Untab documentation
  • Overview
  • Architecture
  • Compatibility
  • Collected information
  • Authentication
  • Setup
    • First steps
    • Installing using the basic manifest
    • Installing using Helm
    • Checking agent status
    • Configuring access to cloud providers (optional)
    • Setting up access on AWS
    • Setting up access on Google Cloud Platform
  • Management
    • Managing user access
    • Troubleshooting
Powered by GitBook
On this page

Was this helpful?

  1. Setup

Setting up access on AWS

PreviousConfiguring access to cloud providers (optional)NextSetting up access on Google Cloud Platform

Last updated 5 years ago

Was this helpful?

  1. In the AWS console, navigate to the .

  2. Start creating a new role

    • Click "Create role"

    • Select "Another AWS account" as the type of trusted entity

    • Use 949355348315 as the Account ID (this is Untab's AWS account ID)

    • Select "Require external ID" and enter the external ID provided on the Infrastructure Providers settings page in the Untab UI

    • Make sure that the "Require MFA" option is not selected

  3. At the permissions screen, click "Create Policy"

    • This will open a new window. Choose "JSON" and paste the following policy document:

      {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ce:GetCostAndUsage",
        "ce:GetTags",
        "ce:GetDimensionValues",
        "ce:GetReservationUtilization",
        "ec2:Describe*",
        "elasticloadbalancing:Describe*",
        "cloudwatch:ListMetrics",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:Describe*",
        "autoscaling:Describe*"
      ],
      "Resource": "*"
    }
  ]
}

    • Click "Review Policy"

    • Enter a name for the policy, e.g. "untab-agent"

    • Click "Create Policy"

  4. Finish creating the role

    • Close the policy creation window and go back to the role creation window

    • Click the button in the top right corner to refresh the list of policies

    • Search for and select the policy you created in step 4

    • Click "Next: Tags"

    • Add any tags you might want to identify this policy

    • Click "Next: Review"

    • Enter a name for this role, e.g. "untab-agent"

    • Click "Create Role"

  5. Enter the role ARN into the Settings

    • Find the role you just created in the IAM UI and click on it to see the "Summary" page for this role

    • Copy role ARN, which is shown at the top of the page

    • Navigate to the .

    • In the AWS provider, turn on the "Use real billing information" option

    • Paste the role ARN into the designated field and click "Save".

Ensure you are using the role ARN, not the policy ARN.

IAM roles page
Infrastructure Providers settings page