top of page

Onboard AWS to CloudHiro's cost optimization platform

The following guide will show you how to set up your account to allow Costi to access it is a secure manner. To do this We will create a separate role for Costi.

There are two options: use a cloud formation template or set up the role manually.

Register to CloudHiro

  1. Register here.

  2. Confirm the email you get and login

Use Cloud formation template

  1. Login to your AWS account as an admin.

  2. Creating a new CUR (Cost and usage report) and granting access to it. - please use the following link

    1. If you already have existing CUR - please use the following link which will grant access to the existing CUR. Please save the bucket-name and cur-name for later use.

    2. When creating the CUR, make sure you are in us-east-1 (North-Virginia) region.

  3. Adding permissions to all accounts (including child accounts):

    1. Go to create stacksets and enter in the "Amazon S3 url" the following JSON's (according to the permissions needed):​

      1. Read-only permissions to all accounts - it will permit CloudHiro to collect metrics on all resources.

      2. Reserved instances and Saving plans management permissions

      3. Read-write permissions so Cloudhiro can tag resources, shutdown'start EC2 instances, etc. 

    2. The first stackset will create "Costi" role and the other two, will add policies to the same role. 

      1. You will be asked for a parameter called ExternalID. You can find that parameter here. 

      2. Also, in the "Specify regions" section, specify at least one region.

      3. In "Maximum concurrent accounts - optional" please change both sections to "percentage" and "100%"​​

  4. Reserved Instances Management

    1. Make sure that ״Reserved Instances and Savings Plans discount sharing preference״ is enabled for all accounts and enabled by default. AWS -> AWS billing -> Billing preferences -> "Reserved Instances and Savings Plans discount sharing preference".

  5. ​​That's it - We are all done!

Azure Onboarding

Connect your organization via SSO

GCP Onboarding

bottom of page