AWS account connection

​

Step 1 - Create a New Policy

Creating a policy in AWS defines the permissions that will be granted. This step involves specifying the actions that Milkstraw can perform on your behalf in your AWS account.

1. In the AWS Management Console, go to IAM (Identity and Access Management).
2. Click on Policies in the left-hand menu, then Create policy.
3. In the Policy editor, switch to the JSON tab.
4. Copy and paste the JSON policy content provided in the Milkstraw web app into the editor.
5. Click Next, give the policy a name and a description. You might name it “MilkStrawPolicy”.
6. Click Create policy to finalize.

  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "application-autoscaling:Describe*",
        "autoscaling:Describe*",
        "ce:Describe*",
        "ce:Get*",
        "ce:List*",
        "cloudwatch:GetMetricData",
        "ec2:Describe*",
        "ec2:AcceptReservedInstancesExchangeQuote",
        "ec2:CancelReservedInstancesListing",
        "ec2:CreateReservedInstancesListing",
        "ec2:DeleteQueuedReservedInstances",
        "ec2:ModifyReservedInstances",
        "ec2:PurchaseHostReservation",
        "ec2:PurchaseReservedInstancesOffering",
        "rds:Describe*",
        "rds:List*",
        "rds:PurchaseReservedDbInstancesOffering",
        "elasticache:List*",
        "elasticache:Describe*",
        "elasticache:PurchaseReservedCacheNodesOffering",
        "es:Describe*",
        "es:List*",
        "es:PurchaseReservedInstanceOffering",
        "organizations:InviteAccountToOrganization",
        "organizations:List*",
        "organizations:Describe*",
        "pricing:DescribeServices",
        "pricing:GetAttributeValues",
        "pricing:GetProducts",
        "savingsplans:Describe*",
        "savingsplans:List*",
        "servicequotas:Get*",
        "servicequotas:List*",
        "support:*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

​

Step 2 - Create a New Role

Roles in AWS are a secure way to grant permissions to entities that you trust. In this case, creating a new role allows Milkstraw to access your AWS account securely, without sharing your access credentials.

1. Proceed by clicking Next in the Milkstraw app.
2. In the AWS console, select Roles from the left-hand menu, then Create role.
3. Choose Custom trust policy as the type of trusted entity.
4. Paste the JSON trust policy from the Milkstraw web app, which includes an auto-generated external ID, into the editor.
5. Click Next, select the policy you previously created in Step 1.
6. Name and describe the role, noting the role name, then click Create role.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::801486250081:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "08ead6e9-c39c-4a1c-ae45-a3fdab62c00c"
        }
      }
    }
  ]
}

​

Step 3 - Fill Out the Access Details

In the final step of the account On-Boarding on the Milkstraw web app, enter the details from the previous steps:

• Nickname: A display name for the AWS account for easy identification in settings.
• Account Number: The AWS account number to be added, available in the AWS console under Account.
• Role Name: The name of the role created in Step 2.

​

Step 4 - You’re All Set

Milkstraw is now set up to securely connect to your AWS account. You can verify access or address any issues within the Settings tab.

​

You Have Multiple AWS Accounts?

You can add another AWS account to your Milkstraw profile, go to Settings, and select Add Account, you will start the same journey and follow the same steps as above.