Permissions needed to link AWS to Stax Cost & Compliance

Firstly, you need to be an administrator of your AWS accounts to link them to Stax.

Article Tags
On This Page
See also
This guidance assumes you're subscribed to only the Stax Cost & Compliance module. If your AWS accounts are Stax-managed, Stax takes care of this for you.

Stax accesses your AWS metadata using AWS best practices, as described here.

We believe that the right way to manage infrastructure is always to use automation, as this gives you safety and repeatability.

With that in mind, we provide a CloudFormation template which creates the IAM roles we need. To perform the linking, your user needs the ability to create a CloudFormation stack and the ability to create an IAM role.

In specific IAM permissions, this is:

  • cloudformation:CreateStack
  • iam:CreateRole
  • iam:CreatePolicy
  • iam:AttachRolePolicy

If your IAM user has the AdministratorAccess managed policy attached, then these are included. You can also use the root IAM user, though that is not best-practice and we don't recommend taking any actions as the root IAM user (this is one of the things that Stax Cost & Compliance checks for!).

See also