nOps requires safe, secure, and AWS-approved access to your AWS accounts in order to give you the analysis, dashboards, and reports that you need. We only see what we need, no more, and we need you to give us permission first.
In order to get started with nOps, the first step is to set up an AWS account for nOps via the Setup Wizard and subscribe to nOps on the AWS marketplace. We made the setup process as easy as possible for you while complying with AWS security best practices.
In Automatic Setup, nOps takes care of creating the IAM policy and the CloudFormation stack for the account. If you have more than 10 accounts that you want to onboard, Automatic Setup also provides you the option to use the IaaC setup process to onboard all accounts simultaneously.
To successfully set up the AWS account(s), the AWS user must possess:
Access to the master payer account, if you are using AWS Organizations.
Permission to create and run an AWS CloudFormation stack.
Permission to create AWS Identity and Access Management (IAM) roles in your account.
The name of an Amazon S3 bucket where your AWS Cost and Usage Reports (CURs) will be written. (nOps will create a bucket with the provided name, if one does not exist.)
CURs enabled in the account.
Pro Tip: If you add an AWS child account instead of a Master Payer Account, nOps will only see the cost details of the specific child account instead of the cost details of the entire organization.
Adding AWS Account(s) (Automatic Setup)
When you log in to your nOps account for the first time, a pop-up screen will appear. This pop-up screen will guide you on how you can add your AWS account(s) to nOps. The screen consists of four distinct sections:
Select Cloud Type
Link Cloud Accounts
If you only add a single account during the automatic setup and want to add more accounts later, once your single account is onboarded and you have access to the nOps platform:
On the top-right corner of your nOps account, click on your user avatar to open a drop-down list.
In the dropdown list, click Organization Settings. This will take you to the Cloud Accounts page.
In the Cloud Accounts page, click + Add New Account.
Select Cloud Type
In this first section Select Cloud Type, the first page is the Buy on AWS Marketplace page. This page will provide you with the details of what and how nOps charges its customers. You can subscribe to nOps in the AWS marketplace by clicking Subscribe to AWS Marketplace:
To skip the subscription right now, click I’ll do it later. If you skip, nOps will ask you to subscribe at the end of the setup process.
When you click Subscribe to AWS Marketplace, you will be redirected to nOps Cloud Management Platform page in the AWS Marketplace.
After you subscribe, the next page in this section is Cloud Account Type. On this page, select the type of the cloud account that you want to onboard and click Next:
In the scope of this article, we are going to deal with the AWS Account setup process.
In this section, you need to select the account setup method. In the scope of this article, we will deal with the Automatic Setup. Select the Automatic Setup and click Next.
To learn more about Manual Setup, see Manual Setup. To learn more about IaaC Setup, see IaaC Multiple Accounts Setup.
Link Cloud Accounts
On the first page of this section, you can either select an AWS Organization account or a Single Account.
In the case of an AWS Organization account:
Make sure that you are logged into your AWS Master Payer Account.
Select the AWS Organization option.
Fill out the AWS Master Payer Account Name and S3 Bucket Name fields.
Click Setup Account.
If you select AWS Organization account, in the next section Link Cloud Account, you will have the option to onboard the child accounts associated with your AWS Organization Account.
In the case of Single Account:
Make sure that you are logged into your AWS account.
Select the Single Account option.
Fill out the AWS Account Name and S3 Bucket Name fields.
Click Setup Account.
When you click Setup Account, you will be redirect you to the AWS console:
On the AWS console, if you are not already logged in, log in using an account that has rights/access defined in the Prerequisites section.
When you log in, you will be automatically redirected to the Create Stack page. All the fields on this page will be pre-populated:
Note: CF stack can run from any region you prefer. You can easily change the region of the CF stack from the CloudFormation screen once you launch it from nOps after your setup process is complete.
Click on the checkbox for “I acknowledge that AWS CloudFormation might create IAM resources”, highlighted above. nOps needs this permission to automate the creation of the IAM role.
After you click the checkbox, click on the Create button to start the data ingestion.
nOps will check the account connectivity with AWS, check the CloudFormation stack permissions, and start the ingestion:
When data ingestion starts, in AWS console CloudFormation > Stacks > Stack Detail:
If you have all required permissions, as mentioned in the prerequisites section, the setup will start creating the stack with the status “CREATE_IN_PROGRESS”. Once the stack is created the "Status” will change to “CREATE_COMPLETE”. You can click the browser refresh button to check progress. Normally it takes 1 to 2 minutes to complete the process.
If you don’t have proper permissions then you will see errors as shown in the screenshot below, and the stack will not be created. You can assign the necessary permissions to the AWS user or ask other teammates to rerun the setup.
Once the stack creation is successful, log in to nOps Dashboard after the nOps integration (stack) creation process is completed
Once your AWS accounts are linked successfully, you will see the following screen:
Once you log back into nOps, after data ingestion is complete, in the case of AWS Organization Account you will see the Setup Child Account page. With the help of your CUR, the setup process will automatically pull in the child accounts associated with your Organization account:
To onboard a child account, click Automatic Setup. If you don’t want to add a specific child account, click Skip Setup
If you don’t have the required permissions to onboard a child account, click Invite team member to invite a member of your organization who has the required permissions.
If you click Automatic Setup, the setup process will show you a confirmation popup:
Before you click Proceed, make sure that you are logged in to the child account you are onboarding. When you click Proceed, you will redirect you to the AWS CloudFormation console with all the fields pre-filled:
Check the I acknowledge that AWS CloudFormation might create an IAM resources checkbox, and click Create Stack.
To take a look at the nOps CloudFormation template, see CloudFormation YAML Template.
If you decide not to give nOps the required access, you might face the following warning:
You can click Proceed and Setup later, but in this case you will not be able to access the features that depend on the required services.
In case, nOps detects more than 10 child accounts, you will see the following prompt:
nOps recommends that in this case, you use the IaaC Setup instead of the Automatic Setup. To learn more about the IaaC setup, see IaaC Multiple Account Setup.
Once all the Child Accounts are added or skipped, click Next.
If you didn’t subscribe to the nOps on the AWS Marketplace at the beginning of the setup, you will see the following screen with an estimate of how much saving you are missing out on based on the ingested data:
To subscribe click Subscribe to AWS Marketplace.
If you’ve already subscribed, congratulations! The setup process is now complete:
Note: It can take up to 24 hours before you start seeing the different nOps dashboards and compliance views populated with data from your workload.
If you have any questions, please contact us at firstname.lastname@example.org, or by phone at +1 866-673-9330.
On initial ingestion, nOps will pull the data from AWS accounts based on the following durations:
Cost data: 6 months look back + current month.
Rules: Current date.
CloudTrail Events: 14 days look back.
IAM and CloudFormation:
The IAM policy used by nOps is scoped to read and write permissions only.
Lambda function automates creation of Role and Bucket (if it’s absent) for nOps integration to work.
Code for the Lambda function is available for your review. Click the link to get the YAML file.
If you are not comfortable with using the automated setup, you can use manual steps for the setup.
View the latest IAM Policy here
Do you have a pop-up blocker on your browser? A pop-up blocker on your browser will stop nOps from redirecting you to an AWS account to create a stack.
There may have been a disconnect when creating the S3 stack causing the stack to have an error of ROLLBACK_ERROR. In this case, re-try the automatic setup, then delete the first one.
Is it pulling in incorrect data? Make sure that you are logging into the correct account. When you have multiple access to AWS accounts, it can import the wrong data. Ensure that you’re logged in to the correct account prior to starting the integration process.
If you belong to an Organization ( multiple accounts linked to a Master Account) ensure that you are logged into the Master account before running the wizard (so the billing data is populated) or having organizational billing data files exported to one of your buckets.