Onboarding Cloud Accounts

To get started with CloudYali, you need to connect your cloud accounts. Currently, CloudYali supports Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure, making it easier for you to manage cloud costs across multiple providers. This guide will walk you through the onboarding process for all supported cloud providers.

Overview

Onboarding your cloud accounts with CloudYali allows you to:

Gain insights into your cloud spending across AWS, GCP, and Azure.
Track costs, optimize resource usage, and get recommendations in a unified dashboard.
Set alerts to monitor spending and prevent budget overruns.
Receive automatic cost anomaly detection across all cloud providers.

This guide will help you onboard AWS, GCP, and Azure accounts, ensuring you make the most out of CloudYali's features.

Onboarding AWS Accounts

To start managing your AWS cloud costs, you need to onboard your AWS account to CloudYali. Here's what the process involves:

Step 1: Create an IAM Role for CloudYali

Log in to the AWS Management Console using an account with administrative permissions.
Navigate to the IAM Console.
Create a new IAM Role with the following configurations:
- Role Type: Choose Another AWS Account.
- Account ID: Enter CloudYali's AWS Account ID (provided during the onboarding process).
Attach Policies:
- Add the Read-OnlyAccess and CostExplorerFullAccess policies to provide CloudYali with the necessary permissions.

Step 2: Establish Trust Relationship

Edit the trust relationship of the IAM Role to grant CloudYali access.
Use the policy provided in our AWS Permissions Guide.

Step 3: Save Role ARN in CloudYali

Copy the IAM Role ARN and paste it into the AWS onboarding form within the CloudYali platform.

For more detailed instructions, refer to our Step-by-Step AWS Onboarding Guide.

Onboarding GCP Organizations

If you use Google Cloud Platform (GCP), onboarding your account to CloudYali provides valuable insights into your spending and helps you optimize your cloud usage.

Step 1: Set Up a Service Account

Log in to the Google Cloud Console.
Create a New Project if you don't have one specifically for cost management.
Navigate to IAM & Admin > Service Accounts.
Create a new Service Account and assign the following roles:
- Viewer
- Billing Account Viewer

Step 2: Enable APIs

Enable the following APIs for the project:
- Cloud Billing API
- Cloud Resource Manager API

For more detailed steps, refer to our Step-by-Step GCP Onboarding Guide.

Step 3: Generate a Key for the Service Account

Generate a JSON key for the service account and upload it securely to the CloudYali platform during the onboarding process.

Onboarding Microsoft Azure Accounts

If you use Microsoft Azure, onboarding your accounts to CloudYali provides valuable insights into your spending, helps you optimize cloud usage, and enables automatic cost anomaly detection.

Supported Account Types

Pay-as-You-Go (PAYG): Best for startups and small teams
Microsoft Customer Agreement (MCA): Suitable for growing businesses
Enterprise Agreement (EA): For large enterprises

Step 1: Create a Service Principal

Log in to the Azure Portal
Navigate to Azure Active Directory → App registrations
Create a New Service Principal with the name CloudYali-Billing
Assign appropriate roles based on your account type:
- PAYG: Cost Management Reader on your subscription
- MCA: Billing Account Reader on your billing account
- EA: Cost Management Reader or Enrollment Reader on your management group/enrollment

For detailed instructions, refer to our Creating an Azure Service Principal Guide.

Step 2: Configure Cost Management Exports

Create an Azure Storage Account to store cost export files
Set up a daily Cost Management Export to the storage account
Grant your Service Principal the Storage Blob Data Reader role

For detailed steps, refer to our Azure Cost Management Setup Guide.

Step 3: Connect to CloudYali

Log in to CloudYali
Navigate to Settings → Cloud Accounts
Add Azure Account and enter:
- Service Principal credentials (Client ID, Tenant ID, Client Secret)
- Storage account details (Account Name, Container Name, Export Name)
- Subscription ID

For the complete step-by-step guide, refer to our Step-by-Step Azure Onboarding Guide.

Security and Permissions

At CloudYali, we prioritize security and follow best practices to ensure your data remains safe:

Minimal Permissions: We require only the permissions necessary to provide cost analysis and insights.
Data Encryption: All data exchanged between CloudYali and your cloud accounts is encrypted in transit and at rest.
Compliance: CloudYali adheres to industry standards like GDPR and SOC 2 to maintain data security and privacy.

Learn more about the required permissions in our Understanding Permissions and Security documentation.

Troubleshooting Onboarding Issues

AWS Onboarding Issues

Error: Missing Permissions Solution: Ensure that the IAM Role has both Read-OnlyAccess and CostExplorerFullAccess policies attached.
Error: Cost Explorer Not Enabled Solution: Enable AWS Cost Explorer in your AWS Console to allow CloudYali to access cost data.

GCP Onboarding Issues

Error: API Access Denied Solution: Make sure you've enabled the required APIs. For the complete list of required GCP APIs, visit our GCP Permissions Guide for detailed help.
Error: Service Account Key Not Working Solution: Verify that the JSON key has not expired or been deleted. You may need to regenerate the key.

Azure Onboarding Issues

Error: Authentication Failed Solution: Verify Client ID, Tenant ID, and Client Secret are correct. Confirm the Service Principal exists in Azure AD and has the appropriate role assigned. Wait 5-10 minutes for role propagation if recently assigned.
Error: Cannot Access Storage Solution: Ensure Service Principal has Storage Blob Data Reader role on the storage account. Verify storage account name and container name match exactly. Check that exports are being generated in Cost Management.
Error: No Cost Data Available Solution: Wait 24 hours for initial data sync. Verify that Cost Management export is configured and running. Check that the export is set to daily schedule. For MCA/EA accounts, ensure the appropriate prerequisites are met (Azure charges setting or AO view charges enabled).

For detailed troubleshooting, refer to our Azure Permissions Reference.

Best Practices for Onboarding

Plan Permissions Ahead: Make sure you have appropriate permissions (admin or billing admin) in AWS, GCP, or Azure.
Use Dedicated Accounts/Principals: For security reasons, create dedicated roles (AWS), service accounts (GCP), or service principals (Azure) specifically for CloudYali integration.
Keep Credentials Secure:
- Regularly rotate keys and restrict access to JSON keys (GCP)
- Regenerate client secrets every 6-12 months (Azure)
- Restrict access to IAM Role ARNs (AWS)
Verify Permissions: Periodically audit role assignments to ensure CloudYali has only the required permissions.
Monitor Access: Enable and review Azure audit logs and AWS CloudTrail to track credential usage.

Next Steps After Onboarding

Once your accounts are onboarded, you can:

Access the Unified Dashboard: View your cloud spend across AWS and GCP. For more information on customizing your view, refer to the in-app help or documentation.
Set Budget Alerts: Avoid surprises by setting spending alerts. Follow our Setting Up Budget Alerts guide.
Receive Cost Optimization Insights: Start receiving actionable recommendations for optimizing your cloud costs.

Frequently Asked Questions

How Long Does It Take to Onboard an Account?

AWS: 10-15 minutes depending on permissions setup
GCP: 15-20 minutes to enable APIs and set up service account
Azure: 15-20 minutes to create Service Principal and configure exports

Data will begin syncing once the onboarding is complete.

Can I Onboard Multiple Accounts?

AWS: Yes! CloudYali supports multi-account setups. Follow the AWS Onboarding Guide for each account.
GCP: Yes! You can onboard multiple GCP projects. Follow the GCP Onboarding Guide for each project.
Azure: Yes! You can onboard multiple Azure subscriptions, MCA billing accounts, or EA enrollments. Follow the Azure Onboarding Guide for each account.

When Will My Cost Data Be Available?

AWS: Data typically available within 1-2 hours
GCP: Data typically available within 4-24 hours
Azure: Data typically available within 24 hours

What Happens to My Credentials?

All credentials are encrypted and stored securely:
- AWS: IAM Role ARNs are stored in CloudYali database
- GCP: JSON keys are encrypted and stored in secure storage
- Azure: Service Principal credentials are encrypted with AES-256 and stored in AWS Secrets Manager
- None of your secrets, passwords, or keys are stored in plaintext

Need Help?

If you encounter any issues or need more assistance:

Consult Our Documentation
Contact our support team at support@cloudyali.io for assistance.
Email Support
Reach us at support@cloudyali.io.

Overview​

Onboarding AWS Accounts​

Step 1: Create an IAM Role for CloudYali​

Step 2: Establish Trust Relationship​

Step 3: Save Role ARN in CloudYali​

Onboarding GCP Organizations​

Step 1: Set Up a Service Account​

Step 2: Enable APIs​

Step 3: Generate a Key for the Service Account​

Onboarding Microsoft Azure Accounts​

Supported Account Types​

Step 1: Create a Service Principal​

Step 2: Configure Cost Management Exports​

Step 3: Connect to CloudYali​

Security and Permissions​

Troubleshooting Onboarding Issues​

AWS Onboarding Issues​

GCP Onboarding Issues​

Azure Onboarding Issues​

Best Practices for Onboarding​

Next Steps After Onboarding​

Frequently Asked Questions​

How Long Does It Take to Onboard an Account?​

Can I Onboard Multiple Accounts?​

When Will My Cost Data Be Available?​

What Happens to My Credentials?​

Need Help?​