Versions Compared

Old Version 2

changes.mady.by.user Dhanraj Tijare

Saved on

compared with

New Version 3

changes.mady.by.user Dhanraj Tijare

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • AmazonEC2ReadOnlyAccess

  • CloudWatchReadOnlyAccess

Configuring IAM role related permissions in AWS

  1. Log in to the AWS management console

  2. Open the IAM console and from the navigation pane, choose Roles > Create Role page.

  3. Choose the Another AWS account role type.

  4. For Account ID, type 807331824280. This is AWS Account ID for Aquila Clouds.

  5. Select the Require external ID check box, to enhance security.

  6. In the External ID box, type A2I_COMPANY_EXTERNAL_ID.

  7. Choose Next: Permissions.

  8. Select the check box for the required permission.

    1. Note: Aquila Clouds recommends assigning all permissions to the IAM role to effectively use the Aquila Clouds platform.

  9. Choose Next: Review.

  10. For Role name, type a name for your role. Role names must be unique within your AWS account.

  11. Click Create Role.

  12. Navigate to the Roles page and open the new role.

  13. Select the Trust relationships tab and click Edit trust relationship.

  14. In the Policy Document, next to the Account ID, replace root with user/aquila_product_user.

  15. Save the Policy Document and in the Role Summary, copy the ARN for the role and add it in the Add Environment page of Aquila Clouds.

...

  1. Login to the Amazon S3 console. Create an S3 bucket to store the daily billing reports of your AWS resources that are generated by AWS.

  2. In the AWS Billing and Cost Management console, create a billing report and schedule daily generation of AWS cost and usage report.

  3. On the navigation pane, choose Cost & Usage Reports.

  4. Choose Reports > Create Report.

  5. For Report name, type the name for your report.

  6. For Additional report details, select Include resource IDs to associate resources with business services and click Next.

  7. In the Configure S3 bucket, select the S3 bucket created in Step 1.

  8. For the Report path prefix, define the required prefix to be prepended to the name of the report.

    1. Note: If you don't specify a prefix, the default prefix is the name that you specified for the report in Step c and the date range for the report, in the following format:
      /report-name/date-range/

  9. For Time granularity, select Daily to aggregate report data every day.

  10. Enable the Automatically refresh your Cost & Usage Report when charges are detected for previous months with closed bills checkbox.

  11. Click Next.

  12. Review the settings and click Review and Complete.

...

You can grant the access of S3 bucket to the IAM role created for Aquila Clouds platform.

Creating IAM role related policy to grant access to the S3 bucket

  1. In the AWS Management Console, in the navigation pane, choose Policies.

  2. On the Welcome to Managed Policies page, click Create Policy.

  3. Choose Create Policies with the Visual Editor.

  4. On the Visual editor tab, choose Choose a service.

  5. Select S3 service.

  6. Choose Select Actions and in the Access level group, select the List and Read check boxes.

  7. In the Resources group, select Specific.

  8. In the bucket section, click Add ARN.

  9. In the Add ARN dialog box, type the required bucket name in the Bucket name box and click Add. For instance, set the bucket name to aquila-billing-bucket.

Figure 2: ADD ARN FOR BUCKET SCREEN

    • Image Modified

  2. In the object section, click Add ARN.

  3. In the Add ARN dialog box, type the same bucket name as used for Add ARN (in Step 9) and in the Object name box type *{}(wildcard) and select the Any check box for the Object name. Verify the bucket name and object name in the Specify ARN for Object box. For instance, for the bucket name set to aquila-billing-bucket, the text in Specify ARN for Object box is set to arn:aws:s3::: aquila-billing-bucket/{*}.

...

  • ARNs

  • Payee Account ID

  • Billing bucket name and region

  • Billing report prefix and name

  • Adding AWS environment to Aquila Clouds

  1. On the top side navigation bar, select > Administration tab.

  2. On the Administration page tab, select the Manage click Environments tab.

  3. In On the Environments area page, click Add New Environment.

  4. On the Add Environment page, toggle on Active.

  5. In the Environment Type group, select Amazon AWS.

...

Figure 4: ADD ENVIRONMENT AMAZON AWS SCREEN

...

    • Image Added

  2. In the Name of the environment, type the name of AWS environment.

  3. Enter the following details for the connection parameters:

    • ARN List: Type ARN or list of ARNs that are configured in AWS for permitting access of your AWS environment to the Aquila Clouds platform.

    • Note: You would typically have a list of ARNs for managing a set of related accounts (root and its sub accounts together) by Aquila Clouds. For a set of related accounts, add the ARNs in another Environment.

    • Payee Account Id: Type the payee account ID of the AWS environment required to be managed from the Aquila Clouds platform. If an explicit Payee Account is not designated, you can type the root account ID.

    • Billing Bucket Name: Type the name of the S3 bucket created in AWS for Aquila Clouds.

    • Billing Bucket Region: Type the region code for the region that S3 bucket is created. For instance, for Ohio the region code is us-east-2.

    • Billing Report Prefix: Type the billing prefix as defined in the AWS environment without using '/'.

    • Billing Report Name: Type the name of the billing report configured in AWS for Aquila Clouds platform.

  4. Click Apply.

  5. Review the environment details and click Do you wish to confirm?.

...