Prerequisites
  • An active MilkStraw AI account
  • AWS account with permissions to create IAM roles and policies on Payer account
  • Access to the AWS Management Console
This connection is established securely using a read-only cross-account IAM role, which you deploy in your AWS environment via CloudFormation.

Connecting a single AWS account

1

Initiate connection

In the Milkstraw AI dashboard, start the connection process. Enter your company name and AWS Payer Account ID.
2

Deploy CloudFormation

We’ll generate a CloudFormation template for you. Launch it in your AWS Console to deploy a read-only cross-account IAM role with a unique external ID.
3

Execute CloudFormation stack

In the AWS CloudFormation console, acknowledge the required capabilities, and execute the stack. This action creates a secure cross-account IAM role in your account with a unique external ID and the necessary read-only permissions for monitoring.
4

Verify access

Once the stack is CREATE_COMPLETE, return to MilkStraw AI and click “Verify.” We’ll check access to the necessary AWS services.

Connecting an AWS organization

If you are using AWS Organizations with multiple linked accounts, you will need to onboard your entire organization after connecting your Payer Account.
1

Connect payer account

Complete the steps above for your Payer Account.
2

Launch organization StackSet

When prompted, deploy the StackSet wrapper template in AWS CloudFormation.
3

Deploy AWS CloudFormation

The pre-filled StackSet wrapper template be automatically deployed to every child account in your organization
4

Verify organization access

Once all stacks are CREATE_COMPLETE, return to MilkStraw AI and click “Verify” to confirm access for your entire organization.
Once access across all accounts is verified, your AWS Organization is successfully connected to MilkStraw AI. What happens next?
  • MilkStraw AI securely monitors your usage using read-only permissions.
  • We analyze your usage patterns and identify opportunities.