MilkStraw AI home pagelight logodark logo
  • Support
  • See savings
  • See savings
  • Documentation
  • Community
  • Blog
  • Getting started
    • Welcome
    • Quickstart
    • How to Connect Your AWS Account
    • Billing
    • AWS Seller Registration
    How it works
    • How do we identify savings?
    • Supported AWS Services
    • Security
    Resources
    • FAQ
    • Examples
    Resources

    FAQ

    How does MilkStraw AI connect to my AWS environment?

    MilkStraw AI connects using a secure, read-only cross-account IAM role that you deploy in your AWS management account or across your organization via CloudFormation. The role includes a unique external ID for verification.

    What AWS permissions does the MilkStraw AI role have?

    The role has read-only permissions to monitor usage and savings coverage across various AWS services. It cannot modify any of your resources or infrastructure.

    Does MilkStraw AI take over my AWS billing?

    No, you continue to pay AWS directly for your cloud usage as normal. The MilkStraw AI service fee is separate and based on the savings achieved.

    How are MilkBoxes added to or removed from my AWS Organization?

    MilkStraw AI adds when we find savings opportunities and removes them when they’re underutilized.

    Does MilkStraw AI access my workloads or data?

    No, MilkStraw AI operates with a zero-access architecture to your workloads, VPCs, or data. The connection is for billing and usage monitoring only, using a read-only role.

    What happens to a milkbox account after it leaves my organization?

    When a milkbox is removed, it undergoes a “factory reset” where all residual configuration and metadata are deleted before the account can be potentially reused for another customer. This ensures data isolation.

    How often is my AWS usage monitored?

    Your AWS usage and cost data are monitored hourly by MilkStraw AI.

    What AWS services are covered by the Fluid savings provided via MilkBoxes?

    You can check the covered services page for the full list.

    What is the difference in connecting a single AWS account versus an AWS Organization?

    For a single account, the read-only role is deployed directly via a CloudFormation stack. For an AWS Organization, a CloudFormation StackSet wrapper is used to deploy the same read-only role to all member accounts in the organization via StackSets.

    What if I already have existing Savings Plans or Reserved Instances?

    Our fee is calculated only from the incremental savings delivered by the we provide, separate from your existing commitments.

    Was this page helpful?

    SecurityExamples
    twitterinstagramlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.