Setup AWS credential for cost

• You need to create a user with a SecurityAudit policy

1. Log into your AWS account as an admin or with permission to create IAM resources.
2. Navigate to the IAM console.
3. Click on Users
4. Create a new user (Add user)
5. Set the username of your choice or meghops-cost
6. Select "Attach existing policies directly" and select the SecurityAudit policy.
7. Now click on "Create policy" to create a supplemental policy (since some permissions are not included in SecurityAudit).
8. Click the "JSON" tab and paste the following permission set.

   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Sid": "1",
               "Effect": "Allow",
               "Action": [
                   "ec2:DescribeRegions",
                   "ec2:DescribeInstances",
                   "ec2:DescribeVolumes",
                   "ec2:DescribeVpcs",
                   "ec2:DescribeSecurityGroups",
                   "ec2:DescribeNatGateways",
                   "ec2:DescribeRouteTables",
                   "ec2:DescribeSnapshots",
                   "ec2:DescribeNetworkAcls",
                   "ec2:DescribeKeyPairs",
                   "ec2:DescribeInternetGateways"
               ],
               "Resource": "*"
           },
           {
               "Sid": "2",
               "Effect": "Allow",
               "Action": [
                   "ec2:DescribeAddresses",
                   "ec2:DescribeSnapshots",
                   "ec2:DescribeSubnets",
                   "elasticloadbalancing:DescribeLoadBalancers",
                   "autoscaling:DescribeAutoScalingGroups",
                   "ce:GetCostAndUsage",
                   "s3:ListAllMyBuckets",
                   "apigateway:GET"
               ],
               "Resource": "*"
           },
           {
               "Sid": "3",
               "Effect": "Allow",
               "Action": [
                   "lambda:ListFunctions",
                   "dynamodb:ListTables",
                   "dynamodb:DescribeTable",
                   "rds:DescribeDBInstances",
                   "cloudwatch:DescribeAlarms",
                   "cloudfront:ListDistributions",
                   "ecs:ListServices",
                   "ecs:ListTasks",
                   "ecs:ListClusters"
               ],
               "Resource": "*"
           },
           {
               "Sid": "4",
               "Effect": "Allow",
               "Action": [
                   "sqs:ListQueues",
                   "route53:ListHostedZones",
                   "sns:ListTopics",
                   "iam:ListGroups",
                   "iam:ListRoles",
                   "iam:ListPolicies",
                   "iam:ListUsers",
                   "s3:GetBucketLocation",
                   "apigateway:GET"
               ],
               "Resource": "*"
           },
           {
               "Sid": "5",
               "Effect": "Allow",
               "Action": [
                   "acm:ListCertificates",
                   "mq:ListBrokers",
                   "cloudwatch:GetMetricStatistics",
                   "cloudtrail:LookupEvents",
                   "ce:GetCostAndUsage",
                   "ce:GetCostForecast",
                   "datapipeline:ListPipelines",
                   "ec2:DescribeReservedInstances",
                   "ec2:DescribeSpotFleetRequests",
                   "ec2:DescribeScheduledInstances",
                   "eks:ListClusters",
                   "elasticache:DescribeCacheClusters",
                   "es:ListDomainNames",
                   "logs:DescribeLogGroups"
               ],
               "Resource": "*"
           },
           {
               "Sid": "6",
               "Effect": "Allow",
               "Action": [
                   "glue:GetCrawlers",
                   "glue:GetJobs",
                   "organizations:DescribeOrganization",
                   "iam:GetUser",
                   "kinesis:ListStreams",
                   "kinesis:ListShards",
                   "kms:ListKeys",
                   "redshift:DescribeClusters",
                   "tag:GetResources",
                   "route53:ListResourceRecordSets",
                   "support:DescribeCases",
                   "swf:ListDomains"
               ],
               "Resource": "*"
           },
           {
               "Sid": "7",
               "Effect": "Allow",
               "Action": [
                   "ecs:DescribeServices",
                   "ecs:DescribeTasks",
                   "ecs:DescribeClusters",
                   "glacier:ListVaults",
                   "ec2:DescribeSpotFleetInstances"
               ],
               "Resource": "*"
           }
       ]
   }
9. Click on next
10. Provide a name and click Create policy
11. Return to the Create user page and attach the newly-created policy. Then click Next: tags. (Make sure you refresh the page otherwise, you might not see the newly created policy)
12. Set tags as needed and then click on Create user. New user will be created
13. Now to generating the access credentials goto Users
14. Select the user you created a few moments ago.
15. Now goto Security credentials tab
16. Scroll down to the Access keys section and click on Create access key
17. Now select Application running outside AWS then Next
18. Finally, give a descriptive name and click on Create access key
19. Make sure you safely store the Access key ID and Secret access key, those will need on the MeghOps platform.

Now let's add this credential to MeghOps

1. Goto https://app.meghops.com/auth/login and login with your account
2. Now go to settings by clicking the top right corner ( Profile avatar) then Settings
3. From the settings page go to Cloud accounts then click on Add credential.
   
4. Now from this dialog select AWS and checkmark on Cost now put your AWS credential then click on Submit
5. Done!