Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. On the side navigation bar, select Administration tab.

  2. On the Administration tab, click Environments.

  3. On the Environments page, click Add.

  4. On the Add Environment page, toggle on Active.

  5. In the Environment Type group, select Amazon AWS.

  6. In the Connection Type list, select AWS IAM Credentials.

  7. In the Name of the environment, type the name of AWS environment.

  8. Enter the following details for the connection parameters:

    • Account Id: Type the account ID of the AWS environment required to be managed from the Aquila Clouds platform. If an explicit Payee Account is not designated, you can type the root account ID.

    • Access Key ID: Type the access key ID that you have created for programmatic calls to AWS. For example, AKIAIOSFODNN7EXAMPLE.

    • Secret Access Key: Type the secret key that you have created. For example, JalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY.

  9. Click Apply.

  10. Review the environment details and click Do you wish to confirm?. AWS environment is configured in Aquila Clouds. You can start monitoring and managing AWS resources from Aquila Clouds platform according to the permissions defined in AWS environment.

...

Quick Reference - CFT Permissions

Service

Type

Permissions

AWS Organizations

organizations

organizations:Describe*
organizations:List*

Amazon Elastic Compute Cloud (ASG)

autoscaling

autoscaling:Describe*

Amazon Elastic Compute Cloud (EC2)

ec2

ec2:Describe*
ec2:DescribeInstanceStatus
ec2:DescribeInstances
ec2:DescribeSnapshotAttribute
ec2:DescribeSnapshots
ec2:DescribeTags
ec2:DescribeVolumeAttribute
ec2:DescribeVolumeStatus
ec2:DescribeVolumes

Amazon Elastic Compute Cloud (elb)

elasticloadbalancing

elasticloadbalancing:Describe*

Cloudwatch

cloudwatch

cloudwatch:Describe*
cloudwatch:GetMetricData
cloudwatch:GetMetricStatistics
cloudwatch:ListMetrics

Elastic Container Registry

ecr-public

ecr-public:DescribeImageTags
ecr-public:DescribeImages
ecr-public:DescribeRegistries
ecr-public:DescribeRepositories
ecr-public:GetRegistryCatalogData
ecr-public:GetRepositoryCatalogData
ecr-public:GetRepositoryPolicy
ecr-public:ListTagsForResource
ecr-public:TagResource

Elastic Container Registry

ecr-private

ecr:DescribeImages
ecr:DescribeRegistry
ecr:DescribeRepositories
ecr:GetLifecyclePolicy
ecr:GetLifecyclePolicyPreview
ecr:GetRegistryPolicy
ecr:GetRepositoryPolicy
ecr:ListImages
ecr:ListTagsForResource,

Elastic Container Service

ecs

ecs:Describe
ecs:List*

Elastic Kubernetes Service

eks

eks:Describe*
eks:List*

Elastic Filesystem

elasticfilesystem

elasticfilesystem:ClientMount
elasticfilesystem:DescribeAccessPoints
elasticfilesystem:DescribeAccountPreferences
elasticfilesystem:DescribeBackupPolicy
elasticfilesystem:DescribeFileSystemPolicy
elasticfilesystem:DescribeFileSystems
elasticfilesystem:DescribeLifecycleConfiguration
elasticfilesystem:DescribeMountTargetSecurityGroups
elasticfilesystem:DescribeMountTargets
elasticfilesystem:DescribeTags
elasticfilesystem:ListTagsForResource

Relational Database Service

rds

pi

pi:*
rds:DescribeDBClusters
rds:DescribeDBInstances
rds:DescribeDBParameters
rds:DescribeReservedDBInstances
rds:ListTagsForResource

Simple Storage Service

s3

s3:GetBucketLocation
s3:GetBucketPolicy
s3:GetBucketPolicyStatus
s3:GetBucketTagging
s3:GetBucketVersioning
s3:GetEncryptionConfiguration
s3:GetIntelligentTieringConfiguration
s3:GetInventoryConfiguration
s3:GetLifecycleConfiguration
s3:GetMetricsConfiguration
s3:GetObject
s3:GetObjectRetention
s3:GetObjectTagging
s3:GetObjectVersion
s3:GetReplicationConfiguration
s3:ListAllMyBuckets
s3:ListBucket
s3:ListBucketVersions

AWS Config

config

config:DescribeConfigRules
config:DescribeConfigurationRecorderStatus
config:DescribeConfigurationRecorders
config:GetComplianceDetailsByConfigRule
config:ListAggregateDiscoveredResources
config:ListDiscoveredResources

config:PutConfigRule
config:PutConfigurationRecorder
config:SelectAggregateResourceConfig
config:SelectResourceConfig
config:StartConfigurationRecorder
iam:PassRole

config:DeleteConfigRule