Skip to main content

Cross4FinOps

To integrate the Amazon Web Services (AWS) provider to use the Cross4FinOps service you are required to perform some operations in AWS. The images attached below will guide you. Please follow the instructions below.

Cost Management Preferences

For Cross4FinOps, there are a few changes you need to make to your account's cost settings on the AWS. Follow the instructions below to easily make these changes.

warning

Due to the structure of your account, some settings may not be available for the account from which you want to obtain credentials. Please review the existing settings and complete the necessary steps for those settings before proceeding with the steps to obtain your credentials.

  1. Go to AWS Console and log in to your account.

  2. After logged in to your account, go to the search bar and search for Billing and Cost Management.

  3. In the left navigation menu, click on Cost Management Preferences located under the Preferences and Settings section.

  • The settings you need to configure on this page are divided into three sections: General, Cost Explorer, and Cost Optimization Hub. Please make the required adjustments under each of these sections.

  • You need to allow linked account users to view cost and usage data. For that under Member Account Permissions section, enable Linked account access and select Linked account refunds and credits option.

  • You must activate 'Linked Account Access' within the 'Data Access' settings. This allows linked account users to view cost and usage data. For that inside Rightsizing section, enable Allow linked accounts to see recommendations option.

Getting Credentials for Cross4Finops

1. User Creation

  1. Go to AWS Console and log in to your account.

  2. After loged in to your account, go to the search bar and search for IAM.

  3. Click IAM under Services.

Show the instruction with images

AWS Step 2-3

  1. Click Users on the left and then click Create user.
Show the instruction with images

AWS Step 4

  1. Click Next button after entering a User name. Optionally you can provide user access to the AWS Management Console.
Show the instruction with images

AWS Step 5

2. Permission Assignment

  1. In the opened screen, it is necessary to grant the user the required permissions. Therefore, click on the Attach Policies Directly button. After this point, you have two options to proceed. The first option is to manually add the permissions listed below one by one. The second option is to select only the AdministratorAccess permission, granting full authorization.

    Manuel (Recommended)Full Access
    ReadOnlyAccessAdministratorAccess
Show the instruction with images

AWS Step 6

info

In case you cannot find ReadOnlyAccess permission in the list try to filter by AWS Managed - Job Function on the right of search bar.

Show the instruction with images

AWS Step 6.1

  1. Click on the Next button at the bottom of the page.
Show the instruction with images

AWS Step 7

  1. After verifying the presence of the necessary permissions under the Permission Summary tab on the opened page, finally, click the Create User button.
Show the instruction with images

AWS Step 8

3. Inline Policy Creation

  1. From the list of users, click on the user that you have created.
Show the instruction with images

AWS Step 9

  1. On the page that you see, click on the Add Permissions and Create Inline Policy.
Show the instruction with images

AWS Step 10

  1. Click JSON button on the right top.
Show the instruction with images

AWS Step 11

  1. Then click on the JSON button on the page that opens. Delete the existing code and copy-paste the following code in its place. And then Click Next button.
{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "VisualEditor0",
        "Effect": "Allow",
        "Action": [
            "s3:DeleteObjectTagging",
            "rds:AddTagsToResource",
            "lambda:TagResource",
            "s3:UntagResource",
            "ec2:DeleteTags",
            "ec2:CreateTags",
            "s3:DeleteStorageLensConfigurationTagging",
            "s3:TagResource",
            "s3:ReplicateTags",
            "s3:PutStorageLensConfigurationTagging",
            "s3:PutObjectVersionTagging",
            "s3:PutJobTagging",
            "s3:DeleteObjectVersionTagging",
            "lambda:UntagResource",
            "s3:DeleteJobTagging",
            "s3:PutBucketTagging",
            "s3:PutObjectTagging",
            "rds:RemoveTagsFromResource"
        ],
        "Resource": "*"
    }
]
}
Show the instruction with images

AWS Step 12

  1. On the page that appers, Enter a Policy Name then Click Create Policy button.
Show the instruction with images

AWS Step 13

  1. On the page you have been directed to you will see your custom inline policy under Permissions policies.

After completing these steps, you should have successfully created the user with the specified permissions.

4. Key Creation

  1. From the list of users, click on the user that you have created.
Show the instruction with images

AWS Step 9

  1. In the relevant user page, go to the Security Credentials tab and click Create access key under Access Keys section.
Show the instruction with images

AWS Step 10

  1. Choose a proper use case. In this case, we chose Commond Line Interface (CLI). Then click Next button.
Show the instruction with images

AWS Step 11

  1. You can add Description tag value, it's optional. After that, click Create access key.
Show the instruction with images

AWS Step 12

  1. CRITICAL STEP

    From the screen that you see, copy and paste your Access Key and Secret Access Key where you can access them later, you will need them in our console.

  2. When you are sure that the credentials are accessible, you can click the Done button.

Show the instruction with images

AWS Step 14