Onboard AWS to CloudHiro's Automated commitment management
The following guide will show you how to set up your account to allow Costi to access it is a secure manner.
To do this We will create a separate role for Costi.
Register to CloudHiro
Option 1 - Use Cloud formation template​
-
Login to your AWS account as an admin.
-
Creating the CUR (Cost and usage report) - please use this link. If the organization already have a CUR, grant Costi read access to the relevant bucket where the CUR resides.
-
Adding permissions to manage Reserved Instances and Saving plans automatically, please add the following roles to Costi.
-
Click 'Next'. You will be asked for a parameter called ExternalID. You can find that parameter here.
-
Mark the "I acknowledge that AWS CloudFormation might create IAM resources with custom names." checkbox at the bottom of the page.
-
Click the "Create stack" button.
-
That's it - We are all done!
​
Option 2 - Set up the Role Manually​​
Using this manual way you can control what Costi can and can not do. The following steps will show you how.
-
First, log in to your account and click the account menu in the top right corner.
-
Click 'My Security Credentials' in the drop-down menu.
-
Select 'Another AWS account' as the type of the trusted entity.
-
Enter '545334166883' (CloudHiro account ID) in the 'Account ID' text box.
-
Mark the 'Require external ID (Best practice when a third party will assume this role)' in the options checkbox.
-
You can find the unique value for ExternalID here.
-
Click 'Next: Permissions' at the bottom to continue
-
Add all the permissions stated below:
-
"ec2:DescribeReservedInstances",
-
"ec2:DescribeReservedInstancesListings",
-
"ec2:DescribeReservedInstancesModifications",
-
"ec2:PurchaseReservedInstancesOffering",
-
"ec2:GetReservedInstancesExchangeQuote",
-
"ec2:AcceptReservedInstancesExchangeQuote",
-
"ec2:DeleteQueuedReservedInstances",
-
"ec2:ModifyReservedInstances",
-
"ec2:CancelReservedInstancesListing",
-
"ec2:CreateReservedInstancesListing",
-
"ec2:DescribeReservedInstancesListings",
-
"ec2:DescribeHostReservations"
-
"ec2:PurchaseReservedInstancesOffering"
-
"savingsplans:*"
-
"ce:*"
-
-
Review the information you just entered, then click 'Create role' to proceed.|
-
That's it - We are all done! - The new role is now added to your Resource roles list.