AWS Account Onboarding

Connecting your AWS account to Yasu enables comprehensive cost monitoring, optimization recommendations, and automated insights across all your AWS services.

Prerequisites

Before connecting your AWS account, ensure you have:

• Administrative access to your AWS account
• AWS CLI configured (optional but recommended)
• Understanding of AWS IAM roles and policies

Connection Methods

Yasu supports secure AWS account connection through Cross-Account IAM roles, following AWS security best practices.

Cross-Account IAM Role Setup

This is the recommended and most secure method for connecting your AWS account to Yasu.

Step 1: Create IAM Role

1. Sign in to AWS Console as an administrator
2. Navigate to IAM > Roles > Create Role
3. Select "Another AWS account" as the trusted entity type
4. Enter Yasu's Account ID: 123456789012 (replace with actual Yasu AWS account ID)
5. Enable "Require external ID" and use the external ID provided in your Yasu dashboard

Step 2: Attach Required Permissions

Attach the following AWS managed policies to the role:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ce:GetCostAndUsage",
        "ce:GetDimensionValues",
        "ce:GetReservationCoverage",
        "ce:GetReservationPurchaseRecommendation",
        "ce:GetReservationUtilization",
        "ce:GetSavingsPlansUtilization",
        "ce:GetUsageReport",
        "ce:ListCostCategoryDefinitions",
        "cur:DescribeReportDefinitions",
        "organizations:DescribeOrganization",
        "organizations:ListAccounts",
        "ec2:DescribeInstances",
        "ec2:DescribeReservedInstances",
        "ec2:DescribeSnapshots",
        "ec2:DescribeVolumes",
        "rds:DescribeDBInstances",
        "rds:DescribeReservedDBInstances",
        "lambda:ListFunctions",
        "lambda:GetFunction",
        "s3:ListAllMyBuckets",
        "s3:GetBucketLocation",
        "cloudwatch:GetMetricStatistics",
        "support:DescribeTrustedAdvisorChecks",
        "support:DescribeTrustedAdvisorCheckResult"
      ],
      "Resource": "*"
    }
  ]
}

Step 3: Configure Trust Policy

Set up the trust policy to allow Yasu to assume the role:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::YASU-ACCOUNT-ID:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "YOUR-EXTERNAL-ID"
        }
      }
    }
  ]
}

Step 4: Note the Role ARN

Copy the Role ARN, which should look like:

arn:aws:iam::YOUR-ACCOUNT-ID:role/YasuCostOptimizationRole

Connecting in Yasu Dashboard

1. Navigate to Team Settings in your Yasu dashboard
2. Click "Connect AWS Account"
3. Enter the Role ARN you created
4. Provide the External ID (if required)
5. Test the connection - Yasu will verify it can assume the role
6. Complete setup - Data synchronization will begin automatically

Data Sync and Processing

Initial Sync

• Cost data: Historical data for the past 12 months
• Resource inventory: Current EC2, RDS, Lambda, and S3 resources
• Recommendations: Available within 24 hours

Ongoing Sync

• Cost data: Updated daily
• Resource changes: Monitored in real-time
• Recommendations: Refreshed weekly

Security and Compliance

Data Security

• All data transmission uses TLS 1.2+
• No sensitive application data is accessed
• Only billing and metadata is collected
• Data is encrypted at rest using AES-256

Compliance Features

• SOC 2 Type II compliant infrastructure
• GDPR and CCPA compliance
• Regular security audits
• Role-based access controls

Troubleshooting

Common Issues

Connection Failed

• Verify the Role ARN is correct
• Ensure the trust policy includes Yasu's account ID
• Check that the external ID matches exactly

Missing Data

• Verify Cost Explorer is enabled in your AWS account
• Ensure the role has the required permissions
• Check if AWS Organizations is blocking access

Incomplete Recommendations

• Verify Support API access (for Trusted Advisor)
• Ensure CloudWatch metrics are enabled
• Check if resource tagging is in place

Support Resources

For additional help:

• Check our FAQ
• Contact support at [email protected]
• Schedule a setup call through your dashboard

Best Practices

Account Organization

• Use consistent tagging strategies
• Set up Cost Allocation Tags
• Enable AWS Cost Categories
• Configure billing alerts

Optimization Readiness

• Review and clean up unused resources before connecting
• Document your infrastructure dependencies
• Set up proper monitoring and alerting
• Establish cost budgets and targets

Next Steps

After successfully connecting your AWS account:

1. Review the Dashboard - Explore your cost breakdown and trends
2. Set up Alerts - Configure notifications for cost spikes or optimization opportunities
3. Implement Recommendations - Start with low-risk, high-impact optimizations
4. Schedule Regular Reviews - Set up weekly cost optimization sessions

Video Tutorial

Watch our step-by-step AWS connection guide: AWS Connection Tutorial

Need help? Our team is here to assist with your AWS onboarding. Contact us through the dashboard chat or at [email protected].