This installation method leverages a CloudFormation script which can be viewed here. You can also view a list of permissions granted by the IAM role.

After you make a new AWS integration in CloudWisdom, the script populates a read-only IAM role in your AWS account and links it using the integration’s Account ID and External ID. Once created, it may take a few minutes for the status to be updated.

Create an AWS Integration in CloudWisdom

  1. Open CloudWisdom and navigate to Integrations > AWS.
  2. Create a new AWS integration. Ensure that the below tabled properties are set according to your needs.
AWS Toggle Description
CostExplorer Captures billing data. This should only be enabled on 1 AWS account, the master billing data account.
CloudWatch Enable the CloudWatch toggle to monitor performance data. This can be done on multiple accounts.

Enable CloudWatch 3. For AWS Authentication, select IAM Role.
IAM Role 4. Click the CloudFormation script link under Configure AWS Permissions. This opens a new tab in AWS.
5. Check I acknowledge that AWS CloudFormation might create IAM resources.
6. Click Create Role.
I acknowledge 7. It may take a few minutes to create the role. When ready, the status turns green. Read Only Status Complete

Add Role ARN to the New AWS Integration

  1. In the AWS console, navigate to Services > IAM > Roles.
  2. Find the role created in the previous section using the search bar.
    Create Role
  3. Expand Outputs and copy the Role ARN.
    • Do not copy the Stack ID. The Role ARN looks like: arn:aws:iam::<account-number>:role/Metricly-Role-Name>
  4. Return to the CloudWisdom.
  5. Input the Role ARN into IAM Role ARN.
    IAM Role ARN
  6. Click Save.