ROLE-BASED ACCESS NOTE: Some of the features and functionality described in this article require the assignment of the Admin or the DevOps user role to your user account. Without one of these roles assigned, some or all of the functionality may not be available to you.
Getting Aimably connected to AWS is easy! We provide a simple step-by-step walkthrough wizard to get you started. We estimate this process will take you 5 minutes. Do you have multiple AWS accounts? Aimably can handle them all if you follow these steps.
Multi-Account AWS Organizations: In order to complete the connection process, you must be signed in to the managing account and have sufficient permissions to create IAM roles and policies in that account.
Standalone AWS Accounts: In order to complete the connection process, you must be signed in to the account and have sufficient permissions to create IAM roles and policies in that account.
In every new Aimably account, you are asked to connect to AWS immediately after creating the account. If you've skipped that screen, you can always find it again by opening the Configure navigation menu group and selecting Connect to AWS from the options displayed:
Once on the Connect to AWS page, click the blue "Add using Wizard" button:
Once the wizard is launched, click on the big AWS button to initiate the AWS connection process:
Next, you will be asked to select which level of permission you would like Aimably to have when connecting to AWS: Usage Data Only or Data & Scheduling. By selecting Data & Scheduling, you may take full advantage of the Aimably product suite. By selecting Usage Data Only, you will be limiting the capabilities of the Aimably Reduce product. To move forward, please click on the policy you prefer.
A more detailed description of each of these policies is available by clicking the Review Policy link beneath each of the options. If you need additional help determining which policy to choose, please refer to the AWS Policy Selection guide.
Next, a single screen instructional guide appears before you, including links to display AWS screenshots for help along the way.
To get started, click on the turquoise Start CloudFormation Stack button.
This action will take you to the AWS Console with text, configurations, and instructions pre-filled specific to the Aimably product. If you are not already logged in to the AWS Console or you are not logged in with the appropriate permissions, you will be asked to do this first. The screen will look like this:
In order to move forward, you must acknowledge the creation of IAM resources, which will be done in accordance with the permissions policy you set earlier in the wizard. Accept this by clicking the checkbox and then click on the orange Create stack button.
Pause to wait while AWS creates the stack which generates the IAM role. This typically takes less than 30 seconds. When this process is complete, a green checkmark will appear alongside CREATE_COMPLETE text. Please note that it may require a browser refresh to see this.
Once the IAM Role is complete, click on the Outputs tab for the role:
Then, copy the text in the Value column for the RoleARN:
Going back to your Aimably window, insert this copied text into the RoleARN field of the AWS Wizard:
Follow this by inserting your AWS Account Name:
To complete, click the blue Check Details and Save button.
Once the process is complete, you will find that your complete organizational structure is now visible in Aimably.
Resolving Blocked Connections to Member Accounts
Aimably uses the default configurations formed between managing and member accounts upon creation to establish a trusted relationship and grant access from the managing account to a member account. In the event that the default configuration is missing or has had its access limited, a member account will appear with a red tone in the organizational diagram. Please see our guide to resolving blocked connections to grant Aimably access.
For more information on Aimably's connection with AWS, please refer to this guide: FAQ: Understanding How Aimably Retrieves AWS Account Data