Credentials per Organisation

AWS Cloud Onboarding

Creating IAM user and Roles - Customer Prerequisites

Customer must follow bellow requirements and prepare for onboarding as follows:

1. Login to AWS Cloud portal

1. Create new IAM user (for example named: 'insight') under any Account, follow documentation: Creating an IAM user in your AWS account

2. For programmatic access, a third-party Access key needs to be created, the Access key ID and Secret access key will be required to onboard organisation with accounts.

3. IAM user need permission to assume roles, add customer inline configuration named as 'Assume_Insight_Viewer_Role' with statement bellow:

{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Sid": "Statement1",
           "Effect": "Allow",
           "Action": [
               "sts:AssumeRole"
           ],
           "Resource": "arn:aws:iam::*:role/Insight_Viewer"
       }
   ]
}

1. Roles must be created and used for all accounts including management account.

• Name: Insight_Viewer (or your naming standard, remember replace user permissions accordingly)

• Role: ReadOnlyAccess (built in role, AWS managed - job function) and custom permission "trustedadvisor:List*"

  or:

• Trust Relationships add example bellow, by changing <UserAccountID to Account ID where you created IAM user and IAM user name:

1. For getting Cloud resources enable Config service and do this for all(or relevant where resources deployed) regions: Change Region, Open AWS Config Service, select '1-click setup', select 'Confirm'. Change Account. Enable Config for all regions. Repeat for all Accounts and all Regions.

Onboarding SA - INSIGHT configuration

1. Login to INSIGHT platform

2. Open Cloud Management under Administration

3. Add AWS credentials

   • Access Key ID

   • Secret Access Key

   • Role Name (optional, but preferred way)

   • Customer Management Account ID

4. Save [done]

AWS Cloud billing Onboarding

Creating Cost Export

Customer must follow bellow requirements and prepare cost export to proceed on onboarding to INSIGHT platform. To start collecting your Cloud Billing data, you must create cost export following this guide steps you need to do:

1. Login to Cloud portal

2. Open Billing and Cost Management, Select menu: Data Exports

3. Press Create and select options:

   - Standard data export

   - Enter Export name: 'DailyExports'

   - Select 'Include resource IDs'

   - Select 'Split cost allocation data'

   - Select 'Daily'

   - Leave Selection 'Column selection (125/125)' as is

   - Select 'gzip - text/csv'

   - Select 'Overwrite existing data export file'

   - Configure S3, general purpose bucket, name it for example <prefix#-costexports-s3bucket-no#>, select your usually used region.

   - Enter S3 path prefix: 'Insight'

   - Create!

4. You need to wait for data to come in before proceeding, usually AWS sends information twice over 24 hours.

5. Open S3 Service

6. Select S3 Bucket you just created

7. Open twice objects (folders) prefix and export names, until you see data and metadata objects

8. Copy browser URL for later use.

9. If you are using custom permission sets for access then update to include additional permissions to access this bucket, add additional set named 'Insight_Costs_Viewer' (change <bucketname>):

Onboarding Cost Export

1. Login to INSIGHT platform

2. Open Cloud Management menu under Administration

3. Add Billing Export Configuration

   • Project Name [Account name where cost export data set is located]

   • Cost Export URL [Example: https://us-east-2.console.aws.amazon.com/s3/buckets/examplecostexportsname17?region=us-east-2&bucketType=general&prefix=Insight/DailyExports/]

4. Save [done]