Guides
Getting Started
Important Concepts
Implementation overview
AWS Budget Vs CloudThrottle Budget
Acronyms
FAQ
Categories
AWS Integration
CloudThrottle Integration - Prerequisites
CloudThrottle Actions and Permissions Requirements
CloudThrottle Integrating: A Step-by-Step Guide
General Setup
Global Settings
Cloud Cost Modeler
Cloud cost Modeler
Cloud Cost Modeler's Default Reports
Knowledge Center
AWS Integration
CloudThrottle Actions and Permissions Requirements

CloudThrottle Actions and Permissions Requirements

This article outlines the CloudThrottle Actions and Permissions Requirements for integrating CloudThrottle with a tenant’s cloud infrastructure. It details permissions for limited cross-account access, budget tracking, resource management, and CloudFormation StackSet deployment across designated accounts, ensuring secure and efficient integration without the need for full administrative access.

CloudThrottle Actions and Permissions Requirements:

No Admin Access is required. Instead, it operates with limited, task-specific permissions necessary for integration and resource management, ensuring secure and controlled access within the tenant’s cloud environment.

CloudThrottle Actions and Permissions Requirements

Action Purpose Permissions Required
Account Creation and Organization Management Allows CloudThrottle to create and manage new accounts within the organization.
  • organizations:ListAccounts - to list existing accounts
  • organizations:DescribeOrganization - to gather organization details
  • organizations:ListOrganizationalUnitsForParent - to list OUs within the organization
Budget Management and Cost Tracking Allows CloudThrottle to access budget details and track cost usage, limited to the Jump Account and its associated sub-organizational units, including any child accounts within these units.
  • ce:GetCostAndUsage - access AWS Cost Explorer to monitor budget usage
  • budgets:ViewBudget - to view budget details
  • budgets:ModifyBudget - to make changes to budget allocations
Deploying CloudFormation StackSet Allows CloudFormation templates to be applied across multiple child accounts.
  • cloudformation:CreateStackSet - to create StackSets
  • cloudformation:UpdateStackSet - to update StackSets
  • cloudformation:DeleteStackSet - to delete StackSets when no longer needed
  • cloudformation:CreateStackInstances - for creating stack instances in child accounts
  • cloudformation:DeleteStackInstances - for removing stack instances
Permission Management for Child Accounts Assigns necessary roles to child accounts for CloudThrottle to access and manage resources.
  • iam:CreateRole - to create roles in child accounts
  • iam:PutRolePolicy - to attach specific permissions policies
  • iam:DeleteRole - to remove roles when they are no longer needed
In this category

Cloud cost Modeler

Overview of CloudThrottle's Cloud Cost Modeler Framework

Read article
In this category

Cloud Cost Modeler's Default Reports

Standard Reports templates provided along with Cloud Cost Modeler implementation

Read article
Looking for assistance with this template or custom Webflow development? Kickstart Studio has you covered.
Visit website
Guides
AWS Budget Vs CloudThrottle Budget
Implementation overview
Important Concepts
FAQ
Acronyms
Getting Started
Categories
AWS Integration
General Setup
Cloud Cost Modeler
© 2023 CloudThrottle