Setting up nOps (Manual Setup)

Adding your AWS account with the manual setup feature. First, create the IAM Policy for nOps to access read-only information. Create an S3 bucket or choose an existing S3 bucket. Please follow the instructions below.

Creating the IAM policy

  1. On the AWS Management Console, go to the ‘Identity and Access Management’ screen.
  2. From the left navigation panel choose ‘Policies’
  3. Click on ‘Create Policy’.
  4. Choose ‘Json Tab’
  5. Replace the existing Json script with the script given below and click on ‘Review Policy’. Make sure you replace [bucket_name] with your billing bucket name to ensure policy efficacy.

IAM policy for nOps Last Updated: 20 March 2020

JSON

{

"Version":"2012-10-17",

"Statement":[

{

"Action":[

"autoscaling:DescribeAutoScalingGroups",

"ce:GetCostAndUsage",

"ce:GetReservationPurchaseRecommendation",

"ce:GetRightsizingRecommendation",

"ce:GetSavingsPlansPurchaseRecommendation",

"cloudformation:DescribeStackResources",

"cloudformation:DescribeStacks",

"cloudformation:GetTemplate",

"cloudtrail:GetTrailStatus",

"cloudtrail:DescribeTrails",

"cloudtrail:LookupEvents",

"cloudwatch:GetMetricStatistics",

"cloudwatch:ListMetrics",

"config:DescribeConfigurationRecorderStatus",

"config:DescribeConfigurationRecorders",

"config:DescribeDeliveryChannelStatus",

"config:DescribeDeliveryChannels",

"cur:DescribeReportDefinitions",

"cur:PutReportDefinition",

"dynamodb:DescribeContinuousBackups",

"dynamodb:DescribeTable",

"dynamodb:ListTables",

"ec2:DescribeAddresses",

"ec2:DescribeInstanceStatus",

"ec2:DescribeInstances",

"ec2:DescribeNatGateways",

"ec2:DescribeNetworkInterfaces",

"ec2:DescribeRouteTables",

"ec2:DescribeSecurityGroups",

"ec2:DescribeSnapshots",

"ec2:DescribeSubnets",

"ec2:DescribeVolumes",

"ec2:DescribeVpcs",

"ecs:DescribeClusters",

"ecs:ListClusters",

"eks:ListClusters",

"elasticache:DescribeCacheClusters",

"elasticache:DescribeCacheSubnetGroups",

"elasticfilesystem:DescribeFileSystems",

"elasticloadbalancing:DescribeLoadBalancers",

"es:DescribeElasticsearchDomains",

"iam:GetAccessKeyLastUsed",

"iam:GetAccountSummary",

"iam:GetLoginProfile",

"iam:GetRole",

"iam:ListAccessKeys",

"iam:ListAccountAliases",

"iam:ListAttachedGroupPolicies",

"iam:ListAttachedUserPolicies",

"iam:ListGroupsForUser",

"iam:ListMFADevices",

"iam:ListRoles",

"iam:ListUserPolicies",

"iam:ListUsers",

"lambda:GetFunction",

"lambda:ListFunctions",

"rds:DescribeDBInstances",

"rds:DescribePendingMaintenanceActions",

"rds:ListTagsForResource",

"s3:GetBucketAcl",

"s3:GetBucketLogging",

"s3:GetBucketPolicy",

"s3:GetBucketPolicyStatus",

"s3:GetBucketPublicAccessBlock",

"s3:GetBucketVersioning",

"s3:GetEncryptionConfiguration",

"s3:HeadBucket",

"s3:ListAllMyBuckets",

"support:DescribeTrustedAdvisorCheckRefreshStatuses",

"support:DescribeTrustedAdvisorCheckResult",

"support:DescribeTrustedAdvisorChecks",

"tag:getResources",

"tag:getTagKeys",

"tag:getTagValues"

],

"Effect":"Allow",

"Resource":"*"

}

]

}

Provide some name and description to the policy.

Click on ‘Create Policy’.

Creating IAM roles

From the left navigation panel choose ‘Roles’

Click on ‘Create Role’

Select type of trusted identity: Choose

Specify accounts that can use this role: AWS will ask for Account ID and External ID. For Account ID enter the nOps account ID (202279780353) and for External ID, enter any unique string. The External ID adds an extra level of security for you. Please do not check ‘Require MFA’. Please save the External ID, you will have to use it while adding the project in nOps.

Click on ‘Next: Permissions’

Click on "Next:Tags" Add tags to be associated with this role.

On Next Step, we will attach the policy created in the earlier task and then click on ‘Next:Review’

Provide some name and description to the role and click on ‘Create Role’

Return to nOps to complete the setup.

Setup Cost & Report Usage

Go to: Billing & Cost Management Dashboard → Report section. https://console.aws.amazon.com/billing/home?#/reports

Click on Create Report

Enter the report name, and tick the Include resource IDs checkbox. (required)

Suggestion:
Report name: nopsbilling-daily-gzip
Tick: Include resource IDs
Tick: Automatically refresh your Cost & Usage Report when charges are detected for previous months with closed bills.

Create the S3 billing bucket

  • Enter the S3 bucket to deliver the report. Click on verify. (Make sure the S3 bucket has an appropriate Policy for delivery report, check section II. )
  • Enter the report path prefix (Optional) - Suggestion: nopsbilling
  • Choose Daily (required) for Time granularity
  • Choose the Report versioning (Optional) - Suggestion: Overwrite existing report
  • Choose GZIP as Compression type (Required)

Next, select an existing S3 bucket name or Create a bucket

Click Next.

S3 Bucket policy for cost and usage report

Verify policy by click on the "I have confirmed that the policy is correct"

Click Save.

Adding AWS account manually in nOps:

Setting up the AWS account is a 2-step process:

  1. Add AWS account details to fetch CloudTrail data and the other is adding a billing bucket to fetch billing data, you can add both at the same time (recommended).

Note: If you don’t add a billing bucket your billing stats pages in nOps will not show any data.

Select: Yes, I have access

Select the Manual Setup method on the Setup nOps page.

Add AWS Account Name.

Enter:

S3 bucket

nameReport

namePrefix path

For role-based access, we need ARN of the IAM role.

Retrieving the ARN

Go to IAM service in AWS. In the roles tab, look for the role for which we need ARN.

Click the role and copy the ARN of the role and paste it into the ARN of IAM role field in nOps.

For External ID, use the same one you used when created the role earlier.

Add billing bucket name. Make sure the billing bucket name is the same as the S3 bucket you created for billing.

When adding the AWS account to nOps make sure you save the settings after filling all the fields as in the screenshot below.

Note: It’ll take about a day for billing data to populate and a couple of hours for CloudTrail data to populate. If you have any questions, please contact us at help@nops.io

Viewing Added Projects:

You can view the list of all added projects in your project settings. To view go to UserName Dropdown (Top right) → Settings → AWS Accounts. where it shows the name of the billing bucket [If added] and also the “Last fetch” time of the billing bucket.

Editing an Existing Project:

Go to UserName Dropdown (Top right) → Settings → AWS Accounts

Click on any project you want to edit and it will open the edit “Account Details” page.

You can do changes as per your requirements and make sure to click the Update Account button in order to save changes.

Note: If you try to edit the billing bucket of an existing project it can cause changes in cost pages data or undesired results.

Related Articles:

How Child Accounts Work in nOps

Did this answer your question?