Cross Account Role

AnteriorSecurity & Access PróximoIAM Role Breakdown

Atualizado há 1 ano

Isto foi útil?

Cross Account Role

Dotted accesses your AWS account via a cross-account role. In line with AWS IAM policy best practices, Dotted requests only the . This means we limit the actions we can take and the resources to which those actions can be applied.

We further enhance security by using read-only permissions: .

Read-only role

This role is used during the initial . It requires read-only permissions (see the IAM roles breakdown ) to access up to one year of historical billing data (via Cost Explorer) and your AWS infrastructure metadata (such as the Redshift cluster you are using and whether it is already covered by reserved instances). After ingesting this data, Dotted's billing engine calculates optimal savings. Once a user is fully onboarded, the read-only role is used again to display cost and savings on the Dotted dashboard, helping users monitor their current spending and the savings achieved by Dotted.

[
  {
    "PolicyName": "DottedBillingReadOnly",
    "PolicyDocument": {
      "Statement": [
        {
          "Action": [
            "budgets:Describe*",
            "budgets:View*",
            "ce:Get*",
            "ce:Describe*",
            "ce:List*",
            "cur:Describe*",
            "cur:Get*",
            "cur:Validate*",
            "pricing:DescribeServices"
            "pricing:GetAttributeValues",
            "pricing:GetProducts",
            "organizations:Describe*",
            "organizations:List*",
            "savingsplans:Describe*",
            "rds:Describe*",
            "rds:List*",
            "elasticache:List*",
            "elasticache:Describe*",
            "redshift:Describe*",
            "es:Describe*",
            "es:List*",
            "billing:Get*",
            "payments:List*",
            "payments:Get*",
            "tax:List*",
            "tax:Get*",
            "consolidatedbilling:Get*",
            "consolidatedbilling:List*",
            "account:GetContactInformation",
            "invoicing:List*",
            "invoicing:Get*",
            "freetier:Get*",
            "ec2:Describe*",
            "lambda:List*",
            "lambda:Get*",
            "ecs:Describe*"
          ],
          "Resource": "*",
          "Effect": "Allow"
        }
      ]
    }
  }
]

AnteriorSecurity & Access PróximoIAM Role Breakdown

Atualizado há 1 ano

Isto foi útil?

We further enhance security by using read-only permissions: .

Read-only role

[
  {
    "PolicyName": "DottedBillingReadOnly",
    "PolicyDocument": {
      "Statement": [
        {
          "Action": [
            "budgets:Describe*",
            "budgets:View*",
            "ce:Get*",
            "ce:Describe*",
            "ce:List*",
            "cur:Describe*",
            "cur:Get*",
            "cur:Validate*",
            "pricing:DescribeServices"
            "pricing:GetAttributeValues",
            "pricing:GetProducts",
            "organizations:Describe*",
            "organizations:List*",
            "savingsplans:Describe*",
            "rds:Describe*",
            "rds:List*",
            "elasticache:List*",
            "elasticache:Describe*",
            "redshift:Describe*",
            "es:Describe*",
            "es:List*",
            "billing:Get*",
            "payments:List*",
            "payments:Get*",
            "tax:List*",
            "tax:Get*",
            "consolidatedbilling:Get*",
            "consolidatedbilling:List*",
            "account:GetContactInformation",
            "invoicing:List*",
            "invoicing:Get*",
            "freetier:Get*",
            "ec2:Describe*",
            "lambda:List*",
            "lambda:Get*",
            "ecs:Describe*"
          ],
          "Resource": "*",
          "Effect": "Allow"
        }
      ]
    }
  }
]

Please contact our support team for more information. .