nOps requires the following write permissions for setup (optional):

  • logs:CreateLogGroup, logs:CreateLogStream, logs:PutLogEvents — These permissions provide the ability to create automatic setup on nOps.

  • s3:* (billing bucket only) — or reuse the existing one for CUR setup.

  • s3:CreateBucket — This permission provides nOps the ability to create a new bucket for CUR setup. Our Cloudformation creates and removes the policy as part of automated set-up in order to generate an S3 bucket if it does not exist.

nOps requires the following write policies for operation:

  • cur:PutReportDefinition — This permission helps the automatic account setup process. It will create a new Cost and Usage Report if it doesn’t exist and provides a smooth cost integration with nOps. Clients can deny this permission and can do the setup manually.

  • wellarchitected — nOps needs this permission to interact with this service, and generate reports. If the client disables this permission, the Workload features and WAFR report might not work correctly.

Did this answer your question?