Access Key Setup

To set up an AWS Integration using access keys, you need to perform actions in both AWS and in Virtana Platform. In AWS, you must create a read-only user, set permissions for that user, and copy the user security credentials. You then create an AWS Integration in Virtana Platform and enter the credentials you copied from AWS.

You can create a read-only user with standard permissions or with minimal permissions in AWS.

Steps

  1. In your AWS Console, search for IAM, and select the IAM service.

    select-IAM.png
  2. In the navigation pane, select Access Management > Policies and click Create Policy.

  3. Switch to the JSON tab.

  4. Switch to the JSON tab and then copy and paste the following code into the Policy Document section:

    {
       "Version": "2012-10-17",
       "Statement": [
        {
          "Action": "ce:Get*",
          "Resource": "*",
          "Effect": "Allow"
        }
      ]
    }
  5. Click Next: Tags and add any needed tags.

    Tip

    Adding tags is optional.

  6. Click Next: Review and provide a Name for the policy.

    It is helpful if the name is descriptive, such as CostExplorerAPIReadOnly.

  7. Make a note of the policy name.

    You will need the name to attach this customer managed policy to your IAM role.

  8. Review the permissions summary and click Create Policy.

  1. In your AWS Console, search for IAM, and select the IAM service.

    select-IAM.png

    The Identity and Access Management (IAM) dashboard displays.

  2. In the navigation pane, select Access Management > Policies and click Create Policy.

  3. Switch to the JSON tab.

  4. Switch to the JSON tab and then copy and paste the following code into the Policy Document section:

    {   
      "Version": "2012-10-17",
      "Statement": [
        {
           "Effect": "Allow",
           "Action": "cur:DescribeReportDefinitions",
           "Resource": "*"
        }
      ] 
    }
    
  5. Click Next: Tags and add any needed tags.

    Tip

    Adding tags is optional.

  6. Click Next: Review and provide a Name for the policy.

    It is helpful if the name is descriptive, such as ReadCostAndUsageReportDefinitions.

  7. Make a note of the policy name.

    You will need the name to attach this customer managed policy to your IAM role.

  8. Review the permissions summary and click Create Policy.

You must create a read-only user. You can create a user with standard permissions or with minimal permissions.

Complete ONE of the following two tasks.

Standard permissions grant blanket read-only access to collect CloudWatch performance metrics and billing files from S3.

  1. Log in to your AWS Identity & Access Management (IAM) Console and navigate to the Users section.

  2. Click Add user and enter a User Name,

    Example: VPOptimize

  3. In the Select AWS access type section, select the Programmatic access checkbox.

  4. Click Next: Permissions.

  5. Click Attach existing policies directly.

  6. Search “readonly,” then select the checkbox for ReadOnlyAccess.

    You might need to change the Filter type to have the correct policy show.

    Be sure to select the checkbox. Selecting the policy name displays details about the policy.

  7. Click Next: Tags and add tags if you choose to.

    Adding tags is optional.

  8. Click Next: Review.

  9. Review the details to ensure you’ve selected all the correct options for the user, and then click Create User.

  10. Immediately download or copy the User Security Credentials.

    Important

    You will not be able to access the Secret Access Key again in AWS, so it is recommended that you download and securely save the credentials.

  11. Click Close.

  12. Navigate to the AWS Cost & Usage Reports page and click the name of the report to be used by Virtana Platform as the source of detailed billing data.

  13. On the Report Details page, make note of the S3 bucket name and the report path prefix.

    This information must be entered in the Optimize integration setup form to complete the integration setup.

Next Steps

Complete the AWS IntegrationEnter the AWS values in Virtana Platform

This setup method grants read-only access to collect CloudWatch performance metrics and billing files. It is limited to only the AWS services for which Virtana Platform Optimize provides cost reports.

If you want to use a limited read-only access policy, you need to create a custom policy first.

  1. Log in to the AWS Identity & Access Management (IAM) Console.

  2. Navigate to the Policies section and click Create Policy.

  3. Select the JSON tab and replace the default content with the following code:

            {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": [
            "autoscaling:Describe*",
            "ce:Get*",
            "cloudwatch:Describe*",
            "cloudwatch:Get*",
            "cloudwatch:List*",
            "dynamodb:Describe*",
            "dynamodb:Get*",
            "dynamodb:List*",
            "ec2:Describe*",
            "ec2:GetConsoleOutput",
            "ecs:Describe*",
            "ecs:List*",
            "elasticache:Describe*",
            "elasticache:List*",
            "elasticloadbalancing:Describe*",
            "elasticmapreduce:Describe*",
            "elasticmapreduce:List*",
            "iam:Get*",
            "kinesis:DescribeStream",
            "kinesis:Get*",
            "kinesis:List*",
            "lambda:List*",
            "rds:Describe*",
            "rds:ListTagsForResource",
            "redshift:Describe*",
            "s3:Describe*",
            "s3:Get*",
            "s3:List*",
            "sqs:Get*",
            "sqs:List*",
            "tag:Get*"
          ],
          "Effect": "Allow",
          "Resource": "*"
        }
      ]
    }
    
    
  4. Click Next: Tags and add tags if you choose to.

    Adding tags is optional.

  5. Click Next: Review, add a policy Name and Description and verify the Summary.

  6. Click Create Policy.

    The policy will now be available under Customer Managed Policies.

  7. Return to the IAM dashboard in AWS and navigate to the Users section.

  8. Click Add User and enter a User Name.

    Example: VPOptimize

  9. In the Select AWS access type section, select the Programmatic access checkbox.

  10. Click Next: Permissions.

  11. Click Attach existing policies directly.

  12. Check the box for the new policy you created.

    Be sure to select the checkbox. Selecting the policy name displays details about the policy.

  13. Click Next: Tags and add tags if you choose to.

  14. Click Next: Review, verify the details, and then click Create User.

  15. Immediately download or copy the User Security Credentials.

    Important

    You will not be able to access the Secret Access Key again in AWS, so it is recommended that you download and securely save the credentials.

  16. Click Close.

  17. Navigate to the AWS Cost & Usage Reports page and click the name of the report to be used by Virtana Platform as the source of detailed billing data.

  18. On the Report Details page, make note of the S3 bucket name and the report path prefix.

    This information must be entered in the Optimize integration setup form to complete the integration setup.

Next Steps

Complete the AWS IntegrationEnter the AWS values in Virtana Platform