Linking your AWS accounts to Stax Cost & Compliance

Securely link with IAM to see your AWS metadata in Stax

Article Tags
On This Page
Link your AWS accounts to Stax Cost & ComplianceTroubleshooting

This easy process takes about 3 minutes.

We access your AWS data securely using an AWS IAM role. This is read-only and we see none of your customer data.

The role is created automatically when you run a CloudFormation script we provide.

  1. To start, click the "Let's get started" button shown here:

  1. Click through "Yes, I have access" to proceed:

  1. AWS stores your billing information in an S3 bucket which you choose. Put the name of that S3 bucket in this page:

  1. Click "Open AWS Console" to go to AWS and run CloudFormation:

  1. Once in AWS, there are a couple of steps:
  • Log in to the AWS account that has your billing. (If you're in a Consolidated Billing Family then this is the root account.)

  • This takes you to CloudFormation. Scroll down the page and check the box next to "I acknowledge that AWS CloudFormation might create IAM resources."

  • Click the Create button.

  1. Close the tab and return to the Stax window. You’ll see we’re listening for your IAM role to be created. Once this happens, your accounts are linked!

Now Relax and Wait

We pull a lot of data from AWS. For an average sized account, there will be tens of gigabytes ingested at this point. It takes some time for us to process all of this, usually between 2 and 48 hours. We'll let you know by email when that's all done.

Troubleshooting

What if I Have More Than One Account?

Don't worry, Stax works seamlessly with as many accounts as you want.

How Do I Know the IAM Role Is Secure?

Stax uses AWS best practices for enabling third-party access to accounts, as described on the AWS site here.

What Does the IAM Role Allow You To Do?

We intend for the IAM role to give us read-only access to the metadata about how you use AWS. There is no access at all to your company or customer data.

If you want to review the security content of the IAM roles themselves, they're given here:

https://s3-ap-southeast-2.amazonaws.com/stax-public-resources/stax-iam-role-billing-cfn.json

https://s3-ap-southeast-2.amazonaws.com/stax-public-resources/stax-iam-role-service-cfn.json

What If I Change My Mind About Using Stax?

This is entirely within your control. Just delete the CloudFormation stack which contains the IAM role. Then we have no further access to your account.

I Have No Access to Run CloudFormation?

Click the Invite Colleagues button to send a quick invite to someone who has the right access.

Not a Technical Person?

You might still be able to go through the process, it's not complicated. If you're not comfortable doing so, click Invite Colleagues to invite the person who usually does your technical work.