We understand that security is a concern when granting access to your AWS accounts. So we wanted to explain what we do with the credentials you provide, and also how to improve your security.There is 2 levels of access we can be granted by a user, below I’ll explain what that means and which level gives you better value.
If you want to get fully featured analytics for your AWS bill and usage, we would ask you to provide an email and password to your main Amazon account and AWS IAM read only access credentials. Email and password will give us access to your billing statements – we will import and within a few minutes and you will be able to see the trends, cost per service/region over time – it’s really powerful! (See below – you get this almost instantly)
If you provide IAM read only credentials as well, we will start collecting all possible data from AWS and give you more detailed informations almost in real time about usage and cost, for example ‘instance cost : month to date’ as well as average usage. By collecting all AWS events, we can provide a really deep insight into your Cloud performance and cost.
Going forward we will be able to present you with analysis and recommendations, on how to optimize cost and usage so you’ll be able to run your Cloud much more efficiently.
If providing your AWS account email and password is a barrier, we understand that and we also provide AWS IAM only integration. You can give us just read only access to all your AWS services and we will be able to show you estimated cost and full usage information. The difference between full integration is that we would not be able to give you cost analytics from day one, we would need to gather data for at least a week before we will be able to show contextual and actionable data, where with full integration you get it almost instantly.
Here is quick walk through how you can generate IAM read only credentials.
Firstly login to the AWS management console and go to the IAM tab
now when you are in go to the users section on the left and once you are there you click on create user button you’ll get something like this:
let’s create user for example CloudVertical and you should see something like this
click on download credentials – you will need it to integrate with CloudVertical, now we need to set read only permissions. On users list select user you’ve just created at the bottom you will get something like this:
click on the ‘permissions’ tab there and click on ‘attach user polic’y you will get this popup:
select the third option from the top “Read Only Access” and in next step apply policy:
and you are done with AWS console, now open the file you’ve downloaded on account creation you will see there User name, Access Key ID and Secret Access Key – that’s exactly you need to activate your AWS data at CloudVertical.
If you have any questions or you need help integrating AWS please contact me directly @dominikmagon or send an email to firstname.lastname@example.org.
Teaser: We’ll be launching an open source gateway soon that you can run on your own instance – and it sends all the data to us, but we never see your access – it’s totally secure, and open-source so you can even inspect the code! If you want early access to this – email email@example.com