nOps requires safe, secure, and AWS-approved access to your AWS accounts in order to give you the analysis, dashboards, and reports that you need. We only see what we need, no more, and we need you to give us the permission first.

In order to get started with nOps, the first step is to set up an AWS account for nOps via the Wizard/Automatic Setup or the Manual Setup. We made the setup process as easy as possible for you while complying with AWS security best practices.

In Automatic Setup, nOps takes care of creating the IAM policy and the CloudFormation stack for the account:

This article is divided into the following sections:

  1. Prerequisites

  2. Automatic Setup

  3. IAM and CloudFormation

  4. Troubleshooting tips

Prerequisites

To successfully set up the AWS account, the AWS user must possess:

  • Access to the master payer account, if you are using AWS Organizations.

  • Permission to create and run an AWS CloudFormation stack.

  • Permission to create AWS Identity and Access Management (IAM) roles in your account.

  • The name of an Amazon S3 bucket where your AWS Cost and Usage Reports (CURs) will be written. (nOps will create a bucket with the provided name, if one does not exist.)

  • CURs enabled in the account.

Pro Tip: If you add an AWS child account, nOps will only see the cost details of the specific child account instead of the cost details of the entire organization.

Adding AWS account (Automatic Setup)

When you log in to your nOps account for the first time, a pop-up screen will appear. This pop-up screen will guide you on how you can add your AWS account to nOps. The screen consists of four distinct sections:

  1. Select Cloud Type

  2. Getting Started

  3. Link AWS Account

  4. Fetching

If the pop-up was closed, or you want to add another account:

  1. On the top-right corner of your nOps account, click the Add Cloud Account button. This will take you to the Cloud Accounts page. You can also go to the Cloud Accounts page from the user avatar drop-down option Organization Settings.

  2. In the Cloud Accounts page, click Add New Account. This will take you to the Cloud Platform page.

  3. In the Cloud Platform page, select AWS Account and click Next.

Select Cloud Type

In the pop-up screen, the first step is to select a cloud type. Select AWS Account and click Next.

Getting Started

The Getting Started section confirms if you have the required access to add an AWS account to nOps. To see the full list of access requirements, see Prerequisites.

If you have the required access, click Yes, I have access in order to go to the next section:

If you do not have the required access, to invite a member of your organization that has the required access, click No, Invite Member. This will take you to the Invite User page.

Link AWS Account

In this section, you have the option to continue the setup either with the nOps Wizard Setup (Automatic Setup) or Manual Setup:

If you want to create the IAM policy and role yourself, select Manual Setup and click Next. To learn more about Manual Setup, see Manual Setup.

To automatically create the AWS account IAM Policy and CloudFormation stack, select the nOps Wizard Setup and click Next. This will take you to the Auto AWS Account Setup page:

On the Auto AWS Account Setup page, enter the following details:

  • AWS Account Name: A friendly unique name for the nOps account setup, i.e., "nopsMyCompany".

  • S3 Bucket Name: A unique name of the S3 bucket you created for nOps. Use a name in all lowercase and numbers to distinguish this in your Cost and Usage Report. nOps will create a bucket with the provided name, if one does not exist.

Click Setup Account, this will redirect you to the AWS console:

On the AWS console, log in using an account that has rights/access defined in the prerequisite section, which can be either the root account or an admin account.

When you log in, you will be redirected to the Create Stack page. All the fields on this page will be pre-populated.

Note: CF stack can run from any region you prefer. You can easily change the region of CF stack from the CloudFormation screen once you launch it from nOps.

Click on the checkbox for “I acknowledge that AWS CloudFormation might create IAM resources”, highlighted above. nOps needs this permission to automate the creation of the IAM role.

After you click the checkbox, click on the Create button to start the data ingestion.

Fetching

Fetching is the last step in the pop-up screen. Fetching checks the account connectivity with AWS, checks CloudFormation stack permissions, and starts data ingestion.

When data ingestion starts, in AWS console CloudFormation > Stacks > Stack Detail:

  1. If you have all required permissions, as mentioned in the prerequisites section, the setup will start creating the stack with the status “CREATE_IN_PROGRESS”. Once the stack is created the "Status” will change to “CREATE_COMPLETE”.

    You can click the browser refresh button to check progress. Normally it takes 1 to 2 minutes to complete the process.

  2. If you don’t have proper permissions then you will see errors as shown in the screenshot below, and the stack will not be created. You can assign the necessary permissions to the AWS user or ask other teammates to rerun the setup.

  3. Once the stack creation is successful, log in to https://www.nops.io after the nOps integration (stack) creation process is completed.

Note: It can take up to 24 hours before you start seeing the different nOps dashboards and compliance views populated with data from your workload.

If you have any questions, please contact us at help@nops.io, or by phone at +1 866-673-9330.

On initial ingestion, nOps will pull the data from AWS accounts based on the following durations:

  • Cost data: 6 months look back + current month.

  • Rules: Current date.

  • CloudTrail Events: 14 days look back.

IAM and CloudFormation:

The IAM policy used by nOps is scoped to read and write permissions only.

Lambda function automates creation of Role and Bucket (if it’s absent) for nOps integration to work.

Code for the Lambda function is available for your review. Click the link to get the YAML file.

If you are not comfortable with using the automated setup, you can use manual steps for the setup.

Article: Adding Your AWS account with the Manual Setup

View the latest IAM Policy here

Troubleshooting Tips:

  • Do you have a pop-up blocker on your browser? A pop-up blocker on your browser will stop nOps from redirecting you to an AWS account to create a stack.

  • There may have been a disconnect when creating the S3 stack causing the stack to have an error of ROLLBACK_ERROR. In this case, re-try the automatic setup, then delete the first one.

  • Is it pulling in incorrect data? Make sure that you are logging into the correct account. When you have multiple access to AWS accounts, it can import the wrong data. Ensure that you’re logged in to the correct account prior to starting the integration process.

  • If you belong to an Organization ( multiple accounts linked to a Master Account) ensure that you are logged into the Master account before running the wizard (so the billing data is populated) or having organizational billing data files exported to one of your buckets.

Related Articles:

How Child Accounts Work in nOps

Did this answer your question?