ROLE-BASED ACCESS NOTE: Some of the features and functionality described in this article require the assignment of the Admin or the DevOps user role to your user account. Without one of these roles assigned, some or all of the functionality may not be available to you.
This guide explains how to select the proper policy for Aimably access to AWS, based on your business needs.
Aimably connects to AWS using a series of permissions that grant specific access and control over your AWS organization. Because we know that access to your AWS organization should be strictly controlled, we offer multiple policy permission sets for you to choose from: Data & Scheduling or Usage Data Only.
Basic Policy Descriptions and Differences
While both the Usage Data Only and the Data and Scheduling policies collect usage data from AWS to power the Aimably Warn and Aimably Insight modules, including billing details and inventory of both servers and services, the Data and Scheduling policy allows Aimably to implement any Aimably Reduce cost-saving actions on your behalf. At this time, these functions are limited to the ability to stop and start EC2, RDS, and Redshift instances.
Both policy types collect data from all regions and all member accounts in an AWS organization. This is performed by inserting the policy and corresponding role on the managing account. Installing each policy requires that the AWS user has permission to create IAM roles in the AWS console for the managing account.
Advanced Policy Details
The exact code of each policy can be found here:
Implementing Policy Updates
From time to time, Aimably will update the AWS policies used to expand our service offerings, including offering additional cost-control interventions through Aimably Reduce. Please note that these policy changes will not be automatically applied to your company's account. Whenever Aimably has updated AWS policies, users with administrative controls will be prompted to update the connection to AWS upon login to Aimably. At that time, you will be encouraged to review the updated policy. It is required to perform this update in order to take advantage of any new Aimably functionality.
After connecting Aimably to AWS, you may discover that you would like to switch from one policy to another. This can be easily performed by re-running the connection wizard. To do this, open the Configure navigation menu group and then select the Connect to AWS menu option:
Then, find the AWS account whole policy you would like to update. Click the Wizard button at the right of the account:
Then, follow connection steps just as you did when first connecting to AWS.
Please Note: If you do attempt to connect via a new policy by using the blue 'Add using Wizard' button, this new connection will be duplicative and you will need to delete the old connection by clicking on the trash can icon that appears on the far left of the account listing. If you do not do this, the usage data in your account may appear to be doubled in size.
For more information on Aimably's connection with AWS, please refer to this guide: FAQ: Understanding How Aimably Retrieves AWS Account Data