Binadox - Amazon Web Services Integration

1. Delegate Access to the AWS Billing and Cost Management Console

Prerequisites:
IAM user access to the Billing and Cost Management Console is activated in the root user account only.

Before you add a new IAM user to represent Binadox, it is required to enable billing access on your AWS account, which will allow Binadox to view billing data for cost optimization.

1.1 Enable Access to Billing Data

By default, IAM user access to the Billing and Cost Management Console is disabled. Enable it for an IAM billing policy to take effect.

1. Sign in to the AWS Management Console with root account credentials.

2. In the top right corner of the console, click on the profile (account) name or number. Select Account in the drop-down list.

3. You will be redirected to the Billing and Cost Management Console. Scroll down to the IAM User and Role Access to Billing Information section. Click Edit.

4. Put a tick mark against Activate IAM Access. Click Update to activate access to the Billing and Cost Management Console pages.

2. Create Cost & Usage Report and Configure an S3 Bucket

1. After activating IAM access, go up and click Cost & Usage Reports in the navigation pane on the left. Click the Create report button.

2. In Step 1. called “Report content”, specify the following:

– Enter a name for the report (e.g. binadox-report) into the Report name – required field.

– In the Additional report details section, select the Include resource IDs checkbox.

– In the Data refresh settings section, select the Automatically refresh your Cost & Usage Report when charges are detected for previous months with closed bills checkbox.

Click Next.

3. In Step 2. called “Delivery options“, click Configure in the S3 bucket – required section.

Note:
S3 bucket configuration is required to store the AWS Cost and Usage Reports.

4. In the Configure S3 Bucket dialogue box, enter a bucket name into the S3 bucket name field. Select the US East (N. Virginia) region in the Region drop-down list. Click Next.

Note:
The bucket name is one of the parameters required for the integration of your AWS account with Binadox.

5. Select the I have confirmed that this policy is the correct checkbox and click Save.

6. Continue to specify the Delivery options:

– Create a Report path prefix. This field is required.

– In the Time granularity section, select the Daily radio button.

– In the Report versioning section, select the Overwrite existing report radio button.

– Leave Enable report data integration for not selected.

– Select the GZIP format in the Compression type drop-down list.

Click Next.

7. After you have reviewed the report details, click Review and Complete.

Important:
It can take up to 24 hours for AWS to start delivering reports to your Amazon S3 bucket. Binadox will recalculate data during the next scheduled data update.

3. Create an IAM Policy that Grants Permissions to Billing Data

After enabling billing access on your AWS account, you need to explicitly grant Binadox permission to view the Billing and Cost Management Console pages with a customer-managed policy.

1. To adhere to IAM best practices, you may sign in to the AWS Management Console with administrator credentials. Go to the IAM Console. It can be found by clicking on Services on the menu bar at the top. Type in “IAM” in the search bar or select it in the Security, Identity, & Compliance group.

2. In the navigation pane on the left, choose Policies. Click the Create policy button at the top.

3. You will be redirected to the Create Policy view. On the Visual Editor tab, click Choose a service.

4. Select Billing in the list of services. Use a search bar, if necessary.

5. In the Actions section, click Read under Access Level to expand actions and select the ViewBilling checkbox. Click Next: Tags. Skip this step and click Next: Review.

6. In the Review policy view, indicate a policy name and description (optional). Click Create policy (see Clause 4 on how to attach this policy while creating a new IAM user).

4. Add a New IAM User

For Binadox usage monitoring and cost optimization, it is required to create a new IAM user and grant this user permissions to the AWS API, read-only access to billing data, an S3 bucket, and certain AWS services for drill-down analysis.

1. To add a new IAM user in the AWS Management Console, go to the Identity and Access Management (IAM) Console.

2. In the navigation pane on the left, go to Users. Click on the Add user button at the top.

3. Fill in user details and indicate an AWS access type:

– In the Set user details section, type in a user name in the User name field (e.g. Binadox).

– In the Select AWS access type section, select both the Programmatic access and AWS Management Console access checkboxes.

– In the Console password list, select either the Autogenerated or Custom password radio button.

– Leave the Require password reset checkbox not selected.

Click Next: Permissions.

4. In the Set permissions section, click Attach existing policies directly.

– Select a newly created IAM policy that grants Binadox read-only access to billing data. To locate it, enter its name in the search box. Put a tick mark against the name (see Clause 3 on how to create an IAM policy that grants permissions to billing data).

– Select the following AWS managed policies that specify permissions to required AWS services:

AmazonS3ReadOnlyAccess

CloudWatchLogsReadOnlyAccess

AmazonEC2ContainerRegistryFullAccess

AmazonDynamoDBReadOnlyAccess

AmazonRDSFullAccess

AmazonECS_FullAccess

ElasticLoadBalancingFullAccess

AmazonRedshiftFullAccess

Click Next: Tags.

5. On the Add tags (optional) tab, add metadata to the new user by attaching tags if necessary or skip it. Click Next: Review.

6. On the Review tab, check user details and permissions. Click Create user.

7. Copy security credentials. You will not be able to see them again. However, you can create new credentials for this user at any time, if necessary (see AWS Documentation on how to generate new security credentials). Click Close.

5. Locate an AWS Account ID

To integrate an AWS account with Binadox, it is required to specify an AWS account ID. An AWS account ID is located in the navigation bar on the upper right. Click on the account name and copy the account ID to the clipboard.

6. Create New Connection for AWS in Binadox

1. Log into your Binadox account.

2. There are two main flows to connect a cloud account.

In case when you have no cloud accounts connected yet, click Home in the navigation pane on the left. Choose a cloud account you want to connect to and click the Connect button.
In case you have connected cloud accounts, click Home in the navigation pane on the left. Select the Cloud providers card and click the Manage button. In the Cloud Utilization Dashboard, click the Add Account button in the Cloud Accounts tab. Click on the Amazon Web Services icon.

3. You will be redirected to the Connection page. Enter security credentials (an access key ID, a secret access key, a username, and a console password) of a newly created user into the corresponding fields (see Clause 4 on how to create a new IAM user and grant him required permissions). Enter an AWS account ID (see Clause 5 on how to locate an account ID) and an S3 bucket name (see Clause 2 on how to create an S3 bucket and specify report details). Click Connect.