Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This section lists the permissions that are required to get the organizational metadata on the Aquila Clouds FinOps platform. This enables you to fetch metadata for multiple customers associated with a master account. For instance, if Customer A and B are associated with a master account, these permissions enable to fetch the metadata for both customers.
{

    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "organizations:Describe*",
                "organizations:List*"
            ],
            "Resource": "*"
        }
    ]
}

Permissions for cost optimization recommendations

This section lists the permissions that enable the cost optimization recommendations in Aquila Clouds FinOps platform for your organization’s AWS resources.

ec2:DescribeSnapshots,

ec2:DescribeVolumes,

ec2:DescribeVolumeStatus,

ec2:DescribeSnapshotAttribute,

ec2:DescribeInstances,

ec2:DescribeVolumeAttribute,

ec2:DescribeInstanceStatus,

ec2:DescribeTags,

ecs:List*,

ecs:Describe*,

eks:List*,

eks:Describe*,

ec2:Describe*,

elasticloadbalancing:Describe*,

cloudwatch:ListMetrics,

cloudwatch:GetMetricStatistics,

cloudwatch:GetMetricData,

cloudwatch:Describe*,

autoscaling:Describe*,

Permissions for supporting cost optimization actions based on the recommendations

This section lists the permissions that enable cost optimization actions based on the recommendations in the OPTIMIZER tab in the Aquila Clouds FinOps platform for your organization’s AWS resources.

ec2:CopySnapshot

ec2:ModifyVolumeAttribute, 

ec2:CreateImage,

ec2:ResetInstanceAttribute,

ec2:CopyImage,

 ec2:StartInstances,

 ec2:StopInstances

 ec2:ImportSnapshot,

ec2:CreateLaunchTemplateVersion,

ec2:CreateLaunchTemplate,

ec2:ModifyInstanceCreditSpecification,

ec2:AssociateIamInstanceProfile

ec2:UnmonitorInstances

ec2:MonitorInstances,

ec2:ReportInstanceStatus,

ec2:DeleteVolume,

ec2:ModifySnapshotAttribute,

ec2:StartInstances,

ec2:CreatePlacementGroup,

ec2:ImportImage,

ec2:DetachVolume,

ec2:ModifyVolume,

ec2:ResetImageAttribute,

ec2:CreateTags,

ec2:RegisterImage,

ec2:ModifyInstanceEventStartTime,

ec2:RunInstances,

ec2:StopInstances,

ec2:CreateVolume,

ec2:EnableVolumeIO,

ec2:AttachVolume,

ec2:ImportVolume,

ec2:RequestSpotInstances,

ec2:DeleteTags,

ec2:RunScheduledInstances,

ec2:RequestSpotFleet,

ec2:ModifyImageAttribute,

ec2:CreateSnapshot,

ec2:ModifyInstanceAttribute,

ec2:ModifyReservedInstances,

ec2:RebootInstances,

ec2:CreateInstanceExportTask,

ec2:ModifyInstancePlacement,

ec2:TerminateInstances,

ec2:ImportInstance,

ec2:ResetSnapshotAttribute,

ec2:ModifyInstanceCapacityReservationAttributes

Comprehensive set of permissions for the entire set of features

This section lists comprehensive set of permissions for the entire set of features in the Aquila Clouds FinOps platform for your organization’s AWS resources.

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "VisualEditor0",

"Effect": "Allow",

"Action": [

"ec2:CopySnapshot",

"ec2:DescribeInstances",

"ec2:UnmonitorInstances",

"ec2:ModifyVolumeAttribute",

"ec2:MonitorInstances",

"ec2:CreateImage",

"ec2:ResetInstanceAttribute",

"ec2:CopyImage",

"ec2:DescribeSnapshots",

"ec2:ReportInstanceStatus",

"ec2:DeleteVolume",

"ec2:DescribeVolumeStatus",

"ec2:ModifySnapshotAttribute",

"ec2:StartInstances",

"ec2:CreatePlacementGroup",

"ec2:DescribeVolumes",

"ec2:ImportImage",

"ec2:DetachVolume",

"ec2:ModifyVolume",

"ec2:ResetImageAttribute",

"ec2:CreateTags",

"ec2:DescribeSnapshotAttribute",

"ec2:RegisterImage",

"ec2:ModifyInstanceEventStartTime",

"ec2:RunInstances",

"ec2:StopInstances",

"ec2:DescribeVolumeAttribute",

"ec2:CreateVolume",

"ec2:EnableVolumeIO",

"ec2:ModifyInstanceCapacityReservationAttributes",

"ec2:AttachVolume",

"ec2:ImportVolume",

"ec2:RequestSpotInstances",

"ec2:DeleteTags",

"ec2:RunScheduledInstances",

"ec2:RequestSpotFleet",

"ec2:ModifyImageAttribute",

"ec2:CreateSnapshot",

"ec2:ModifyInstanceAttribute",

"ec2:ModifyReservedInstances",

"ec2:DescribeInstanceStatus",

"ec2:RebootInstances",

"ec2:CreateInstanceExportTask",

"ec2:ModifyInstancePlacement",

"ec2:TerminateInstances",

"ec2:ImportInstance",

"ec2:DescribeTags",

"ec2:ResetSnapshotAttribute",

"ec2:ImportSnapshot",

"ec2:CreateLaunchTemplateVersion",

"ec2:CreateLaunchTemplate",

"ec2:ModifyInstanceCreditSpecification",

"ec2:AssociateIamInstanceProfile",

"ecs:List*",

"ecs:Describe*",

"eks:List*",

"eks:Describe*",

"ec2:Describe*",

"elasticloadbalancing:Describe*",

"cloudwatch:ListMetrics",

"cloudwatch:GetMetricStatistics",

"cloudwatch:GetMetricData",

"cloudwatch:Describe*",

"autoscaling:Describe*",

"ec2:DescribeInstances",

"ec2:StartInstances",

"ec2:StopInstances",

"rds:DescribeReservedDBInstances",

"rds:ListTagsForResource",

"rds:DescribeDBInstances",

"rds:DescribeDBParameters",

"pi:*",

"rds:DescribeDBClusters"

],

"Resource": "*"

}

]

}

Configuring IAM role related permissions in AWS

...