Connecting Your AWS Account
At CloudYali, we take your security seriously, and we strive to provide a secure connection to your AWS accounts. To achieve this, we use a mechanism called Cross Account IAM Role to interact with services in your AWS account. This method is recommended by AWS as the preferred way of doing any cross-account interactions on AWS, and numerous internal AWS services and systems also use this approach.
What this means for you is that CloudYali will never require your access credentials, account logins, or passwords. This approach ensures that your AWS account remains secure, and you have complete control over who can access your AWS resources. By using Cross Account IAM Role, CloudYali can interact with your AWS resources without the need for any additional credentials, ensuring that your AWS account remains secure and protected.
You can view the Cloudformation template here. Note that the browser may prompt you to download the file when you click on the link.
You can add AWS Account(s) by:
- Click on the user name in upper right corner of the console. A drop down menu will appear, Click on the
AWS Accounts
. - Click on
Add AWS Accounts
in the CloudYali console. This would launch a wizard, as seen below:
Fill in the details such as your AWS Account ID which you wish to onboard and a name for this account. Please make sure that you have permissions to create IAM role in this account. Account name should not contain any special characters such as space, underscore etc
Copy the generated link, and now login into the AWS console, for provided AWS Account ID. This a crucial step.
Once you log in AWS console,paste the copied link into another browser tab, this would launch a CloudFormation stack creation. Please make sure to create a new browser tab in the same browser window as your AWS console.
Verify all the details, but do not modify anything on the Cloudformation stack launch page.
Launch the CloudFormation stack creation and come back to the CloudYali console.
Now CloudYali will attempt to detect the read-only IAM role creation status, and notify you the status.
On succcess, CloudYali would launch a discovery process, you may now click on
Inventory
tab in CloudYali console to view your discovered assests. The cloud discovery time is dependent on the size of your AWS account.
Please note that once you have launched the Cloudformation stack, it may take upto 10 minutes for the AWS Account to show up in the AWS Accounts
list. This process needs to be repeated for each AWS account you wish to onboard. There is NO maximum limit on number of accounts that you may onboard.
CloudYali will NEVER request WRITE permissions to your AWS account.
Viewing/Removing Your AWS Accounts
You may view all your AWS accounts under user profile in the upper right corner.
To remove AWS account, select the AWS account from the list and click on Remove
button. This would immediately remove your account. Once an account is removed, CloudYali no longer attempts to sync with your cloud. The data for this account will no longer available in the console.