To deliver savings, we analyse your AWS usage and apply commitment-based discounts on your behalf. This is done through a cross-account IAM role that you create in your management / payer account with our CloudFormation template. The role follows the principle of least privilege,we only receive the access strictly necessary to:
Read cost and usage data.
Detect optimisation opportunities.
Manage the lifecycle of our .
Below is a breakdown of the permissions granted to that role.
You can always inspect the exact IAM policy generated by our CloudFormation stack:View the JSON policy ↗Feel free to reach out if you have any questions about security or least-privilege access.
Was this page helpful?
Assistant
Responses are generated using AI and may contain mistakes.