AWS Setup Guide

Follow this step-by-step guide to connect your AWS account to CloudControl for monitoring and management.

Prerequisites

  • An active AWS account
  • Admin access to create IAM roles and policies
  • Basic understanding of AWS services

Step 1: Create an IAM User

First, you need to create an IAM user with programmatic access to generate access keys:

  1. Log in to the AWS Management Console
  2. Navigate to the IAM service
  3. Click on "Users" in the left navigation and then "Add user"
  4. Enter a username (e.g., "cloudcontrol-monitor")
  5. Select "Programmatic access" as the access type
  6. Click "Next: Permissions"

Step 2: Attach Required Permissions

For CloudControl to effectively monitor your AWS resources, attach the following policies:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "cloudwatch:GetMetricData",
        "cloudwatch:ListMetrics",
        "ec2:DescribeInstances",
        "ec2:DescribeRegions",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeTags",
        "ec2:DescribeVolumes",
        "rds:DescribeDBInstances",
        "s3:ListAllMyBuckets",
        "s3:GetBucketLocation"
      ],
      "Resource": "*"
    }
  ]
}

You can either:

  • Create a custom policy with the JSON above
  • Use the built-in "ReadOnlyAccess" policy (provides more permissions than needed)
  • Create a more restrictive policy based on your specific needs

Step 3: Complete User Creation

  1. After attaching policies, click "Next: Tags" (optional)
  2. Add any tags if needed, then click "Next: Review"
  3. Review the settings and click "Create user"
  4. IMPORTANT: Download or copy the Access Key ID and Secret Access Key. These will only be shown once!

Security Warning

Never share your AWS access keys or commit them to version control. Always use environment variables or secure credential storage.

Step 4: Add Credentials to CloudControl

  1. Log in to your CloudControl dashboard
  2. Navigate to "Settings" → "Cloud Providers"
  3. Click "Add Provider" and select "AWS"
  4. Enter your Access Key ID and Secret Access Key
  5. Optionally name this connection (e.g., "Production AWS")
  6. Click "Connect"

Step 5: Verify Connection

After adding your credentials, CloudControl will:

  • Validate your AWS credentials
  • Discover available regions
  • Begin collecting information about your resources

This initial sync may take a few minutes depending on the size of your AWS infrastructure.

Troubleshooting

Connection Failed

If your connection fails, check:

  • Access Key ID and Secret Access Key are entered correctly
  • IAM user has the required permissions
  • IAM user's access is not restricted by IP or other conditions

Missing Resources

If some resources aren't showing up:

  • Verify the IAM policy includes permissions for those resource types
  • Check if resources are in regions that CloudControl is scanning

Next Steps

Now that you've connected your AWS account, you can:

Need Help?

If you're having trouble setting up your AWS connection, please reach out for assistance.

Contact Support