Documentation
Start typing to search…

Update AWS IAM permissions

πŸ“† Update: September 2024

As part of our ongoing efforts to enhance the accuracy of our Savings Plans/Reservation utilization and alerts, we require additional permissions to read details about AWS reservations and savings plans. Please update the IAM policy in your AWS payer and linked accounts to ensure you continue receiving accurate reports and recommendations.

The new permissions required are:

- es:DescribeReservedInstances
- es:DescribeReservedElasticsearchInstances
- rds:DescribeReservedDBInstances
- elasticache:DescribeReservedCacheNodes
- redshift:DescribeReservedNodes
- savingsplans:DescribeSavingsPlans

ℹ️

If no action is taken, Umbrella will be unable to provide accurate and complete information about your reservations and savings plans, such as alerts for upcoming reservation expirations.


The updated policies:


How to Update your Policy(s)

Option 1

  1. Login to the AWS Console for your payer account and navigate to IAM > Policies.
  2. Select "PileusPolicy" (if it doesn't exist it means that a different name was used when onboarding).
  3. Edit the policy.
  4. Paste the updated policy:
  5. Click Save.
  6. Repeat the above steps for all AWS payer accounts/ Linked accounts used by Umbrella.

Option 2

Note: The following instructions demonstrate the process for a payer account but are also applicable to linked accounts. Be sure to update the account ID in the values highlighted in red.

Use the below command in AWS CLI to align all your payer accounts with AWS requirements.

  1. From the AWS Console: download your current policy :
    https://us-east-1.console.aws.amazon.com/iam/home#/policies/arn:aws:iam::<CUSTOMER-PAYER-ACCOUNT-ID>:policy/PileusPolicy , and save it as "PileusPolicy". If the policy name "PileusPolicy" doesn't exist, it means that while onboarding a different name was used.

  2. Download NewPolicyVersion:

    • For a payer account policy, click here .
    • For a linked account policy, click here .

  3. Open AWS CLI and run the following command:
    please veirfy the AWS profile you want to update the new policy

    aws iam create-policy-version 
 --policy-arn arn:aws:iam::[CUSTOMER-PAYER-ACCOUNT]:policy/PileusPolicy 
 --policy-document file://NewPolicyVersion.json --set-as-default

    WhereNewPolicyVersion is the updated policy
    and PileusPolicy is the old policy that needs to be updated.

  4. Repeat the above steps for all AWS payer accounts/ Linked accounts used by Umbrella.

Updated 12 days ago