Step-2 : Create an IAM role for DigitalEx

This steps only provides illustrations on creating a role but a user with access/secret key is also supported. If you wish to create a user, please assign similar permissions as documented for a role below. We encourage a use of a Role over a User as its more secure.

1. Login to AWS Member account you’re trying to onboard as an Administrator if not already logged in. And navigate to IAM service using AWS search bar.

2. On a IAM Console, Select Roles from the left menu, and click Create role. One the create role screen please select the configuration as follows

a. Trusted entity type: AWS Account

b. An AWS account: Choose Another AWS account and fill in the account number as 911403356698

c. External ID: In this field, Enter the tenant id shared by your partner company.

d. Finally click Next

3. Click Next, on next screen for permissions, please choose 'All Types' in the filter and select the listed policies below.

• ReadOnlyAccess

• ViewOnlyAccess

• IAMReadOnlyAccess

• CloudWatchReadOnlyAccess

• ComputeOptimizerReadOnlyAccess

• AWSOrganizationsReadOnlyAccess

  

4. Click Next again & on a final page, give a name to the role & click Create role

5. Open the newly created role

6. Click on Add permissions → Create inline policy.

   

7. Search for Cost Explorer Service

8. Click on Write → StartSavingsPlansPurchaseRecommendationGeneration →Next

   

9. Enter the policy name.

10. Click onCreate policy.

    

11. Once the role is created, please note the ARN of a role, which will be required in the next step.

If you still wish to prefer using access/secret access key. Follow below steps

1. Login to AWS Member account you’re trying to onboard as an Administrator if not already logged in. And navigate to IAM service using AWS search bar.

2. On a IAM Console, Select Users from the left menu

3. Click on Create User

4. Enter the Username & click Next.

5. Select Attach policies directly, on next screen for permissions, please choose 'All Types' in the filter and select the listed policies below.

• ReadOnlyAccess

• ViewOnlyAccess

• IAMReadOnlyAccess

• CloudWatchReadOnlyAccess

• ComputeOptimizerReadOnlyAccess

• AWSOrganizationsReadOnlyAccess

  

6. Click Next again & on a final page, give a name to the role & click Create user

   

7. Once the user is created, please click on the user to create a Secret Key

8. Go to Security Credentials tab & Click on Create Access Key

   

9. Select Application running outside AWS & Click on Next

   

10. Click on Create access key.

11. Secret Key will get generated.

12. Copy the Access Key & Secret Key which will be required in the next step.

13. Open newly created user

14. Click on Add permissions → Create inline policy.

15. Search for Cost Explorer Service

16. Click on Write → StartSavingsPlansPurchaseRecommendationGeneration →Next

    

17. Enter the policy name.

18. Click onCreate policy.

    

<<Previous ---------------------------------------------------------------------------------------------------------- Next>>