Documentation
Start typing to searchโ€ฆ

๐Ÿ› ๏ธ AWS Manual Onboarding

This article describes how to get started with onboarding with AWS.

๐Ÿ“

Before starting the flow ensure that:

  • You have AWS organization permissions to create IAM roles.
  • The account you want to onboard is a payer account (not a linked account)

From the Accounts dropdown list, click Add account and then click the AWS icon.

Choose how you would like to complete the onboarding:

Manually Onboarding Process Flow

1. Create a CUR file and activate tag allocation.

  1. Connect the AWS portal for your payer account.
  2. Navigate to Billing and Cost Management > Data Export page.
  3. Click on Create
  4. Choose Legacy CUR Export
  1. Enter the any Export name (we recommend using UmbrellaCostCUR).
  2. Define the following in the export detilas:
    • Under the Additional export content choose Include resource IDs.
    • Choose hourly time granularity.
    • Under Report versioning choose Overwrite existing report option.
    • Make sure that the Compression type is ZIP.
  1. Under Data export storage settings choose the option to configure S3 bucket.
  2. Click on creating a new bucket and name it as you like (we recommend UmbrellaCostCUR).
  1. Note the region and click on Create Bucket.

โ„น๏ธ

Note the region of the bucket as you will have to enter it in the Umbrella Cost platform

  1. In the S3 path prefix enter the value: Umbrella.
  2. Click on Create Report.

In order to see the Tag values in the CUR follow the below steps:

  1. From the left menu click on Cost allocation tags.
  2. Select all the tags and click Activate.

2. AWS Details

  1. Enter the account ID, bucket name, and bucket region from the previous step.
  2. Enter the Display Account Name shown in Umbrella and click Next.

3. Grant Access

Grant access to Umbrella Cost using AWS CLI or manual flow.

Grant Access using AWS CLI:

  1. Step A- Download all the JSON files from step.
  2. Step B- Navigate to the AWS portal, open the AWS CLI, and copy and run the commands.
  3. Step C- Copy the Role ARN from the CLI and paste it in step C in Umbrella. Then, click on Next.

Grant Access using Manual flow:

Download all the JSON files from step A (as shown in the screenshot above). Then, create in the AWS console Policy, Role, and Event Notification as described as follow:

Create Policy

  1. Navigate to the AWS portal IAM > Policies page, and click Create policy.
  2. Switch to the JSON editor, delete the template policy, and paste the text from the PileusPolicy.json file you downloaded. Then click Next.
  3. Set the policy name to PileusPolicy, and click Create policy.

Create Role

  1. Navigate to the AWS portal IAM > Roles page, and click Create role.
  2. Select the Another AWS account option, enter Umbrella account ID (932213950603), and click Next.

  1. In the search bar, select PileusPolicy (created in the previous step), and click Next.
  2. Set the policy name to PileusRole.
  3. In the Trust policy section, click Edit and paste the text from the file PileusRole.json you downloaded, then click Create role.
  4. Navigate to the AWS Roles page, search for PileusRole, and click on it.
  5. Copy the ARN value from the top of the page, and paste it into Umbrella.

Create Event Notification

  1. In AWS, navigate to the dedicated S3 bucket you created and click Properties.
  1. Scroll down and click Create Events Notifications.
  2. Enter an Event name and ensure the All object create events checkbox is selected.

  1. In the Destination section, select the SNS Topic option and Enter SNS topic ARN.
    Then, under the SNS topic paste the TopicArn value from the NewInvoiceTopicConfiguration.json file that you downloaded from Umbrella at the beginning of this step. Then, click Save Changes.

4. Validate Access

Download the file from step A and paste it into the dedicated bucket you created from Umbrella. Then click Next.
This will allow Umbrella access to download the files from this bucket.

๐Ÿ“

Validating Account

In this step, Umbrella validates all your AWS details. This step can take up to 1 hour.
We will inform you once the validation is done so that you will be able to connect your linked account. Note: In case you do not want to connect your linked accounts you can ignore the email and we will notify you again after the entire process is done and you can see data in your account.

5. (Optional) Linked Account Status

๐Ÿ””

For Umbrella to be able to create recommendations for your account, you will need to connect all the linked accounts to the platform. You can find the full instructions here.

6. Process Data

This step can take up to 48 hours (depending on when we will receive your files from AWS).
We will notify you by email once it is done and you can see data in your account.

Updated 12 days ago