Skip to main content

Contextualized insights

You can grant Ava access to individual AWS accounts or GCP projects within your AWS or GCP organizations. This provides a secure way to generate contextualized and granular insights for specific accounts or projects, without exposing data from your entire organization. Ava can investigate issues and provide more tailored, precise, and relevant answers for your individual accounts and projects. For example, Ava can answer questions like, What is the CPU utilization of i-0123456789abcdef0 for the last 24 hours, List all resources that are not tagged with a Project tag, and Which services are contributing to my bill this quarter?

Note

When creating expert inquiries for specific accounts or projects, Ava is only able to retrieve information from accounts or projects for which you have granted Ava access and that are enabled. This direct access enables more efficient troubleshooting and resolution. Without this access, Ava will guide you through the process of manually retrieving the information.

Required permissions

When granting Ava access to your accounts or projects:

  • Your DoiT account must have the Manage settings permission.

  • The DoiT platform is granted read-only access to your AWS accounts or GCP projects.

Grant Ava access to AWS accounts

Follow the steps below to first enable your accounts with Ava, and then grant Ava access.

  1. Sign in to the DoiT console.

  2. Select the Ava icon (

    ) from the top navigation bar or bottom right-hand corner.

  3. Select the plus icon (+) and select AWS accounts.

    A list of the available AWS accounts in your organization is displayed. You can see the accounts that are already enabled and which are pending enablement.

    The AWS accounts that are available

  4. Select Grant Access next to an account to which you want to grant Ava access.

  5. Select I have read and agree to the terms above and then select Accept to agree to our terms and conditions.

  6. If a CloudFormation stack has not been applied, you'll be taken to the AWS console to create one from a template. The stack is required to enable DoiT Cloud Intelligence access to your AWS accounts. The stack only needs to be applied once. Consequently, you will not see this option if the CloudFormation stack was previously applied when connecting your AWS acccount or when integrating a new asset.

    After the stack is applied, the permissions are set on your AWS account, but Ava does not have access until you enable the account with Ava.

  7. Use the toggle buttons to enable the accounts.

  8. Check the boxes next to all the accounts to which you want to grant Ava access.

    Enable AWS account in Ava

  9. Select Update context.

    Ava will now answer your questions within the context of the AWS accounts. You can remove an account at anytime by repeating the same steps.

Grant Ava access to GCP projects

Follow the steps below to grant Ava access to your GCP projects.

  1. Sign in to the DoiT console.

  2. Select the Ava icon (

    ) from the top navigation bar or bottom right-hand corner.

  3. Select the plus icon (+) and select Google Cloud projects.

    A list of the available Google Cloud projects in your organization is displayed. Projects with access do not display the Grant Access button.

    The GCP projects that are available

    If any projects have a status of Partial, then the projects do not have the Ava read-only permission. While Ava can access some resources without this permission, we recommend granting this access to ensure more tailored, precise and relevant answers.

  4. Select Grant Access next to a project to which you want to grant Ava access.

    If any of the Google Cloud organizations or projects do not have the Ava read-only permission, Ava prompts you to add that permission.

  5. In gcloud organizations list, copy the provided code block.

  6. Select Open Google Cloud Shell.

  7. Paste the code and run the command. This retrieves a list of your Google Cloud organizations and their IDs.

  8. Go back to the DoiT console.

  9. In Update Custom Role:, copy the provided code block.

  10. Go back to Google Cloud Shell. Paste the code, replacing ORGANIZATION ID with the organization ID of the organization for which you are adding the required permissions and run the command.

  11. Go back to the DoiT console and select Done.

  12. Check the boxes next to all the projects to which you want to grant Ava access.

  13. Select Update context.

    Ava will now answer your questions within the context of the Google Cloud projects. You can remove a project at anytime by repeating the same steps.

Last updated on