AWS On-boarding Prerequisite


Before on-boarding AWS account to CoreStack Governance you should have the following access provided in your AWS account.

ec2 – Full Access

ecs – Full Access

cloudtrail – Full Access

s3

Get – Full Access

List – Full Access

Create – Bucket

Head – Bucket

Put 

  • Object
  • BucketTagging
  • BucketPolicy
  • ObjectTagging
  • EncryptionConfiguration
  • BucketAcl

Delete

  • Object
  • Bucket

Cloudwatch

Describe – Full Access

Get – Full Access

List – Full Access

Put – MetricAlarm

Delete – Alarms

Iam

Get 

  • Role
  • RolePolicy
  • AccessKeyLastUsed
  • CredentialReport

Update 

  • AssumeRolePolicy
  • RoleDescription
  • Role

Pass – Role

List

  • Roles
  • RolePolicies
  • GroupsForUser
  • AttachedUserPolicies
  • Users
  • AccessKeys

Create

  • Role
  • User
  • AccessKey
  • LoginProfile

Delete

  • Role
  • AccessKey
  • RolePolicy
  • User
  • LoginProfile

Put – RolePolicy

Generate – CredentialReport

Attach – UserPolicy

Remove – UserFromGroup

Add – UserToGroup

Detach – UserPolicy

To have Cost Usage Report you should have the following access in your AWS account.

  • You should be a “Root User
  • You should have enabled Reports (through Services -> Billing -> Enable Reports) and time unit should be ‘hourly’.
  • Cost allocation tags should be Active
  • S3 bucket name should be provided

COST

Step1: Select Cost Allocation Tags

Step2: Choose Activate button.

REPORTS

Step1:

Step2:

Step3:

Step4:

Step5: