Links

AWS Integration

Connecting Amazon Web Services (AWS) to Granulate is simple and secure, accomplished by setting up a new IAM role with Read-Only permissions according to AWS best practices. Integration helps AWS customers take advantage of Granulate more effectively.

Why Connect an AWS Account to Granulate?

By connecting your AWS account to Granulate, you can effortlessly identify cost reduction and performance optimization opportunities, and:
  1. 1.
    Maximize cost reduction by matching performance improvements with your auto-scaling policies.
  2. 2.
    Find new opportunities within your AWS environment: Generating optimization recommendations by flagging workloads with high potential.
  3. 3.
    Collect more accurate metrics about your environment: With greater visibility on the back of CloudWatch metrics your optimizations will reach maximization.

The Setup Process

Setting up an AWS integration for Granulate can be done after the verification and activation stages during the signup process, or at any time by clicking on Integrations after logging into gCenter.
  1. 1.
    Click on Connect under AWS.
2. In the popup, continue by logging into your AWS account. Click Login and sign into the account you want to integrate with.
3. Click Install to jump to the CloudFormation download page.
  • Install the Granulate CloudFormation stack on us-east-1.
  • Check the acknowledgment box at the bottom.
  • Click on Create stack.
4. After the CloudFormation stack is installed, click on it and find the Outputs tab.
Untitled
5. Copy the ARN of GranulateRole (under Value) and paste it into the Installed Role ARN field.
6. Click on Save and wait for Granulate to verify the connection.
Untitled
7. Once your AWS account is connected to Granulate you will see a ‘Connected’ status in the Integrations tab under AWS.
Untitled

Required Permissions

The IAM role within AWS grants Read-Only permissions to enable visibility, with no ability to write, edit, remove or make any changes on the infrastructure.

Security

To avoid the confused deputy problem and other privilege escalation vulnerabilities we are using an external id in accordance with AWS best practices.