Adding AWS accounts to Cloudyn

Gaining clarity into your monthly spend on AWS is an essential part of good cloud management. Cloudyn provides a comprehensive view into costs for AWS services such as EC2, RDS, EBS, S3, SQS, DynamoDB, Elasticache, Elastic Load Balancing, Data Transfer, and more.

To fully benefit from this feature, use the following instructions to set up your AWS accounts in Cloudyn.

Note: If this is your first time adding an account to your Cloudyn instance, the following Welcome pop-up box appears:

Click AWS to continue.

Step 1 - Setup credentials

1. From Cloudyn Accounts, select Add new. Note: If you are setting up your first account, select Add AWS Account. The New AWS Account page appears.

2. Enter your account name.
3. Select one of the 2 available Access Type options. We recommend working with Role ARN.


Option 1: Adding Your Role ARN to a New Account 

To enable role-based access to an AWS account in Cloudyn, the role must be created in your AWS console. You will need to obtain the Role ARN External ID from the AWS console and paste it into the New AWS Account page in Cloudyn.

  1. Login to your AWS console and select Services.
  2. From the list of services, select IAM.
  3. Select Roles and then click Create New Role.
  4. Set Role Name - Enter a name for the new role and then click Next Step.
  5. Select Role Type - Select Role for Cross-Account Access and then select Provide access between your AWS account and a 3rd party AWS account.
  6. Establish Trust - Enter the following values:
    • In Account ID, enter 432263259397
    • In External ID, enter the External ID from the New Account page in Cloudyn. (For example, “Companyname1234567890123”). Do not change the “Require MFA” box (It should remain unchecked.)
  7. Click Next Step.
  8. Attach Policy - Select ReadOnlyAccess and then click Next Step. (Tip: Use the search filter and type readonlyaccess. ReadOnlyAccess appears at the end of the search results list).
  9. Review - Check your selections to make sure you entered the correct information and then click Create Role. The list of your Roles appears.
  10. Select the role you just created and copy the Role ARN.
  11. Return to the Cloudyn New AWS Account page and paste the Role ARN in the relevant field..  
  12. Click Save.The Role ARN is added to the account.

 

Option 2: Adding Your IAM User ARN for a new account

*We strongly recommend this update on all linked accounts.

  1. On your AWS Management Console, click IAM (Secure AWS Access Control) or alternatively navigate to this link: https://console.aws.amazon.com/iam/home .
  2. In the left Navigation pane, select Users.
  3. Click Create New Users.
  4. Fill in the name of the user. Make sure that the "Generate an access key" checkbox is selected.
  5. Click Create.
  6. In the notification window, click Download Credentials. Save the file in a secure location – it will contain the access and the secret key that you’ll need to complete your registration.
  7. After saving the file, close the window.

Important! Amazon does not keep user credentials – if the file is lost, you will have to delete the credentials and create a new set. 

 

STEP 2 - Activate detailed billing

This step is required for setting up your consolidated account. 

 1. Go to your Amazon IAM dashboard. Depending on the access type you chose when adding your AWS account click on Users or Roles.

2. Click on the Cloudyn read-only user/role you setup in Step 1. A summary of details appears.

3. Copy and save your ARN (Amazon Resource Name) from this section and keep it available for you to use in later steps.

4. Go to your S3 Console and click Create Bucket.  Enter the desired bucket name and region and then click Create.  

5. Select the desired bucket and then click on Permissions. Click on Add bucket policy.  

6. Add the recommended bucket policy snippet attached, into your existing Bucket Policy and then click Save.

Note: When copying/pasting the attached snippet, make sure to replace CLOUDYN-READ-ONLY-USER-OR-ROLE-ARN with your ARN (see Step 3). 

 

7. Click Billing & Cost Management

8. Select Receive Billing Reports. Enter your bucket name. Click Verify.

9. Select all four billing reports as shown in the screenshot below and click Save Preferences

Please note that it may take up to 24 hours until the detailed billing data starts showing in the Cloudyn console.