Create AWS cloud credential

Cloud account is sometimes called as cloud credential. You need to initiate cloud credentials to access some information from your cloud resources. For example, Amazon Web Services (AWS), requires access keys and secret keys, Azure requires app registration, GCP requires service account.

To create AWS cloud credential, we need to setup and collect the following information:

AWS Cloud Credential parameters

  • Account ID
  • Access key / Secret key

AWS Cloud Credential's policy

  • Cloud Expense: Cost & Billing policy, Report Name (Cost & Usage report)
  • Cloud Safe: Security Auditing policy
  • Cloud Ops: Resource policy

Normally, it costs you when calling AWS Cost Explorer API. No API cost on Azure subscription and GCP project.

For the current version, we use the Cost & Usage report to fetch data on Cost dashboard / trending which avoids API fee. It only costs about $20 per month for fetching data on Forecast & Reserved Instance.

1. Create AWS Cloud Credential

Creating IAM user

Click link to Sign In:

Click to AWS IAM console to create IAM user with name CloudSuite_{application} or any name that you want (eg. CloudSuite_expense)

Select Programmatic access to avoid any unexpected access from Console.

Add tag to user (optional)

  • Owner: your_account (eg. hadd7)
  • Purpose: CloudSuite_{Application}_Credential (eg. CloudSuite-Credential)

2. Attach the policy

We provide you the policy of Cloud Credential according to the least privileges to avoid any security issue.

Cloud Apps Policy
Cloud SafeSecurityAudit, CloudSafeCustomPolicy
Cloud ExpenseCostExpenseCustomPolicy (For CostExplorer), CostExpenseServicesCustomPolicy (For CostSaving)
Cloud Ops ReadOnlyAccess or Administration if enabling the Service Catalog

Attach the AWS pre-defined policies which is associated with your application such as Security Audit of Cloud Safe, Read-Only of Cloud Expense, Administrator of Cloud Ops.

Attach added custom policy which is associated with your application by downloading the policy and paste to the inline policy

3. Copy AWS access key, secret key, account ID and report name

Access Key / Secret Key

Account ID

Report Name

Refer to this link for the Billing report configuration:

4. Adding Cloud Account with parameters

Go to the Cloud Identity and register Cloud Credential:

  • Account ID: *********
  • AWS Access KeyAKIA2********
  • AWS Secret Key4gBFu**************
  • Report Name (or without Report Name with AWS Normal Account option)

Leave a Reply