Help
Back to home
Português
Português
  • Visão geral
    • Nossas Features
    • Catálogo de descontos AWS
    • Money back guarantee
  • Como Começar
    • Etapas
      • Step 1 - Estimate Savings Preview
      • Step 2 - Authorize Dotted
      • Step 3 - Know your Business
      • Team Invitation
      • Additional AWS accounts
      • Post onboarding
    • Múltiplas contas
      • via 'Join Account(s)'
      • Leave an AWS Organization
      • via 'Join With A Pre-Existing Org(s)'
  • Plataforma e Serviços
    • Nossa plataforma
      • Menu de Navegação
      • Relatórios
        • Estimativas
        • Resultados
        • Cobranças
      • Configurações
        • Organizações
        • Contas
        • Usuários
      • Suporte
        • ChatDot AI
        • Suporte
    • Financeiro
    • Notas de Versão
  • Ajuda e Suporte
    • Dúvidas Gerais
    • Canais de Suporte
    • Acessos e Segurança
      • Cross Account Role
      • Role Deployment
      • Other Housekeeping
      • Access Management
  • Entendendo a AWS
    • Compromissos
    • Reservas de Instâncias (RIs)
    • Savings Plans
Fornecido por GitBook
Nesta página

Isto foi útil?

  1. Ajuda e Suporte
  2. Acessos e Segurança

Cross Account Role

AnteriorAcessos e SegurançaPróximoRole Deployment

Atualizado há 10 meses

Isto foi útil?

Dotted accesses your AWS account via a cross-account role. In line with AWS IAM policy best practices, Dotted requests only the . This means we limit the actions we can take and the resources to which those actions can be applied.

We further enhance security by using read-only permissions: .

Read-only role -

This role is used during the initial . It requires read-only permissions to access up to one year of historical billing data (via Cost Explorer) and your AWS infrastructure metadata (such as the Redshift cluster you are using and whether it is already covered by reserved instances). After ingesting this data, Dotted's billing engine calculates optimal savings. Once a user is fully onboarded, the read-only role is used again to display cost and savings on the Dotted dashboard, helping users monitor their current spending and the savings achieved by Dotted.

[
  {
    "PolicyName": "DottedBillingReadOnly",
    "PolicyDocument": {
      "Statement": [
        {
          "Action": [
            "budgets:Describe*",
            "budgets:View*",
            "ce:Get*",
            "ce:Describe*",
            "ce:List*",
            "cur:Describe*",
            "cur:Get*",
            "cur:Validate*",
            "pricing:DescribeServices"
            "pricing:GetAttributeValues",
            "pricing:GetProducts",
            "organizations:Describe*",
            "organizations:List*",
            "savingsplans:Describe*",
            "rds:Describe*",
            "rds:List*",
            "elasticache:List*",
            "elasticache:Describe*",
            "redshift:Describe*",
            "es:Describe*",
            "es:List*",
            "billing:Get*",
            "payments:List*",
            "payments:Get*",
            "tax:List*",
            "tax:Get*",
            "consolidatedbilling:Get*",
            "consolidatedbilling:List*",
            "account:GetContactInformation",
            "invoicing:List*",
            "invoicing:Get*",
            "freetier:Get*",
            "ec2:Describe*",
            "lambda:List*",
            "lambda:Get*",
            "ecs:Describe*"
          ],
          "Resource": "*",
          "Effect": "Allow"
        }
      ]
    }
  }
]

Please contact our support team for more information. .

least-privilege permissions
onboarding step (Step 1)
support@usedotted.com