Amazon Web Services Configuration | Binadox - SaaS management

Amazon Web Services Configuration

This guide provides information on how to integrate an AWS environment with the Binadox multi-cloud cost management and optimization platform to plan, analyze and reduce infrastructure costs.

To successfully integrate Binadox with an AWS account, it is required to create a new IAM user with access to the AWS API, read-only access to billing data and certain AWS services for drill-down analysis, as well as to create an S3 bucket for AWS cost and usage reports.

1. Delegate Access to the AWS Billing and Cost Management Console

Before you add a new IAM user to represent Binadox, it is required to enable billing access on your AWS account and create an IAM policy that will allow Binadox to view billing data for cost optimization.

1.1 Enable Access to Billing Data

By default, IAM user access to the Billing and Cost Management Console is disabled. Enable it for an IAM billing policy to take effect.

1. Sign into the AWS Management Console with root account credentials.

2. In the top right corner of the console, click on the profile (account) name or number. Select My Account in the drop-down list.

fig.1-My-Account-AWS

3. You will be redirected to the Billing and Cost Management Console. Scroll down to the IAM User and Role Access to Billing Information section. Click Edit.

fig.2-Edit-Billing-Access-AWS

4. Put a tick mark against Activate IAM Access. Click Update to activate access to the Billing and Cost Management Console pages.

fig.3-Activate-Billing-Access-AWS



1.2 Create an IAM Policy that Grants Permissions to Billing Data

After enabling billing access on your AWS account, you need to explicitly grant Binadox permission to view the Billing and Cost Management Console pages with a customer managed policy.

1. To adhere to IAM best practices, you may sign into the AWS Management Console with administrator credentials. Go to the IAM Console. It can be found by clicking on Services on the menu bar at the top. Type in “IAM” in the search bar or select it in the Security, Identity, & Compliance group.

fig.1-IAM-AWS

2. In the navigation pane on the left, choose Policies. Click the Create policy button at the top.

fig.2-Create-Policy-Billing-AWS

3. You will be redirected to the Create Policy view. On the Visual Editor tab, click Choose a service.

fig.3-Service-Billing-AWS

4. Select Billing in the list of services. Use a search bar, if necessary.

fig.4-Billing-AWS

5. In the Actions section, click Read under Access Level to expand actions and select the ViewBilling checkbox. Click Review policy.

fig.5-Access-Level-Billing-AWS

6. In the Review policy view, indicate a policy name and description (optional). Click Create policy (see Clause 3 on how to attach this policy while creating a new IAM user).

fig.6-Review-Policy-Billing-AWS



2. Create an S3 Bucket

Create an Amazon S3 bucket in your AWS account to store the cost and usage report files.

1. Go to the Billing and Cost Management console. In the navigation pane on the left, click Cost and Usage Reports. Click the Create report button.

fig.1-Create-Report-AWS

2. At Step 1. Report content, specify the following:

– Enter a name for the report (e.g. binadox-report) into the Report name – required field.

– In the Additional report details section, select the Include resource IDs checkbox.

– In the Data refresh settings section, select the Automatically refresh your Cost & Usage Report when charges are detected for previous months with closed bills checkbox.

Click Next.

fig.2-Report-Content-AWS

3. At Step 2. Delivery options, click Configure in the S3 bucket – required section.

fig.3-Configure-Bucket-AWS

4. In the Configure S3 Bucket dialogue box, enter a bucket name into the S3 bucket name field. Select the US East (N. Virginia) region in the Region drop-down list. Click Next.


Note:
The bucket name is one of the parameters required for integration of your AWS account with Binadox.


fig.4-Create-Bucket-AWS

5. Select the I have confirmed that this policy is correct checkbox and click Save.

fig.5-Confirm-Policy-AWS

6. Continue to specify the Delivery options:

– Leave Report path prefix not selected.

– In the Time granularity section, select the Daily radio button.

– In Report versioning section, select the Overwrite existing report radio button.

– Leave Enable report data integration for not selected.

– Select the GZIP format in the Compression type drop-down list.

Click Next.

fig.6-Delivery-Options-AWS

7. After you have reviewed report details, click Review and Complete.

fig.7-Report-Review-AWS

Important:
It can take up to 24 hours for AWS to start delivering reports to your Amazon S3 bucket. Binadox will recalculate data during the next scheduled data update.

3. Add a New IAM User

For Binadox usage monitoring and cost optimization, it is required to create a new IAM user and grant this user permissions to the AWS API, read-only access to billing data, an S3 bucket and certain AWS services for drill-down analysis.

1. To add a new IAM user in the AWS Management Console, go to the Identity and Access Management (IAM) Console.

2. In the navigation pane on the left, go to Users. Click on the Add user button at the top.

fig.1-Users-AWS

3. Fill in user details and indicate an AWS access type:

– In the Set user details section, type in a user name in the User name field (e.g. Binadox).

– In the Select AWS access type section, select both the Programmatic access and AWS Management Console access checkboxes.

– In the Console password list, select either the Autogenerated or Custom password radio button.

– Leave the Require password reset checkbox not selected.

Click Next: Permissions.

fig.2-AWS-Access-Type-AWS

4. In the Set permissions section, click Attach existing policies directly.

– Select a newly created IAM policy that grants Binadox read-only access to billing data. To locate it, enter its name in the search box. Put a tick mark against the name. (see Clause 1 on how to create an IAM policy that grants permissions to billing data).

– Select the following AWS managed policies that specify permissions to required AWS services:

AmazonS3ReadOnlyAccess

CloudWatchLogsReadOnlyAccess

AmazonEC2ContainerRegistryReadOnly

AmazonDynamoDBReadOnlyAccess

AmazonRDSReadOnlyAccess

Click Next: Tags.

fig.3-AWS-Managed-Policies-AWS

5. On the Add tags (optional) tab, add metadata to the new user by attaching tags if necessary or skip it. Click Next: Review.

fig.4-Add-Tags-AWS

6. On the Review tab, check user details and permissions. Click Create user.

fig.5-Add-User-Review-AWS

7. Copy security credentials. You will not be able to see them again. However, you can create new credentials for this user at any time, if necessary (see AWS Documentation on how to generate new security credentials). Click Close.

fig.6-Security-Credentials-AWS



4. Locate an AWS Account ID

To integrate an AWS account with Binadox, it is required to specify an AWS account ID. Go to the IAM Console. An AWS account ID is located at the bottom of the navigation pane on the left. Copy it to the clipboard.

fig.1-Account-ID-AWS



5. Create New Connection for AWS in Binadox

1. Log into your Binadox account.

2. In the navigation pane on the left, click Integrations. Go to the IaaS tab. Click on the Amazon Web Services icon.

fig.1-Integrations-AWS

3. Indicate a unique connection instance name for further differentiation. Click Continue.

fig.2-Instance-Name-AWS

4. Enter security credentials (an access key ID, a secret access key, a username and a console password) of a newly created user into the corresponding fields (see Clause 3 on how to create a new IAM user and grant him required permissions). Enter an AWS account ID (see Clause 4 on how to locate an account ID) and an S3 bucket name (see Clause 2 on how to create an S3 bucket and specify report details). Click Connect.

fig.3-Connection-Properties-AWS

5. Upon successful AWS integration with Binadox, the connection status will switch into Connected.

fig.4-Status-Connected-AWS