nOps requires the following write permissions for setup (optional):
logs:CreateLogGroup, logs:CreateLogStream, logs:PutLogEvents — These permissions provide the ability to create automatic setup on nOps.
s3:* (billing bucket only) — or reuse the existing one for CUR setup.
s3:CreateBucket — This permission provides nOps the ability to create a new bucket for CUR setup. Our Cloudformation creates and removes the policy as part of automated set-up in order to generate an S3 bucket if it does not exist.
nOps requires the following write policies for operation:
cur:PutReportDefinition — This permission helps the automatic account setup process. It will create a new Cost and Usage Report if it doesn’t exist and provides a smooth cost integration with nOps. Clients can deny this permission and can do the setup manually.
wellarchitected — nOps needs this permission to interact with this service, and generate reports. If the client disables this permission, the Workload features and WAFR report might not work correctly.