Cross Account Role

Dotted accesses your AWS account via a cross-account role. In line with AWS IAM policy best practices, Dotted requests only the . This means we limit the actions we can take and the resources to which those actions can be applied.

We further enhance security by using read-only permissions: .

Read-only role -

This role is used during the initial . It requires read-only permissions to access up to one year of historical billing data (via Cost Explorer) and your AWS infrastructure metadata (such as the Redshift cluster you are using and whether it is already covered by reserved instances). After ingesting this data, Dotted's billing engine calculates optimal savings. Once a user is fully onboarded, the read-only role is used again to display cost and savings on the Dotted dashboard, helping users monitor their current spending and the savings achieved by Dotted.

[
  {
    "PolicyName": "DottedBillingReadOnly",
    "PolicyDocument": {
      "Statement": [
        {
          "Action": [
            "budgets:Describe*",
            "budgets:View*",
            "ce:Get*",
            "ce:Describe*",
            "ce:List*",
            "cur:Describe*",
            "cur:Get*",
            "cur:Validate*",
            "pricing:DescribeServices"
            "pricing:GetAttributeValues",
            "pricing:GetProducts",
            "organizations:Describe*",
            "organizations:List*",
            "savingsplans:Describe*",
            "rds:Describe*",
            "rds:List*",
            "elasticache:List*",
            "elasticache:Describe*",
            "redshift:Describe*",
            "es:Describe*",
            "es:List*",
            "billing:Get*",
            "payments:List*",
            "payments:Get*",
            "tax:List*",
            "tax:Get*",
            "consolidatedbilling:Get*",
            "consolidatedbilling:List*",
            "account:GetContactInformation",
            "invoicing:List*",
            "invoicing:Get*",
            "freetier:Get*",
            "ec2:Describe*",
            "lambda:List*",
            "lambda:Get*",
            "ecs:Describe*"
          ],
          "Resource": "*",
          "Effect": "Allow"
        }
      ]
    }
  }
]

AnteriorAcessos e Segurança PróximoRole Deployment

Atualizado há 10 meses

Isto foi útil?

[ { "PolicyName": "DottedBillingReadOnly", "PolicyDocument": { "Statement": [ { "Action": [ "budgets:Describe*", "budgets:View*", "ce:Get*", "ce:Describe*", "ce:List*", "cur:Describe*", "cur:Get*", "cur:Validate*", "pricing:DescribeServices" "pricing:GetAttributeValues", "pricing:GetProducts", "organizations:Describe*", "organizations:List*", "savingsplans:Describe*", "rds:Describe*", "rds:List*", "elasticache:List*", "elasticache:Describe*", "redshift:Describe*", "es:Describe*", "es:List*", "billing:Get*", "payments:List*", "payments:Get*", "tax:List*", "tax:Get*", "consolidatedbilling:Get*", "consolidatedbilling:List*", "account:GetContactInformation", "invoicing:List*", "invoicing:Get*", "freetier:Get*", "ec2:Describe*", "lambda:List*", "lambda:Get*", "ecs:Describe*" ], "Resource": "*", "Effect": "Allow" } ] } } ]