...
This section lists the permissions that are required to get the organizational metadata on the Aquila Clouds FinOps platform. This enables you to fetch metadata for multiple customers associated with a master account. For instance, if Customer A and B are associated with a master account, these permissions enable to fetch the metadata for both customers.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"organizations:Describe*",
"organizations:List*"
],
"Resource": "*"
}
]
}
Permissions for cost optimization recommendations
This section lists the permissions that enable the cost optimization recommendations in Aquila Clouds FinOps platform for your organization’s AWS resources.
ec2:DescribeSnapshots,
ec2:DescribeVolumes,
ec2:DescribeVolumeStatus,
ec2:DescribeSnapshotAttribute,
ec2:DescribeInstances,
ec2:DescribeVolumeAttribute,
ec2:DescribeInstanceStatus,
ec2:DescribeTags,
ecs:List*,
ecs:Describe*,
eks:List*,
eks:Describe*,
ec2:Describe*,
elasticloadbalancing:Describe*,
cloudwatch:ListMetrics,
cloudwatch:GetMetricStatistics,
cloudwatch:GetMetricData,
cloudwatch:Describe*,
autoscaling:Describe*,
Permissions for supporting cost optimization actions based on the recommendations
This section lists the permissions that enable cost optimization actions based on the recommendations in the OPTIMIZER tab in the Aquila Clouds FinOps platform for your organization’s AWS resources.
ec2:CopySnapshot
ec2:ModifyVolumeAttribute,
ec2:CreateImage,
ec2:ResetInstanceAttribute,
ec2:CopyImage,
ec2:StartInstances,
ec2:StopInstances
ec2:ImportSnapshot,
ec2:CreateLaunchTemplateVersion,
ec2:CreateLaunchTemplate,
ec2:ModifyInstanceCreditSpecification,
ec2:AssociateIamInstanceProfile
ec2:UnmonitorInstances
ec2:MonitorInstances,
ec2:ReportInstanceStatus,
ec2:DeleteVolume,
ec2:ModifySnapshotAttribute,
ec2:StartInstances,
ec2:CreatePlacementGroup,
ec2:ImportImage,
ec2:DetachVolume,
ec2:ModifyVolume,
ec2:ResetImageAttribute,
ec2:CreateTags,
ec2:RegisterImage,
ec2:ModifyInstanceEventStartTime,
ec2:RunInstances,
ec2:StopInstances,
ec2:CreateVolume,
ec2:EnableVolumeIO,
ec2:AttachVolume,
ec2:ImportVolume,
ec2:RequestSpotInstances,
ec2:DeleteTags,
ec2:RunScheduledInstances,
ec2:RequestSpotFleet,
ec2:ModifyImageAttribute,
ec2:CreateSnapshot,
ec2:ModifyInstanceAttribute,
ec2:ModifyReservedInstances,
ec2:RebootInstances,
ec2:CreateInstanceExportTask,
ec2:ModifyInstancePlacement,
ec2:TerminateInstances,
ec2:ImportInstance,
ec2:ResetSnapshotAttribute,
ec2:ModifyInstanceCapacityReservationAttributes
Comprehensive set of permissions for the entire set of features
This section lists comprehensive set of permissions for the entire set of features in the Aquila Clouds FinOps platform for your organization’s AWS resources.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:CopySnapshot",
"ec2:DescribeInstances",
"ec2:UnmonitorInstances",
"ec2:ModifyVolumeAttribute",
"ec2:MonitorInstances",
"ec2:CreateImage",
"ec2:ResetInstanceAttribute",
"ec2:CopyImage",
"ec2:DescribeSnapshots",
"ec2:ReportInstanceStatus",
"ec2:DeleteVolume",
"ec2:DescribeVolumeStatus",
"ec2:ModifySnapshotAttribute",
"ec2:StartInstances",
"ec2:CreatePlacementGroup",
"ec2:DescribeVolumes",
"ec2:ImportImage",
"ec2:DetachVolume",
"ec2:ModifyVolume",
"ec2:ResetImageAttribute",
"ec2:CreateTags",
"ec2:DescribeSnapshotAttribute",
"ec2:RegisterImage",
"ec2:ModifyInstanceEventStartTime",
"ec2:RunInstances",
"ec2:StopInstances",
"ec2:DescribeVolumeAttribute",
"ec2:CreateVolume",
"ec2:EnableVolumeIO",
"ec2:ModifyInstanceCapacityReservationAttributes",
"ec2:AttachVolume",
"ec2:ImportVolume",
"ec2:RequestSpotInstances",
"ec2:DeleteTags",
"ec2:RunScheduledInstances",
"ec2:RequestSpotFleet",
"ec2:ModifyImageAttribute",
"ec2:CreateSnapshot",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyReservedInstances",
"ec2:DescribeInstanceStatus",
"ec2:RebootInstances",
"ec2:CreateInstanceExportTask",
"ec2:ModifyInstancePlacement",
"ec2:TerminateInstances",
"ec2:ImportInstance",
"ec2:DescribeTags",
"ec2:ResetSnapshotAttribute",
"ec2:ImportSnapshot",
"ec2:CreateLaunchTemplateVersion",
"ec2:CreateLaunchTemplate",
"ec2:ModifyInstanceCreditSpecification",
"ec2:AssociateIamInstanceProfile",
"ecs:List*",
"ecs:Describe*",
"eks:List*",
"eks:Describe*",
"ec2:Describe*",
"elasticloadbalancing:Describe*",
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:GetMetricData",
"cloudwatch:Describe*",
"autoscaling:Describe*",
"ec2:DescribeInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"rds:DescribeReservedDBInstances",
"rds:ListTagsForResource",
"rds:DescribeDBInstances",
"rds:DescribeDBParameters",
"pi:*",
"rds:DescribeDBClusters"
],
"Resource": "*"
}
]
}
Configuring IAM role related permissions in AWS
...