Skip to main content

Connect AWS account

Before you begin

  • This page applies only if DoiT is NOT your cloud reseller.

  • You'll be charged 2% of the monthly spend on these accounts.

  • You can choose to be billed either via direct invoice from DoiT or via AWS Marketplace subscription. For the latter, you need to Subscribe through AWS Marketplace.

See Connect cloud account for more information.

Required permission

You need the AdministratorAccess role on the AWS account that you want to connect.

Connect AWS account

To connect your AWS account:

  1. Sign in to the DoiT console.

  2. Launch the connection wizard:

    • If you just start working with DoiT, select Amazon Web Services as the cloud provider on the welcome page to open the wizard.

    • If you have already connected one or more cloud accounts with DoiT, you can choose either approach from below:

      • Navigate to the Home page, scroll down to the Connect your cloud section, and then choose Connect your AWS account.

      • Navigate to the Assets page, select Amazon Web Services from the left-hand menu, and then select Connect new account.

  3. Enter the AWS account ID that you want to connect. It should be of the AWS management account of your organization.

Create a legacy CUR export

To feed the DoiT console with AWS billing data, you need to create an AWS Cost and Usage Report (CUR):

  1. Sign in to the AWS Billing and Cost Management console.

  2. Create a legacy CUR export with the following settings:

    • Export type: Legacy CUR export
    • Additional content: Include resource IDs, Split cost allocation data
    • Report data time granularity: Hourly
    • Compression type: GZIP (csv) or Parquet
  3. In the DoiT console, enter the name of your S3 bucket where you have created the CUR. DoiT reads CUR files exclusively from the specified bucket and automatically discovers new CUR files in it.

Grant permissions to DoiT console

DoiT provides an AWS CloudFormation template with an IAM JSON policy that grants necessary permissions to the DoiT console so that it can analyze your billing data.

  1. In the DoiT console, select Open AWS CloudFormation Console.

  2. In the AWS CloudFormation console, create a stack using the DoiT template (you can also download the template from the template URL).

    The template includes a managed policy (entity type: AWS::IAM::ManagedPolicy) with the following statements

    • Organizations: Allows DoiT to use the AWS Organizations service to get metadata about your AWS organization and accounts.
    • HealthKnownIssues: Allows DoiT to use AWS Health for issue management with your AWS Organization.
    • Finops
    • BillingBucket: Allows the DoiT billing pipeline to access S3 buckets.
    • BillingObject: Allows the DoiT billing pipeline to retrieve CUR files from S3 buckets.
    • Onboarding: Verifies the permissions are set correctly.
  3. Select Next to continue.

Confirm the Cost and Usage Report

Once the AWS account has been successfully connected, CUR files in the S3 bucket are validated:

  • Valid CURs are listed on the page. Currently, only one CUR is supported.

  • If none of the CURs is valid, the DoiT console displays why they are invalid so you can make corrections.

You can always select Refresh to validate CURs in the S3 bucket.

Subscribe through AWS Marketplace

This step applies if you prefer to be billed through the AWS Marketplace subscription. See Subscribe through AWS Marketplace for details.

AWS offboarding

If you decide not to continue with us, you need to revoke DoiT's access to your AWS billing data and delete the relevant resources, including:

  • CloudFormation Stack that grants permissions to DoiT

  • (Optional) Cost and Usage Report (CUR) created for DoiT and the S3 bucket that stores the CUR files

See the interactive demo below for how to delete the relevant resources from the AWS Management Console.

Interactive demo

Try out our interactive demo for a hands-on walk-through experience.

Onboarding

If the demo doesn't display properly, try expanding your browser window or opening the demo in a new tab.

Offboarding

The interactive demo below shows how to delete the relevant resources from the AWS Management Console.

If the demo doesn't display properly, try expanding your browser window or opening the demo in a new tab.

What's next

After you successfully connected your account, we start importing your billing data and notify you when the data is available for Cloud Analytics and other DoiT features.