Read-only access
We need read-only-access to the account we are looking to onboard in order to review its compatibility.
The way we get read-only access to accounts before onboarding is by having the customer run a CloudFormation Template on their account. Once the template is implemented, we can review the account.
How-to
- Make absolutely sure you are logged in to the correct account in your browser session.
- You can verify this by having a look at the AWS-ID you are logged into.
- Paste this link in your browser.
- Check the box at the bottom of the screen.
- Create stack
CloudFormation Template
Here is the full yaml-code:
AWSTemplateFormatVersion: '2010-09-09'
Description: Crayon Review
Resources:
CrayonReview:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
AWS: 792898824643
Action: sts:AssumeRole
RoleName: "CrayonReview"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"
- "arn:aws:iam::aws:policy/AWSOrganizationsReadOnlyAccess"
Policies:
- PolicyName: CrayonReviewAccess
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- aws-portal:View*
- s3:ListAllMyBuckets
- ce:Describe*
- ce:Get*
- ce:List*
- cur:Describe*
- savingsplans:Describe*
- savingsplans:List*
- budgets:Describe*
- budgets:View*
Resource: '*'