Update products or account permissions

Prev Next

This topic describes how to change the permissions for an AWS account that is already integrated with Zesty.

Changing permissions is done when:

  • You want to update (add or remove) the Zesty products activated for an existing integrated account.

  • You want to change permissions of an existing integrated account.
    For example, if you currently use Commitment Manager to see potential savings (read-only) and you want Zesty to purchase RI (manage) on your behalf.

You update permissions using the Zesty platform Integrate account page, described in the following section.

During the integration process, you will be transferred to your AWS Management Console. There, you’ll use a CloudFormation stack to create an IAM role which then integrates your AWS account with Zesty.

Prerequisites

  • Access to the Zesty platform.

  • The AWS account to be integrated has permissions to create IAM roles and CloudFormation stacks.

    The required permissions are shown on the Integrate account page.

  • You are connected to the AWS account to be updated.

  • To update a Management account, you have information about the CUR.

    Zesty supports Legacy CUR and CUR v2.0. To create a Zesty-compatible Legacy CUR, see Create a legacy CUR.

    If the Management account is being activated with Kompass, also the following AWS prerequisites:

    • crawler-cfn.yml file is in the CUR S3 bucket.
      Note: this file may not be present until up to 24 hours after first creating a CUR.

    • CUR permissions

    • Information about Athena resources (S3, Athena, Glue Data catalog).

    • AWS account ID.

To update account permissions:

  1. Open the Integrate account page:

    1. From the Admin section of the Zesty platform main menu, select Organization Settings > Accounts.
      The Accounts page displays existing accounts.

    2. From an account’s Action menu, click  then select Update permissions.


      The Integrate account page is displayed:

  1. In Step 1, choose whether the AWS account is a Linked account or a Management account.

  2. In Step 2, choose the products to activate.

  3. In Step 3, configure the CloudFormation stack:
    Note: You may not see all the fields described here. They will vary depending on the account type and product you chose in the previous steps and the CUR format that you choose here.

    1. Select the region where to create the stack that will be used for integration.

    2. Enter the details of the CUR (for Management accounts):
      (You can find these details in the AWS Console Billing and Cost Management section.)

      1. Select the format of your CUR: Legacy or 2.0.

      2. Enter the CUR export name (for v2.0 only).

      3. Enter the CUR S3 bucket.
        Example: s3://zesty-cur/prod-v2

    3. Enter the Athena details (for Management accounts).
      (You can find these details in the AWS Console Athena section.)

  4. In Step 4, create the IAM role:
    Note: Before proceeding, ensure that you are logged into the account that you are integrating.

    1. Review and approve the security content of the IAM role.

    2. Click Create IAM role.
      Zesty redirects you to the AWS Console to create a CloudFormation stack.

    3. In the AWS Console, scroll down to the Capabilities section and select I acknowledge that AWS CloudFormation might create IAM resources.

    4. Click Create stack.
      In the AWS console, the CloudFormation > Stacks page is displayed.
      The Events tab shows the different events taking place. When the process is done, the CREATE_COMPLETE status is displayed.

    5. In the AWS Console Outputs tab, copy the full ZestyRoleArn value and paste it in the Role ARN field at the bottom of the Zesty Integrate account page.
      For example:

  5. Click Connect account.
    Zesty takes a few moments to finalize the integration.
    If you receive an error message or require other assistance, contact Customer Support.