Amazon Web Services Configuration | Binadox - SaaS management

Amazon Web Services Configuration

This guide provides information on how to integrate the AWS environment with the Binadox multi-cloud cost management and optimization platform for cloud spend visibility and bill shock prevention.

Contents

1. Choose an IAM User Account
1.1 Add a New IAM User with Required Permissions
1.2 Give Permissions to an Existing IAM User
2. Create a Customer Managed Policy for AWS Cost Explorer
3. Generate Access Keys
3.1 Generate Access Keys from an Admin IAM / Root User Account
3.2 Generate Access Keys in an IAM User Account
4. Create New Connection for AWS in Binadox


1. Choose an IAM User Account

To integrate an AWS account with Binadox, an access key ID and a secret access key of an Identity and Access Management (IAM) user account are required. For safety reasons to protect an admin or root user accounts, create a new IAM user (see Clause 1.1) or use access keys of an existing user and grant him necessary permissions to access AWS resources (see Clause 1.2).


1.1 Add a New IAM User with Required Permissions

1. To add a new IAM user in the AWS Management Console, sign into your AWS account as an administrator.

2. Go to the Identity and Access Management (IAM) Console . It can be found on the Home page of the AWS Management Console in the All services list in the Security, Identity, & Compliance category or simply by typing in “IAM” in the search bar.

fig.1-IAM-AWS

3. In the navigation pane on the left, click Users and the Add user button at the top.

fig.2-Users-AWS

4. In the Set user details section, type in a user name in the User name field. In the Select AWS access type section, select the Programmatic access checkbox. Click Next: Permissions.

fig.3-User-Details-AWS.

5. On the Set permissions tab, click Attach existing policies directly. Select required AWS managed policies to provide a new user access to certain AWS services for Binadox optimization.

NOTE:
For drill-down analysis, the following services are available in Binadox: Amazon EC2 (Amazon Elastic Compute Cloud), Amazon EC2 Container Registry (ECR), Amazon S3 (Amazon Simple Storage Service), Amazon DynamoDB, AWS Lambda.

Additionally, you need to create a customer managed policy for AWS Cost Explorer, i.e. to give read-only access to AWS Cost Explorer. You may do it later (see Clause 2 on how to create a customer managed policy for AWS Cost Explorer) or create it right away on a new tab by clicking Create policy. In this case you will be redirected to the Create policy tab automatically.

fig.4-Create-Policy-AWS

Having created a customer managed policy for Cost Explorer (you may do it later), go back to the Add user tab. Click the sync icon to update the list of policies. Select the newly created policy for Cost Explorer along with other AWS managed policies. Click Next: Tags.

fig.5-Select-Policies-AWS

6. On the Add tags (optional) tab, add metadata to the new user by attaching tags if necessary. Click Next: Review.

7. On the Review tab, check user details and permissions and click Create user.

fig.6-Create-User-AWS

8. Copy autogenerated security credentials to integrate the new IAM user account with Binadox. You can also generate new credentials later (see Clause 3 on how to generate access keys). Click Close.

fig.7-Security-Credentials-AWS

NOTE:
To get the sign-in credentials to sign in as a new IAM user with AWS Management Console access and enable the console password, click Users in the navigation pane on the left. Select the required user name to open up the Summary view and click the Security credentials tab.

fig.8-Sign-in-Credentials-AWS



1.2 Give Permissions to an Existing IAM User

To connect Binadox to an AWS account, you may use security credentials of an existing user and provide him limited access to AWS resources.

1. In the navigation pane on the left, click Users. Click on the required user name.

fig.1-User-2-AWS

2. On the Permissions tab, click Add permissions.

fig.2-Add-Permissions-AWS

3. In the Grant permissions view, click Attach existing policies directly. Select required AWS managed policies to provide a user access to certain AWS services for Binadox optimization.

NOTE:
For drill-down analysis, the following services are available in Binadox: Amazon EC2 (Amazon Elastic Compute Cloud), Amazon EC2 Container Registry (ECR), Amazon S3 (Amazon Simple Storage Service), Amazon DynamoDB, AWS Lambda.

Additionally, you need to create a customer managed policy for AWS Cost Explorer, i.e. to give read-only access to AWS Cost Explorer. You may do it later (see Clause 2 on how to create a customer managed policy for AWS Cost Explorer) or create it right away on a new tab by clicking Create policy. In this case you will be redirected to the Create policy tab automatically.

fig.3-Summary-Permissions-AWS

NOTE:
Instead of a customer managed policy, an inline policy can be created for a required user. Inline policies ensure a strict one-to-one relation between a policy and the principal entity that this policy is attached to. Deleting that principal entity deletes the inline policy as well. If you prefer to create an inline policy, click the +Add inline policy button on the Permissions tab of the Summary view. In this case you will be redirected to the Create policy view to create an inline policy instead of a customer managed policy.

fig.4-Inline-Policy-AWS

Having created a customer managed or inline policy for Cost Explorer (you may do it later), go back to the Add user tab. Click the sync icon to update the list of policies. Select the newly created policy for Cost Explorer along with other AWS managed policies. Click Next: Review.

fig.5-Customer-Managed-Policy-AWS

4. Check the policies that will be attached to the user and click Add permissions.

fig.6-New-Permissions-AWS

5. The required permissions policies are attached to the user.

fig.7-Attached-Permissions-AWS



2. Create a Customer Managed Policy for AWS Cost Explorer

Additionally to AWS managed policies that provide permissions for many common use cases, it is required to create a customer managed policy (or inline policy) manually to give a new user access to read resource content in AWS Cost Explorer, an AWS costs and usage analysis tool.

1. In the navigation pane on the left, click Policies > Create policy.

fig.1-New-Policy-AWS

2. You will be redirected to the Create policy view. Click the JSON tab and paste the following JSON syntax:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ce:*"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

Click Review policy.

fig.2-Review-Policy-AWS

3. In the Review policy view, indicate a policy name and description (optional). You may see and review the permissions granted by the policy by clicking on the name of a service (i.e. Cost Explorer Service) in the Summary section. Click Create policy to save it (see Clause 1.1 on how to attach this policy while creating a new user or Clause 1.2 on how to attach it to an existing user).

fig.3-Save-Policy-AWS



3. Generate Access Keys

Access keys for an IAM user may be generated either by an administrator from his admin IAM / root account (see Clause 3.1 ) or directly from an IAM user account that will be used for connection with Binadox (see Clause 3.2 ).

IMPORTANT:
For a newly created IAM user account, administrator’s permissions to generate secret keys are required. In this case an administrator should either grant permissions or generate keys for this user from his admin account.


3.1 Generate Access Keys from an Admin IAM / Root User Account

An access key ID and a secret access key for an existing or a newly created IAM user can be generated by an administrator of an AWS account.

1. Sign in to the IAM Console with an administrator account. In the navigation pane on the left, click Users. Click on the required user name.

fig.1-User-AWS

2. Go to the Security credentials tab. Click Create access key.

fig.2-Create-Access-Key-AWS

3. Copy secret access keys or download a .csv file by clicking on the Download .csv file button. Click Close.

fig.3-User-Access-Keys-AWS



3.2. Generate Access Keys in an IAM User Account

1. Sign in to the IAM Console as a newly created or existing IAM user or an administrator if an admin AWS account will be used for Binadox connection. Click on the profile information at the top right corner of the toolbar. Select My Security Credentials in the drop-down list.

fig.1-My-Security-Credentials-AWS

2. Expand the Access Keys (access key ID and secret access key) tab and click Create New Access Key.

IMPORTANT:
For a newly created IAM user account, administrator’s permissions to perform this operation are required. Grant the required permissions or generate access keys for this account right from the admin IAM account (see Clause 3.1 on how to generate access keys for an IAM user from an admin IAM / root account).

fig.2-New-Access-Key-AWS

3. From the Create Access Key window, click Show Access Key. Copy the pair of access keys or download a key file by clicking on the Download Key File button. Click Close.

fig.3-Admin-Access-Keys-AWS



4. Create New Connection for AWS in Binadox

1. Log into your Binadox account.

2. In the navigation pane on the left, click Integrations > IaaS. Click on the Amazon Web Services icon.

fig.1-Integrations-Binadox-AWS

3. In the Amazon Web Services view, type in the name of an instance in the Connection Instance Name field. Click Continue.

fig.2-Connection-Name-Binadox-AWS

4. Enter an access key ID and a secret access key (see Cause 3 on how to generate access keys). Click Connect.

fig.3-Access-Keys-Binadox-AWS

5. AWS connection with Binadox is established.

fig.4-Status-Connected-AWS



Try for free for 30 days

You will be redirected to the registration form