the left, choose Roles and then choose Create role
  • Choose the Another AWS account role type
  • For Account ID, type the account ID of the secondary account you want to grant access to the reports
  • Choose Next: Permissions to set the permissions that will be associated with the role
  • Select the box next to the policy that you created above
  • Give the role a name you want

Now copy the role ARN and past it onto the Cloudivize Account Settings

  • White Twitter Icon

Copyright © Cloudivize Technologies LTD. 2020. All Rights Reserved

See & Operate Cloud Like Never Before