๐Ÿ”ฅ
Developer Documentation
  • ๐Ÿ‘‹Welcome to Pagerly
  • How To Work With Pagerly
    • Get Started
    • ๐Ÿค‘Create Round Robin Rotations
      • ๐Ÿ“–How To Add Rotation in Pagerly
    • ๐Ÿ› ๏ธSetup Team
      • ๐Ÿ“–Retrieving Schedule Id for PagerDuty
      • ๐Ÿ“–Schedule for JSM Operations
      • ๐Ÿ“–Retrieving Schedule Id for OpsGenie
      • ๐ŸคFind Sheet Id from Google Sheets
      • ๐ŸคRetrieve Calendar Id from Google Calendar
    • ๐Ÿค‘Round-Robin Rotations for Tasks / Picking
      • ๐Ÿ“–How To Add Rotation for Picking Tasks in Pagerly
    • ๐Ÿค‘Round Robin Oncall without Schedule
      • ๐Ÿ“–How To Add Round Robin Rotation for Oncall without Schedule in Pagerly
    • ๐Ÿ˜ŽPlaying with Pagerly
      • ๐Ÿ‘€Mention Current Oncall on any Slack Conversation
      • ๐Ÿ•–Fetch your team's oncall schedule
      • ๐ŸŒ€Overriding Team's Schedule
      • ๐Ÿ—ฃ๏ธLet everyone know who is the Current Oncall of your Team
    • โฐReminders for Upcoming Rotation
    • Pagerduty Sync Slack and Workflows
    • ๐Ÿ”‘Setup Team Access
    • ๐Ÿ› ๏ธIntegrating with Your Paging Tool
      • ๐Ÿ“Retrieving PagerDuty API Key
      • ๐Ÿ“Connect JSM Operations
      • ๐Ÿ“Retrieving OpsGenie API Key
    • Escalations
    • ๐Ÿ—’๏ธIntegration with Jira
      • ๐ŸคAdd Your JIRA Account
      • ๐ŸžCreate a Ticket via Emoji and Follow on Slack Channel
      • ๐ŸงตPost Ticket created on Jira to Slack Thread
      • ๐Ÿš๏ธPost Ticket created on Jira to on Slack Channel
      • ๐Ÿ‘€Create Ticket via Slack Emoji and Follow on Slack Thread
      • ๐Ÿ“œCreate Jira Ticket/Incident using Form
      • ๐Ÿ”„Round Robin Assignment of Jira Issues/Tickets
    • ๐Ÿ“ŸSet Slack Status Automatically
    • ๐Ÿ“†Sync Schedule with Google Calendar
    • Creating Ticket via Emojis
    • ๐Ÿ”„Rotate & Assign Requests
    • ๐Ÿ”„Round Robin Assignment of Jira Issues/Tickets
    • ๐Ÿ”„Round Robin Assignment of Alerts/Incidents (Opsgenie/JSM Ops)
    • Instant Status Pages
    • ๐ŸคMention/Group Multiple Oncals
      • Configure MultiMention Team
    • ๐Ÿ› ๏ธLinear Integration
      • Connect Linear Account
      • Connect Pagerly Team and Linear Team
    • Create Swap on Oncall / Rotations
    • ๐Ÿ”„Custom Change Notification on Slack
    • ๐Ÿ“†Google Calendar with Slack
      • ๐ŸคRetrieve Calendar Id from Google Calendar
    • ๐Ÿ‘จGoogle Groups To Slack Usergroups
      • ๐ŸคFind Sheet Id from Google Sheets
    • Google Sheets with Slack
      • ๐ŸคFind Sheet Id from Google Sheets
    • ๐Ÿ“’Manage Tasks within Slack
    • Microsoft Team Setup
    • Discord App
    • ๐Ÿ‘ฉโ€โš•๏ธHelp and Support
    • ๐Ÿ Self Hosted
    • ๐Ÿ“ŠDaily Oncall Standup
    • ๐Ÿ’ฐCloud Cost App
      • ๐Ÿ› ๏ธSetup IAM Role for Temporary Access
      • ๐Ÿ› ๏ธConfiguring Team for Cloud Cost
  • ๐Ÿ‘จโ€๐Ÿš’Incidence Response
    • ๐ŸงฏPagerly Incidence Response
    • ๐Ÿ“–Overview
      • ๐ŸŽฅVideo Demo
    • ๐Ÿ˜Customization & Workflow
    • โš’๏ธIntegrations
    • ๐Ÿ Self Hosted
    • ๐Ÿ‘ฉโ€๐Ÿ’ผContact Us
Powered by GitBook
On this page
  • AWS Cost Explorer Access via IAM Role for Developers
  • Setting up IAM Role
  • 1. Creating an IAM Role
  • 2. Creating and Attaching the Policy for Cost Explorer Access

Was this helpful?

  1. How To Work With Pagerly
  2. Cloud Cost App

Setup IAM Role for Temporary Access

AWS Cost Explorer Access via IAM Role for Developers

Pagerly would use STS Temporary Role for accessing the AWS Cloud Reports. This is the safest option available for an external account accessing to specific resource on AWS.

This process involves creating an IAM role with the necessary permissions and then using STS to assume this role, which provides you with temporary credentials that can be used to access AWS resources.

In short , you need to create IAM Role which has

  • Access only to Cost Explorer

  • Allows External Account to Assume Role via STS

Note : Pagerly doesn't save any information related to your cloud. We find this runtime and give the reports on Slack

Setting up IAM Role

1. Creating an IAM Role

An IAM role allows you to delegate access with defined permissions, which can be assumed by users, applications, or AWS services without needing to share access keys.

Steps to Create an IAM Role for AWS Cost Explorer for External Access:

  1. Sign in to the AWS Management Console: Navigate to the IAM service.

  2. Navigate to Roles: Click on "Roles" on the sidebar, then click "Create role".

  3. Select Type of Trusted Entity:

    • For access by external accounts or IAM users within your account, select "Another AWS account".

  4. Specify Details:

    • If you selected "Another AWS account", enter the account ID : 065318983578

  5. Click Next: Permissions.

  6. Creating a Trust Policy with Pagerly

    A trust policy defines who is allowed to assume the role.

    Youโ€™ll specify this in the role creation process,

    Pagerly AWS Account Id : 065318983578

    Trust Policy for Allowing Pagerly:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::065318983578:user/pagerly-cloudcost"
                },
                "Action": "sts:AssumeRole",
                "Condition": {}
            }
        ]
    }

2. Creating and Attaching the Policy for Cost Explorer Access

In this step, you'll create a policy that grants permissions to access AWS Cost Explorer and then attach it to the IAM role.

Create the Policy:

  1. Navigate to to IAM Role just created

  2. Go to Add permissions and Create Inline Policy

  3. Choose the Service: Select "Cost Explorer Service".

  4. Add Actions: Choose actions you want to allow, such as GetCostAndUsage and GetCostForecast.

  5. Set Resource to All: Since Cost Explorer does not support resource-level permissions, use "Resource": "*".

  6. Review and Name Your Policy: Enter a name and description for your policy, then click "Create policy".

Or add the following Policy Directly

{
    "Version": "2012-10-17",
    "Statement": [
	 {
		"Effect": "Allow",
		"Action": "ce:GetCostAndUsage",
		"Resource": "*"
	},
	{
		"Effect": "Allow",
		"Action": "ce:GetCostForecast",
		"Resource": "*"
	}
    ]
}

Attach the Policy to Your Role:

  1. Go Back to Your Role: Find the role you created in the Roles menu.

  2. Attach Policies: Click "Attach policies", find the policy you just created, select it, and then click "Attach policy".

Following this guide, you've created an IAM role with the necessary permissions for accessing only AWS Cost Explorer and allowing Pagerly to access this role

PreviousCloud Cost AppNextConfiguring Team for Cloud Cost

Last updated 3 months ago

Was this helpful?

๐Ÿ’ฐ
๐Ÿ› ๏ธ