Follow

AWS Account Configuration

Buttonwood requires access to the billing information of your AWS account(s).  The configuration process below must be must be completed for each separate AWS account that you wish Buttonwood to access. Once configured, there are no ongoing actions required.

Note: If you wish Buttonwood to monitor all the accounts under an AWS consolidated billing arrangement, then please use the consolidated billing account details when performing the configuration below.

To enable Buttonwood to access your AWS account information, a read-only IAM account must be created with access to an S3 storage bucket that will contain the billing files. Once created, Buttonwood will automatically harvest billing information every 4-6 hours.

Note: To perform the configuration process, you must log in using your AWS account credentials (i.e. log in as the root user). You can't complete the configuration process if you log in using IAM user credentials.

Step 1 - Enable Detailed Billing Reports

  1. Sign in to the AWS Management Console with your root user account credentials (not as an IAM user).
  2. In the top right hand navigation pane, select your “username” and click on My Account.
  3. Record the Account ID for later use ________________________________________
  4. In the top left hand navigation pane, under the Services tab, navigate to Storage and Content Delivery and select S3.
  5. Select Create Bucket
    1. In the Create a Bucketdialog box, enter a name for your bucket (for example, “buttonwood-billing-data”), select a region (any region can be chosen), and then choose Create.
    2. Record the bucket name and Region as these details will be required later .

Bucket Name: ­_____________________________________

Region: ______________________

Note: For more information about the requirements for bucket names, see Creating a Bucket in the Amazon Simple Storage Service Console User Guide.

  1. On your S3 bucket menu, choose the image of the magnifying glass ( ) next to the S3 bucket you just created.
    1. On the bucket page, choose Permissions.
    2. Under Permissions, choose Add bucket policy.
    3. In the dialog box text area, paste the following text:

{

  "Version": "2012-10-17",

  "Statement": [

  {

    "Effect": "Allow",

    "Principal": {

      "AWS": "386209384616"

    },

    "Action": [

      "s3:GetBucketAcl",

      "s3:GetBucketPolicy"

    ],

    "Resource": "arn:aws:s3:::bucketname"

  },

  {

    "Effect": "Allow",

    "Principal": {

      "AWS": "386209384616"

    },

    "Action": "s3:PutObject",

    "Resource": "arn:aws:s3:::bucketname/*"

  }

  ]

}

  1. Replace bucketname with the name of the bucket you created in 3(b).
  2. Choose Save to close the dialog box
  3. Choose Save to save the policy.
  1. Within the AWS Management Console, select your username and choose My Billing Dashboard to navigate to the Billing & Cost Management Dashboard.
  2. Choose Preferencesin the left hand navigation pane.
  3. Click to select the Receive Billing Reports
    1. In the Save to S3 Bucket section, enter the name of the S3 bucket that was created in step 3(b), and then select Verify. Upon successful completion of this step the screen should display aValid Bucket.
  4. A table of available reports should appear. Under Report, select Detailed billing report with resources and tags.
  5. Choose Save preferences.

Note: It can take up to a day before you can see your data in the reports.

Step 2 – Grant IAM access to billing reports

  1. If not already logged in, sign in to the AWS Management Console with your root user account credentials.
  2. Under the Services tab, navigate to Security & Identity select IAM.
  3. From the left hand navigation pane, select Users.
    1. Click on the Add User
    2. Enter a unique User name (g. Buttonwood)
    3. Select the access type: Programmatic access.
    4. Click on the Next: Permissions
    5. Click on the Next: Review
    6. Ignore the error message, “This user has no permission”. Click the Create User
    7. The next screen should be labelled aSuccess.
    8. Click on the csv button to download a CSV file with the Access Key ID and Secret Access Key.

Note: This is the last time these credentials will be available to download. However, you can create new credentials at any time.

  1. Click on the Close button to complete create user process.
  1. Back in the Users screen, click on the username that was just created.
    1. Select the Permissions tab and click on + Add inline policy.
    2. Choose the Custom Policy radio button and then click Select.
    3. Enter a policy name (e.g. Buttonwood).
    4. Paste the following into the Policy Document

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Sid": "AllowListBucketIfSpecificPrefixIsIncludedInRequest",

            "Action": [

                "s3:GetObject",

                "s3:ListBucket"

            ],

            "Effect": "Allow",

            "Resource": [

                "arn:aws:s3::: bucketname"

            ],

            "Condition": {

                "StringEquals": {

                    "s3:prefix": [

                        ""

                    ],

                    "s3:delimiter": [

                        "/"

                    ]

                }

            }

        }

    ]

}

  1. Replace bucketname with the name of the bucket you created in 3(b).
  2. Select the Validate Policy button and after a few moments the screen should display “This policy is valid”.
  3. Select the Apply Policy button to complete the custom policy.
  4. The configuration is complete and you can now exit the AWS console.

Step 3 – Provide details to Buttonwood

  1. Provide Buttonwood with AWS Account Number, the S3 bucket name and region and the csv file downloaded containing the Access Key ID and Secret Access Key. This information can be emailed to operations@buttonwood.com.au
Was this article helpful?
0 out of 0 found this helpful

Comments