Amazon Web Services Configuration | Binadox - SaaS management

Amazon Web Services Configuration

This guide provides information on how to integrate the AWS environment with the Binadox Multi-Cloud Cost Management and Optimization Platform for cloud spend visibility and bill shock prevention.

Contents

1. Choose an IAM User Account
1.1 Add a New IAM User with Required Permissions
1.2 Give Permissions to an Existing IAM User
2. Create a Customer Managed Inline Policy
3. Generate Access Keys
3.1 Generate Access Keys in an Admin IAM / Root User Account
3.2 Generate Access Keys in an IAM Account
4. Create New Connection for AWS in Binadox


1. Choose an IAM User Account

To integrate an AWS account with Binadox, an access key ID and a secret access key of an Identity and Access Management (IAM) user account are required. For safety reasons to protect an admin or root user accounts, create a new IAM user (see Clause 1.1 hereof) or use access keys of an existing user and grant him necessary permissions to access AWS resources (see Clause 1.2 hereof).


1.1 Add a New IAM User with Required Permissions

1. To add a new IAM user in the AWS Management Console, sign into your AWS account as an administrator.

2. Go to the Identity and Access Management (IAM) Console . It can be found on the Home page of the AWS Management Console in the All services list in the Security, Identity, & Compliance category or simply by typing in “IAM” in the search bar.


fig.1-IAM-AWS

3. In the navigation pane on the left, click Users and the Add user button at the top.


fig.2-Users-AWS

4. In the Set user details section, type in a user name in the User name field. In the Select AWS access type section, select the Programmatic access checkbox. Click Next: Permissions.


fig.3-User-Details-AWS.

5. On the Set permissions tab, click Attach existing policies directly. Select required AWS managed policies to provide a new user access to certain AWS services for Binadox optimization. Additionally, you can create a customer managed policy, e.g. to give read-only access to AWS Cost Explorer. To do so, click Create policy. You will be redirected to the Create policy view (see Clause 2 hereof on how to create policies).

fig.4-Create-Policy-AWS

6. Having created a customer managed policy, go back to the Add user view. Click the sync icon to update the list of policies. Select the newly created policy along with other AWS managed policies. Click Next: Tags.

fig.5-Select-Policies-AWS

7. On the Add tags (optional) tab, add metadata to the new user by attaching tags if necessary. Click Next: Review.

8. On the Review tab, check user details and permissions and click Create user.

fig.6-Create-User-AWS

9. Copy autogenerated security credentials to integrate the new IAM user account with Binadox. You can also generate new credentials later (see Clause 3 hereof on how to generate access keys). Click Close.

fig.7-Security-Credentials-AWS

NOTE:
To get the sign-in credentials to sign in as a new IAM user with AWS Management Console access and enable the console password, click Users in the navigation pane on the left. Select the required user name to open up the Summary view and click the Security credentials tab.

fig.8-Sign-in-Credentials-AWS


1.2 Give Permissions to an Existing IAM User

To connect Binadox to an AWS account, you may use security credentials of an existing user and provide him limited access to AWS resources.

1. In the navigation pane on the left, click Users. Click on the required user name.

fig.1-User-2-AWS

2. On the Permissions tab, click Add permissions.

fig.2-Add-Permissions-AWS

3. In the Grant permissions view, click Attach existing policies directly. Select required AWS managed policies to provide a user access to certain AWS services for Binadox optimization. Additionally, you can create a customer managed policy, e.g. to give read-only access to AWS Cost Explorer. To do so, click Create policy (see Clause 2 hereof on how to create customer managed policies).

fig.3-Summary-Permissions-AWS

NOTE:
An inline policy can be created from the Summary view by clicking the +Add inline policy button. In this case you will be redirected to the Create policy view to create an inline policy instead of a customer managed policy. Inline policies ensure a strict one-to-one relation between a policy and the principal entity that this policy is attached to. Deleting that principal entity deletes the inline policy as well.

fig.4-Inline-Policy-AWS

4. Having created a customer managed or inline policy, go back to the Add user view. Click the sync icon to update the list of policies. Select the newly created policy along with other AWS managed policies. Click Next: Review.

fig.5-Customer-Managed-Policy-AWS

5. Check the policies that will be attached to the user and click Add permissions.

fig.6-New-Permissions-AWS

6. The required permissions policies are attached to the user.

fig.7-Attached-Permissions-AWS


2. Create a Customer Managed Policy

Along with AWS managed policies that provide permissions for many common use cases, it may be necessary to create customer managed or inline policies manually to grant access to specific resources for AWS spend optimization in Binadox. In this guide we show how to create a customer managed policy and give a new user access to read resource content in AWS Cost Explorer, an AWS costs and usage analysis tool.

1. In the navigation pane on the left, click Policies > Create policy.

fig.1-New-Policy-AWS

2. You will be redirected to the Create policy view. Click the JSON tab and paste the following JSON syntax:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ce:*"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

Click Review policy.

fig.2-Review-Policy-AWS

3. In the Review policy view, indicate a policy name and description (optional). Click on the name of a service (e.g. Cost Explorer Service) in the Summary section to review the policy and see the permissions granted by the policy. Click Create policy to save it (see Clause 1.1 hereof on how to attach this policy while creating a new user or Clause 1.2 on how to attach it to an existing user).

fig.3-Save-Policy-AWS


3. Generate Access Keys

Access keys for an IAM user may be generated either by an administrator from his admin IAM / root account (see Clause 3.1 hereof) or directly from an IAM user account that will be used for connection with Binadox (see Clause 3.2 hereof). Note that for a newly created IAM user account, administrator’s permissions to generate secret keys may be required. In this case an administrator should either grant permissions or generate keys for this user from his admin account.


3.1 Generate Access Keys in an Admin IAM / Root User Account

An access key ID and a secret access key for an existing or a newly created IAM user can be generated by an administrator of an AWS account.

1. Sign in to the IAM Console with an administrator account. In the navigation pane on the left, click Users. Click on the required user name.

fig.1-User-AWS

2. Go to the Security credentials tab. Click Create access key.

fig.2-Create-Access-Key-AWS

3. Copy secret access keys or download a .csv file by clicking on the Download .csv file button. Click Close.

fig.3-User-Access-Keys-AWS


3.2. Generate Access Keys in an IAM Account

1. Sign in to the IAM Console as a newly created or existing IAM user or an administrator if an admin AWS account will be used for Binadox connection. Click on the profile information at the top right corner of the toolbar. Select My Security Credentials in the drop-down list.

fig.1-My-Security-Credentials-AWS

2. Expand the Access Keys (access key ID and secret access key) tab and click Create New Access Key.

IMPORTANT:
For a newly created IAM user account, administrator’s permissions to perform this operation may be required. Ask an administrator to grant permissions or generate access keys for this account from his admin IAM account (see Clause 4.1 on how to generate access keys for an IAM user from an admin IAM / root account).

fig.2-New-Access-Key-AWS

3. From the Create Access Key window, click Show Access Key. Copy the pair of access keys or download a key file by clicking on the Download Key File button. Click Close.

fig.3-Admin-Access-Keys-AWS


4. Create New Connection for AWS in Binadox

1. Log into your Binadox account.

2. In the navigation pane on the left, click Integrations > IaaS. Click on the Amazon Web Services icon.

fig.1-Integrations-Binadox-AWS

3. In the Amazon Web Services view, type in the name of an instance in the Connection Instance Name field. Click Continue.

fig.2-Connection-Name-Binadox-AWS

4. Enter an access key ID and a secret access key (see Cause 3 hereof on how to generate access keys). Click Connect.

fig.3-Access-Keys-Binadox-AWS

5. Microsoft Azure connection with Binadox is established.

fig.4-Status-Connected-AWS


Try for free for 30 days

You will be redirected to the registration form