Integration Information

Data Collected

  • Members: name, email, role (User), last seen
  • Usage:
    • Number of users

Connection details

  • Status: published
  • Type: API
  • Permissions required (API):
    • Access key must have IAMReadOnlyAccess policy, AWSPriceListServiceFullAccess policy, and one custom policy (follow instructions to create the custom policy).

Instructions

In this document, we will provide instructions for configuring Amazon services to enable LeanIX SMP to get the Cost and Usage Data.

​New Amazon User

Log in to Amazon Console. Navigate to Identity and Access Management \Users.

Select Add User to create a LeanIX SMP user.

  • Enter User name (for example “LeanIX_SMP”) and select Access type Programmatic access.
  • Select Attach existing policies directly.
  • Create a new policy by clicking on Create policy. A new tab will open with a create policy form.
  • Select JSON and paste the following JSON data:
    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ce:GetCostAndUsage", "iam:ListUsers" ], "Resource": [ "*" ] } ] }
  • Name the new policy LeanIX_SIBillingAndCostPolicy, click Create policy and close the opened tab.
  • Go back to the first tab and refresh it. Search for IAMReadOnlyAccess, AWSPriceListServiceFullAccess and newly created policy LeanIX_SIBillingAndCostPolicy and select them.
  • Click Next:Tags and then Next:Review without setting any tags.
  • By clicking on Create user you will confirm selected options for a new user LeanIX SMP.
  • Copy Access key ID and Secret access key. You will need them to enter them in LeanIX SMP form.

WARNING: If you forget to copy Secret access key in this step, you will need to recreate a new access key.

​Configure Amazon Credentials in LeanIX SMP

  • Log in to LeanIX SMP. Navigate to Services \one of your Amazon services \Settings \Integrate.
  • Enter Access Key ID, and Secret Key.

Frequently asked questions

What does the last seen mean? Why is there is last seen for our users?

The last seen in the AWS services indicates the last password login time. And it is only accurate for after including 2019. If there is no value there, then the person either did not sign in with password since 2019 or the user does not have a password. This does not include the API access with the use of the access keys or login through the SSO.


Did this page help you?