All Collections
For Administrators
Cloud Labs - Bring Your Own (BYO) AWS Account
Cloud Labs - Bring Your Own (BYO) AWS Account

Steps to grant Vocareum permission to use your AWS account(s)

David avatar
Written by David
Updated over a week ago

NOTE: Please refer to the AWS documentation on "IAM users". https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html

In order for Vocareum to manage your AWS account(s), please use this guide which details how to create a Vocareum administrator IAM user and enable billing reports.

To create the Vocareum administrator IAM user, please take the following steps:

1. Starting with an unused AWS payer account, navigate to IAM Policies in the AWS console and create a new role.


2. Choose JSON format and cut and paste the following policy into the policy editor:

Please replace the my-billing-bucket with the name of your billing bucket name.

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"organizations:Describe*",
"organizations:List*",
"organizations:MoveAccount",
"organizations:CreateAccount",
"organizations:CreatePolicy",
"organizations:UpdatePolicy",
"organizations:AttachPolicy",
"organizations:DetachPolicy"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:List*",
"s3:Get*"
],
"Resource": "arn:aws:s3:::my-billing-bucket"
},
{
"Effect": "Allow",
"Action": [
"sts:AssumeRole"
],
"Resource": [
"arn:aws:iam::*:role/vocareum",
"arn:aws:iam::*:role/voclabs"
]
}
]
}

Click 'Next'.


3. Enter 'vocareumadmin-policy' as the policy name. Optionally enter description. Then go to the end of the page and click 'Create policy' to create the policy.


4. Please create an IAM user vocareumadmin. Vocareum will access the BYO payer account via API using the vocareumadmin user credentials. Leave the 'Provide user access to the AWS Management Console' checkbox unchecked. We will create access key for vocareumadmin after the user is created.

Click 'Next'.


5. Next in the Set Permissions, choose 'Attach policies directly' and select the 'vocareumadmin-policy' that we created earlier.

Click 'Next' to continue and the click 'Create user'.


6. Select the 'vocareumadmin' user page, click 'Create access key'.

Choose 'Other'. Click 'Next' to continue.

Set description tag optionally then click 'Create access key'.

Store the generated access key is and secret in a secure way. We will enter them in Vocareum Payers page.


7. Go to the Vocareum Payers page. Click 'Add new payer' to add your new BYO payer.

Enter your payer account id, keyid, secret, and other information, and click 'Save'.


To enable billing reports, please take the following steps:

1. Click on your account name in the navigation bar to open the drop-down menu. Then, click My Account to navigate to the account settings page.


2. Scroll down to the IAM User and Role Access to Billing Information section.

Check the box next to Activate IAM Access and then click Update.


When you have completed these steps, please send an email to support@vocareum.com with the account number of your AWS payer account.

Did this answer your question?