Before you begin, ensure you have:

  • Sign up to MilkStraw AI.
  • Access to your AWS account with permissions to create roles and policies.

Option 1 - One click setup

We use AWS CloudFormation to onboard your AWS account. This option is the easiest and most secure way to connect to your AWS account.

Step 1 - Connect to AWS CloudFormation

You will be redirected to AWS CloudFormation to create a new stack, all the default parameters are already filled in. Click Create stack to proceed.

Step 2 - Fill out the access details

In the final step of the account On-Boarding, enter the details below:

  • Nickname: A display name for the AWS account for easy identification in settings.
  • Account Number: The AWS account number to be added, available in the AWS console under Account.
  • Role Name: The name of the role if updated in the stack parameters.

Option 2 - Manual setup

You can create and review the policy and role manually. This option allows you to review the permissions that Milkstraw will be granted.

Step 1 - Create a new policy

Creating a policy in AWS defines the permissions that will be granted. This step involves specifying the actions that Milkstraw can perform on your behalf in your AWS account.

  1. In the AWS Management Console, go to IAM (Identity and Access Management).
  2. Click on Policies in the left-hand menu, then Create policy.
  3. In the Policy editor, switch to the JSON tab.
  4. Copy and paste the JSON policy content provided in the Milkstraw web app into the editor.
  5. Click Next, give the policy a name and a description. You might name it “MilkStrawPolicy”.
  6. Click Create policy to finalize.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "application-autoscaling:Describe*",
        "autoscaling:Describe*",
        "ce:Describe*",
        "ce:Get*",
        "ce:List*",
        "cloudwatch:GetMetricData",
        "ec2:Describe*",
        "ec2:AcceptReservedInstancesExchangeQuote",
        "ec2:CancelReservedInstancesListing",
        "ec2:CreateReservedInstancesListing",
        "ec2:DeleteQueuedReservedInstances",
        "ec2:ModifyReservedInstances",
        "ec2:PurchaseHostReservation",
        "ec2:PurchaseReservedInstancesOffering",
        "rds:Describe*",
        "rds:List*",
        "rds:PurchaseReservedDbInstancesOffering",
        "elasticache:List*",
        "elasticache:Describe*",
        "elasticache:PurchaseReservedCacheNodesOffering",
        "es:Describe*",
        "es:List*",
        "es:PurchaseReservedInstanceOffering",
        "organizations:InviteAccountToOrganization",
        "organizations:List*",
        "organizations:Describe*",
        "pricing:DescribeServices",
        "pricing:GetAttributeValues",
        "pricing:GetProducts",
        "savingsplans:Describe*",
        "savingsplans:List*",
        "servicequotas:Get*",
        "servicequotas:List*",
        "support:*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

Step 2 - Create a new role

Roles in AWS are a secure way to grant permissions to entities that you trust. In this case, creating a new role allows Milkstraw to access your AWS account securely, without sharing your access credentials.

  1. Proceed by clicking Next in the Milkstraw app.
  2. In the AWS console, select Roles from the left-hand menu, then Create role.
  3. Choose Custom trust policy as the type of trusted entity.
  4. Paste the JSON trust policy from the Milkstraw web app, which includes an auto-generated external ID, into the editor.
  5. Click Next, select the policy you previously created in Step 1.
  6. Name and describe the role, noting the role name, then click Create role.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::801486250081:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "08ead6e9-c39c-4a1c-ae45-a3fdab62c00c"
        }
      }
    }
  ]
}

Step 3 - Fill out the access details

In the final step of the account On-Boarding on the Milkstraw web app, enter the details from the previous steps:

  • Nickname: A display name for the AWS account for easy identification in settings.
  • Account Number: The AWS account number to be added, available in the AWS console under Account.
  • Role Name: The name of the role created in Step 2.

Step 4 - You’re all set

Milkstraw is now set up to securely connect to your AWS account. You can verify access or address any issues within the Settings tab.

You have multiple AWS accounts?

You can add another AWS account to your Milkstraw profile, go to Settings, and select Add Account, you will start the same journey and follow the same steps as above.

Was this page helpful?

IntroductionSavings