Skip to main content

Setup AWS credential for cost

  • You need to create a user with a SecurityAudit policy
  1. Log into your AWS account as an admin or with permission to create IAM resources.
  2. Navigate to the IAM console.
  3. Click on Users
  4. Create a new user (Add user)
  5. Set the username of your choice or meghops-cost
  6. Select "Attach existing policies directly" and select the SecurityAudit policy.
  7. Now click on "Create policy" to create a supplemental policy (since some permissions are not included in SecurityAudit).
  8. Click the "JSON" tab and paste the following permission set.
    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Sid": "1",
    "Effect": "Allow",
    "Action": [
    "ec2:DescribeRegions",
    "ec2:DescribeInstances",
    "ec2:DescribeVolumes",
    "ec2:DescribeVpcs",
    "ec2:DescribeSecurityGroups",
    "ec2:DescribeNatGateways",
    "ec2:DescribeRouteTables",
    "ec2:DescribeSnapshots",
    "ec2:DescribeNetworkAcls",
    "ec2:DescribeKeyPairs",
    "ec2:DescribeInternetGateways"
    ],
    "Resource": "*"
    },
    {
    "Sid": "2",
    "Effect": "Allow",
    "Action": [
    "ec2:DescribeAddresses",
    "ec2:DescribeSnapshots",
    "ec2:DescribeSubnets",
    "elasticloadbalancing:DescribeLoadBalancers",
    "autoscaling:DescribeAutoScalingGroups",
    "ce:GetCostAndUsage",
    "s3:ListAllMyBuckets",
    "apigateway:GET"
    ],
    "Resource": "*"
    },
    {
    "Sid": "3",
    "Effect": "Allow",
    "Action": [
    "lambda:ListFunctions",
    "dynamodb:ListTables",
    "dynamodb:DescribeTable",
    "rds:DescribeDBInstances",
    "cloudwatch:DescribeAlarms",
    "cloudfront:ListDistributions",
    "ecs:ListServices",
    "ecs:ListTasks",
    "ecs:ListClusters"
    ],
    "Resource": "*"
    },
    {
    "Sid": "4",
    "Effect": "Allow",
    "Action": [
    "sqs:ListQueues",
    "route53:ListHostedZones",
    "sns:ListTopics",
    "iam:ListGroups",
    "iam:ListRoles",
    "iam:ListPolicies",
    "iam:ListUsers",
    "s3:GetBucketLocation",
    "apigateway:GET"
    ],
    "Resource": "*"
    },
    {
    "Sid": "5",
    "Effect": "Allow",
    "Action": [
    "acm:ListCertificates",
    "mq:ListBrokers",
    "cloudwatch:GetMetricStatistics",
    "cloudtrail:LookupEvents",
    "ce:GetCostAndUsage",
    "ce:GetCostForecast",
    "datapipeline:ListPipelines",
    "ec2:DescribeReservedInstances",
    "ec2:DescribeSpotFleetRequests",
    "ec2:DescribeScheduledInstances",
    "eks:ListClusters",
    "elasticache:DescribeCacheClusters",
    "es:ListDomainNames",
    "logs:DescribeLogGroups"
    ],
    "Resource": "*"
    },
    {
    "Sid": "6",
    "Effect": "Allow",
    "Action": [
    "glue:GetCrawlers",
    "glue:GetJobs",
    "organizations:DescribeOrganization",
    "iam:GetUser",
    "kinesis:ListStreams",
    "kinesis:ListShards",
    "kms:ListKeys",
    "redshift:DescribeClusters",
    "tag:GetResources",
    "route53:ListResourceRecordSets",
    "support:DescribeCases",
    "swf:ListDomains"
    ],
    "Resource": "*"
    },
    {
    "Sid": "7",
    "Effect": "Allow",
    "Action": [
    "ecs:DescribeServices",
    "ecs:DescribeTasks",
    "ecs:DescribeClusters",
    "glacier:ListVaults",
    "ec2:DescribeSpotFleetInstances"
    ],
    "Resource": "*"
    }
    ]
    }
  9. Click on next
  10. Provide a name and click Create policy
  11. Return to the Create user page and attach the newly-created policy. Then click Next: tags. (Make sure you refresh the page otherwise, you might not see the newly created policy)
  12. Set tags as needed and then click on Create user. New user will be created
  13. Now to generating the access credentials goto Users
  14. Select the user you created a few moments ago.
  15. Now goto Security credentials tab
  16. Scroll down to the Access keys section and click on Create access key
  17. Now select Application running outside AWS then Next
  18. Finally, give a descriptive name and click on Create access key
  19. Make sure you safely store the Access key ID and Secret access key, those will need on the MeghOps platform.

Now let's add this credential to MeghOps

  1. Goto https://app.meghops.com/auth/login and login with your account
  2. Now go to settings by clicking the top right corner ( Profile avatar) then Settingsimage
  3. From the settings page go to Cloud accounts then click on Add credential.
    imageimage
  4. Now from this dialog select AWS and checkmark on Cost now put your AWS credential then click on Submitimage
  5. Done!