Page Comparison

...

Identify the permissions required in AWS

Before you configure AWS environment for Aquila Clouds platform, understand and identify all the permissions required by your organization for effectively monitoring and managing AWS resources.

Permissions for cost recommendations, alerts, utilization, Container and Application dashboard

This section lists the permissions that enable the cost recommendations, alerts and Container and Application dashboards in Aquila Clouds platform for your organization's AWS resources.
ec2:DescribeSnapshots,
ec2:DescribeVolumes,
ec2:DescribeVolumeStatus,
ec2:DescribeSnapshotAttribute,
ec2:DescribeInstances,
ec2:DescribeVolumeAttribute,
ec2:DescribeInstanceStatus,
ec2:DescribeTags,
ecs:List*,
ecs:Describe*,
eks:List*,
eks:Describe*,
ec2:Describe*,
elasticloadbalancing:Describe*,
cloudwatch:ListMetrics,
cloudwatch:GetMetricStatistics,
cloudwatch:GetMetricData,
cloudwatch:Describe*,
autoscaling:Describe*,

Permissions for actions in the Recommendations dashboard and Action console

This section lists the permissions that enable actions in the Recommendations dashboard and Action console in the Aquila Clouds platform for your organization's AWS resources.
ec2:CopySnapshot
ec2:ModifyVolumeAttribute,
ec2:CreateImage,
ec2:ResetInstanceAttribute,
ec2:CopyImage,
ec2:StartInstances,
ec2:StopInstances
ec2:ImportSnapshot,
ec2:CreateLaunchTemplateVersion,
ec2:CreateLaunchTemplate,
ec2:ModifyInstanceCreditSpecification,
ec2:AssociateIamInstanceProfile
ec2:UnmonitorInstances
ec2:MonitorInstances,
ec2:ReportInstanceStatus,
ec2:DeleteVolume,
ec2:ModifySnapshotAttribute,
ec2:StartInstances,
ec2:CreatePlacementGroup,
ec2:ImportImage,
ec2:DetachVolume,
ec2:ModifyVolume,
ec2:ResetImageAttribute,
ec2:CreateTags,
ec2:RegisterImage,
ec2:ModifyInstanceEventStartTime,
ec2:RunInstances,
ec2:StopInstances,
ec2:CreateVolume,
ec2:EnableVolumeIO,
ec2:AttachVolume,
ec2:ImportVolume,
ec2:RequestSpotInstances,
ec2:DeleteTags,
ec2:RunScheduledInstances,
ec2:RequestSpotFleet,
ec2:ModifyImageAttribute,
ec2:CreateSnapshot,
ec2:ModifyInstanceAttribute,
ec2:ModifyReservedInstances,
ec2:RebootInstances,
ec2:CreateInstanceExportTask,
ec2:ModifyInstancePlacement,
ec2:TerminateInstances,
ec2:ImportInstance,
ec2:ResetSnapshotAttribute,
ec2:ModifyInstanceCapacityReservationAttributes

Comprehensive set of permissions for the entire set of features

This section lists comprehensive set of permissions for the entire set of features in the Aquila Clouds platform for your organization's AWS resources.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:CopySnapshot",
"ec2:DescribeInstances",
"ec2:UnmonitorInstances",
"ec2:ModifyVolumeAttribute",
"ec2:MonitorInstances",
"ec2:CreateImage",
"ec2:ResetInstanceAttribute",
"ec2:CopyImage",
"ec2:DescribeSnapshots",
"ec2:ReportInstanceStatus",
"ec2:DeleteVolume",
"ec2:DescribeVolumeStatus",
"ec2:ModifySnapshotAttribute",
"ec2:StartInstances",
"ec2:CreatePlacementGroup",
"ec2:DescribeVolumes",
"ec2:ImportImage",
"ec2:DetachVolume",
"ec2:ModifyVolume",
"ec2:ResetImageAttribute",
"ec2:CreateTags",
"ec2:DescribeSnapshotAttribute",
"ec2:RegisterImage",
"ec2:ModifyInstanceEventStartTime",
"ec2:RunInstances",
"ec2:StopInstances",
"ec2:DescribeVolumeAttribute",
"ec2:CreateVolume",
"ec2:EnableVolumeIO",
"ec2:ModifyInstanceCapacityReservationAttributes",
"ec2:AttachVolume",
"ec2:ImportVolume",
"ec2:RequestSpotInstances",
"ec2:DeleteTags",
"ec2:RunScheduledInstances",
"ec2:RequestSpotFleet",
"ec2:ModifyImageAttribute",
"ec2:CreateSnapshot",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyReservedInstances",
"ec2:DescribeInstanceStatus",
"ec2:RebootInstances",
"ec2:CreateInstanceExportTask",
"ec2:ModifyInstancePlacement",
"ec2:TerminateInstances",
"ec2:ImportInstance",
"ec2:DescribeTags",
"ec2:ResetSnapshotAttribute",
"ec2:ImportSnapshot",
"ec2:CreateLaunchTemplateVersion",
"ec2:CreateLaunchTemplate",
"ec2:ModifyInstanceCreditSpecification",
"ec2:AssociateIamInstanceProfile",
"ecs:List*",
"ecs:Describe*",
"eks:List*",
"eks:Describe*",
"ec2:Describe*",
"elasticloadbalancing:Describe*",
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:GetMetricData",
"cloudwatch:Describe*",
"autoscaling:Describe*",
"ec2:DescribeInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"rds:DescribeReservedDBInstances",
"rds:ListTagsForResource",
"rds:DescribeDBInstances",
"rds:DescribeDBParameters",
"pi:*",
"rds:DescribeDBClusters"
],
"Resource": "*"
}
]
}

Permissions for billing reports

...

1. Log in to the AWS management console

2. Open the IAM console and from the navigation pane, choose Roles > Create Role page.

3. Choose the Another AWS account role type.

4. For Account ID, type 807331824280 813367342454. This is AWS Account ID for Aquila Clouds.

5. Select the Require external ID check box, to enhance security.

6. In the External ID box, type A2I_COMPANY_EXTERNAL_ID.

7. Choose Next: Permissions.

8. Select the check box for the required permission.

   1. Note: Aquila Clouds recommends assigning all permissions to the IAM role to effectively use the Aquila Clouds platform.

9. Choose Next: Review.

10. For Role name, type a name for your role. Role names must be unique within your AWS account.

11. Click Create Role.

12. Navigate to the Roles page and open the new role.

13. Select the Trust relationships tab and click Edit trust relationship.

14. In the Policy Document, next to the Account ID, replace root with user/aquila_product_user.

15. Save the Policy Document and in the Role Summary, copy the ARN for the role and add it in the Add Environment page of Aquila Clouds.

...