Skip to main content
All CollectionsAdding an account to Uniskai
Adding an AWS Account with a Manual Connection
Adding an AWS Account with a Manual Connection

Learn how to add an AWS account with a manual connection

Updated this week

Step 1

Navigate to the ‘Account manager’ tab.

If you don't have any accounts, your Account Manager menu will look like the picture below. Click the ‘Add environment’ button.

If you already have some accounts, your Account Manager menu will display differently. Click the ‘Add environment’ button.

Choose AWS cloud service.

Step 2

Select ‘Cross Account Role.’

Step 3

You will be directed to the ‘Cross-account role connection’ page.

Step 4

In the first field, enter an Account name. You can use a specific name (up to 32 characters) or leave it as the default ‘AWS.’

Step 5

Choose the Access type (The selected type will be marked with a white dot on a blue background):

  • Read/write: This allows you to use all functions, such as converting to spot, scheduling resources, removing unused resources, and rightsizing your resources.

  • Read-only: This only lets you view your resources and possible actions, without the ability to use the main functionality.

Step 6

Select the Connection type (The selected type will be marked with a white dot on a blue background):

  • CloudFormation stack: The ARN-role is automatically created by the CloudFormation stack.

  • Manual: You'll manually create a role using the External ID and Account ID. Choose manual connection.

Step 7

Refer to our manual:

Click the ‘Read manual’ button in the ‘Cross-account role connection’ pop-up.

This is how the manual appears:

At this moment, we've chosen the Manual connection. Otherwise, follow the manual steps.

Step 8

Log in to the AWS Console, type ‘Billing,’ and navigate to the AWS Billing Dashboard.

Step 9

Go to Cost & Usage Reports, then click ‘Create report.’

Step 10

Name your report, check the ‘Include resource IDs’ box, and click ‘Next.’

Step 11

Click ‘Configure.’

Step 12

Name S3 as ‘psl-cur-%AWS-account-id%’ (replace %AWS-account-id% with your account ID), select the region for the S3 bucket, and click ‘Next.’ If there's an error stating the S3 bucket already exists, select it from the dropdown list on the left.

Step 13

Check the box confirming the correctness of the policy and click ‘Save.’

Step 14

Name the Report path prefix as ‘psl-cur,’ check the ‘Overwrite existing report’ radio button, then check ‘Amazon Athena’ and click ‘Next.’

Step 15

Click ‘Review and Complete.’

Step 16

Type ‘IAM’ and navigate to the IAM service page.

Step 17

Go to ‘Policies’ on the sidebar and click ‘Create policy.’

Step 18

Select the JSON tab and copy/paste the AWS policy below, replacing %bucket_name%. Then click ‘Next: Tags.’

Policy Read-Write

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "VisualEditor0",

"Effect": "Allow",

"Action": [

"application-autoscaling:RegisterScalableTarget",

"autoscaling:CreateLaunchConfiguration",

"autoscaling:DeleteLaunchConfiguration",

"autoscaling:DescribeAutoScalingGroups",

"autoscaling:UpdateAutoScalingGroup",

"bedrock:GetAgent",

"bedrock:GetAgentActionGroup",

"bedrock:GetAgentAlias",

"bedrock:GetAgentVersion",

"bedrock:GetCustomModel",

"bedrock:GetDataSource",

"bedrock:GetKnowledgeBase",

"bedrock:GetModelCustomizationJob",

"bedrock:GetModelInvocationLoggingConfiguration",

"bedrock:GetProvisionedModelThroughput",

"bedrock:ListAgentActionGroups",

"bedrock:ListAgentAliases",

"bedrock:ListAgentKnowledgeBases",

"bedrock:ListAgentVersions",

"bedrock:ListAgents",

"bedrock:ListCustomModels",

"bedrock:ListDataSources",

"bedrock:ListKnowledgeBases",

"bedrock:ListModelCustomizationJobs",

"bedrock:ListProvisionedModelThroughputs",

"bedrock:ListTagsForResource",

"ce:DescribeCostCategoryDefinition",

"ce:GetCostAndUsage",

"ce:GetCostAndUsageWithResources",

"ce:GetCostForecast",

"ce:GetDimensionValues",

"ce:GetReservationCoverage",

"ce:GetReservationPurchaseRecommendation",

"ce:GetReservationUtilization",

"ce:GetRightsizingRecommendation",

"ce:GetSavingsPlansCoverage",

"ce:GetSavingsPlansPurchaseRecommendation",

"ce:GetSavingsPlansUtilization",

"ce:GetSavingsPlansUtilizationDetails",

"ce:GetTags",

"ce:GetUsageForecast",

"ce:ListCostCategoryDefinitions",

"cloudformation:UpdateStack",

"compute-optimizer:GetEBSVolumeRecommendations",

"compute-optimizer:GetEnrollmentStatus",

"compute-optimizer:GetLambdaFunctionRecommendations",

"compute-optimizer:UpdateEnrollmentStatus",

"cur:DescribeReportDefinitions",

"ebs:ListChangedBlocks",

"ebs:ListSnapshotBlocks",

"ec2:AttachVolume",

"ec2:CancelSpotInstanceRequests",

"ec2:CreateImage",

"ec2:CreateLaunchTemplate",

"ec2:CreateRoute",

"ec2:CreateSnapshot",

"ec2:CreateSnapshots",

"ec2:CreateTags",

"ec2:CreateVolume",

"ec2:DeleteSnapshot",

"ec2:DeleteVolume",

"ec2:DeregisterImage",

"ec2:DescribeImages",

"ec2:DescribeInstances",

"ec2:DescribeLaunchTemplateVersions",

"ec2:DescribeLaunchTemplates",

"ec2:DescribeRouteTables",

"ec2:DescribeSnapshots",

"ec2:DescribeSpotInstanceRequests",

"ec2:DescribeSpotPriceHistory",

"ec2:DescribeVolumes",

"ec2:DetachVolume",

"ec2:GetLaunchTemplateData",

"ec2:ModifyInstanceAttribute",

"ec2:ModifyNetworkInterfaceAttribute",

"ec2:ModifyVolume",

"ec2:PurchaseReservedInstancesOffering",

"ec2:ReleaseAddress",

"ec2:RequestSpotInstances",

"ec2:RunInstances",

"ec2:StartInstances",

"ec2:StopInstances",

"ec2:TerminateInstances",

"ecs:DeleteService",

"ecs:RegisterTaskDefinition",

"ecs:UpdateContainerInstancesState",

"ecs:UpdateService",

"eks:CreateNodegroup",

"eks:DeleteNodegroup",

"eks:DescribeNodegroup",

"eks:ListClusters",

"eks:UpdateNodegroupConfig",

"elasticache:PurchaseReservedCacheNodesOffering",

"elasticloadbalancing:DeregisterTargets",

"elasticloadbalancing:DescribeInstanceHealth",

"elasticloadbalancing:DescribeLoadBalancers",

"elasticloadbalancing:DescribeTargetGroups",

"elasticloadbalancing:DescribeTargetHealth",

"elasticloadbalancing:ModifyTargetGroup",

"elasticloadbalancing:RegisterInstancesWithLoadBalancer",

"elasticloadbalancing:RegisterTargets",

"es:PurchaseReservedElasticsearchInstanceOffering",

"es:PurchaseReservedInstanceOffering",

"iam:CreateServiceLinkedRole",

"iam:PassRole",

"iam:PutRolePolicy",

"kms:CreateGrant",

"kms:Decrypt",

"kms:Encrypt",

"kms:GenerateDataKey*",

"kms:ReEncrypt*",

"lambda:DeleteFunction",

"lambda:DeleteProvisionedConcurrencyConfig",

"lambda:GetFunction",

"lambda:GetPolicy",

"lambda:GetProvisionedConcurrencyConfig",

"lambda:ListTags",

"lambda:PublishVersion",

"lambda:PutProvisionedConcurrencyConfig",

"lambda:UpdateAlias",

"lambda:UpdateFunctionCode",

"lambda:UpdateFunctionConfiguration",

"logs:DeleteLogGroup",

"memorydb:DescribeReservedNodes",

"memorydb:DescribeReservedNodesOfferings",

"memorydb:DescribeSnapshots",

"memorydb:DescribeSubnetGroups",

"memorydb:PurchaseReservedNodesOffering",

"pricing:*",

"rds:DeleteDBInstance",

"rds:DescribeDBInstances",

"rds:PurchaseReservedDBInstancesOffering",

"rds:StartDBCluster",

"rds:StartDBInstance",

"rds:StopDBCluster",

"rds:StopDBInstance",

"rds:ModifyDBInstance",

"redshift:DescribeClusters",

"redshift:PauseCluster",

"redshift:PurchaseReservedNodeOffering",

"redshift:ResumeCluster",

"sagemaker:StartNotebookInstance",

"sagemaker:StopNotebookInstance",

"savingsplans:CreateSavingsPlan",

"elasticache:ModifyReplicationGroup",

"es:UpdateDomainConfig"

],

"Resource": "*"

},

{

"Effect": "Allow",

"Action": [

"s3:GetObject"

],

"Resource": "arn:aws:s3:::%bucket_name%/*"

}

]

}

Policy Tagging

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "VisualEditor0",

"Effect": "Allow",

"Action": [

"acm:AddTagsToCertificate",

"acm:RemoveTagsFromCertificate",

"apigateway:DELETE",

"apigateway:POST",

"appmesh:TagResource",

"appmesh:UntagResource",

"autoscaling:CreateOrUpdateTags",

"autoscaling:DeleteTags",

"cloudfront:TagResource",

"cloudfront:UntagResource",

"cloudwatch:TagResource",

"cloudwatch:UntagResource",

"cognito-identity:TagResource",

"cognito-identity:UntagResource",

"ec2:CreateTags",

"ec2:DeleteTags",

"ecr:TagResource",

"ecr:UntagResource",

"ecs:TagResource",

"ecs:UntagResource",

"eks:TagResource",

"eks:UntagResource",

"elasticache:AddTagsToResource",

"elasticache:RemoveTagsFromResource",

"elasticbeanstalk:AddTags",

"elasticbeanstalk:RemoveTags",

"elasticfilesystem:CreateTags",

"elasticfilesystem:DeleteTags",

"elasticfilesystem:TagResource",

"elasticfilesystem:UntagResource",

"elasticloadbalancing:AddTags",

"elasticloadbalancing:RemoveTags",

"es:AddTags",

"es:RemoveTags",

"fsx:TagResource",

"fsx:UntagResource",

"iam:TagRole",

"iam:TagUser",

"iam:UntagRole",

"iam:UntagUser",

"kinesis:AddTagsToStream",

"kinesis:RemoveTagsFromStream",

"kms:TagResource",

"kms:UntagResource",

"lambda:TagResource",

"lambda:UntagResource",

"rds:AddTagsToResource",

"rds:RemoveTagsFromResource",

"redshift:CreateTags",

"redshift:DeleteTags",

"route53:ChangeTagsForResource",

"route53domains:DeleteTagsForDomain",

"route53domains:UpdateTagsForDomain",

"s3:DeleteJobTagging",

"s3:DeleteObjectTagging",

"s3:DeleteObjectVersionTagging",

"s3:PutBucketTagging",

"s3:PutJobTagging",

"s3:PutObjectTagging",

"s3:PutObjectVersionTagging",

"s3:ReplicateTags",

"tag:TagResources",

"tag:UntagResources",

"ec2:DeleteVolume",

"ec2:DeregisterImage",

"logs:TagResource",

"logs:UntagResource",

"backup:TagResource",

"backup:UntagResource",

"cassandra:Alter",

"cassandra:AlterMultiRegionResource",

"cassandra:TagResource",

"cassandra:TagMultiRegionResource",

"cassandra:UnTagMultiRegionResource",

"cassandra:UntagResource",

"codecommit:TagResource",

"codecommit:UntagResource",

"cloudtrail:AddTags",

"cloudtrail:RemoveTags",

"dynamodb:TagResource",

"dynamodb:UntagResource",

"events:TagResource",

"events:UntagResource",

"glacier:AddTagsToVault",

"glacier:RemoveTagsFromVault",

"glue:TagResource",

"glue:UntagResource",

"kafka:TagResource",

"kafka:UntagResource",

"timestream:TagResource",

"timestream:UntagResource",

"sagemaker:AddTags",

"sagemaker:DeleteTags",

"mq:CreateTags",

"mq:DeleteTags",

"secretsmanager:TagResource",

"secretsmanager:UntagResource",

"ses:TagResource",

"ses:UntagResource",

"states:TagResource",

"states:UntagResource",

"sns:TagResource",

"sns:UntagResource",

"sqs:TagQueue",

"sqs:UntagQueue",

"appflow:TagResource",

"appflow:UntagResource",

"wafv2:TagResource",

"wafv2:UntagResource",

"elasticmapreduce:AddTags",

"elasticmapreduce:RemoveTags",

"emr-containers:TagResource",

"emr-containers:UntagResource",

"emr-serverless:TagResource",

"emr-serverless:UntagResource",

"bedrock:TagResource",

"bedrock:UntagResource",

"memorydb:TagResource",

"memorydb:UntagResource",

"elasticbeanstalk:UpdateTagsForResource"

],

"Resource": "*"

}

]

}

Policy Read-only

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "VisualEditor0",

"Effect": "Allow",

"Action": [

"pricing:*",

"ce:DescribeCostCategoryDefinition",

"ce:GetRightsizingRecommendation",

"ce:GetCostAndUsage",

"ce:GetSavingsPlansUtilization",

"ce:GetReservationPurchaseRecommendation",

"ce:ListCostCategoryDefinitions",

"ce:GetCostForecast",

"ce:GetReservationUtilization",

"ce:GetSavingsPlansPurchaseRecommendation",

"ce:GetDimensionValues",

"ce:GetSavingsPlansUtilizationDetails",

"ce:GetCostAndUsageWithResources",

"ce:GetReservationCoverage",

"ce:GetSavingsPlansCoverage",

"ce:GetTags",

"ce:GetUsageForecast",

"cur:DescribeReportDefinitions",

"compute-optimizer:GetEBSVolumeRecommendations",

"compute-optimizer:GetLambdaFunctionRecommendations",

"ebs:ListSnapshotBlocks",

"ebs:ListChangedBlocks",

"bedrock:GetModelInvocationLoggingConfiguration",

"bedrock:ListProvisionedModelThroughputs",

"bedrock:GetProvisionedModelThroughput",

"bedrock:ListModelCustomizationJobs",

"bedrock:GetModelCustomizationJob",

"bedrock:ListCustomModels",

"bedrock:GetCustomModel",

"bedrock:ListKnowledgeBases",

"bedrock:GetKnowledgeBase",

"bedrock:ListAgents",

"bedrock:GetAgent",

"bedrock:ListDataSources",

"bedrock:GetDataSource",

"bedrock:ListAgentAliases",

"bedrock:GetAgentAlias",

"bedrock:ListAgentVersions",

"bedrock:GetAgentVersion",

"bedrock:ListAgentActionGroups",

"bedrock:GetAgentActionGroup",

"bedrock:ListAgentKnowledgeBases",

"bedrock:ListTagsForResource",

"memorydb:DescribeSnapshots",

"memorydb:DescribeSubnetGroups",

"memorydb:DescribeReservedNodes"

],

"Resource": "*"

},

{

"Effect": "Allow",

"Action": [

"s3:GetObject"

],

"Resource": "arn:aws:s3:::%bucket_name%/*"

}

]

}

Step 19

Click ‘Next: Review.’

Step 20

Name your policy and click ‘Create policy.’

Step 21

Repeat step 17 then select JSON tab and copy/paste AWS Tagging policy. Then click Next

Step 22

Name you policy and scroll down

Step 23

Click Create policy


Step 24

Go to ‘Roles’ on the sidebar and click ‘Create role.

Step 25

Choose AWS account entity and scroll down.

Step 23

Select ‘Another AWS account.’ Paste the Account ID generated on Uniskai. Check ‘Require external ID’ and paste the External ID. Click ‘Next’ to continue.

Step 24

Type the Policy name created in step 20 in the search bar and check it.

Step 25

Type Policy name created on step 22 in the search bar and check it.

Step 26

Type ‘ReadOnlyAccess’ in the search bar and check it. Click ‘Next’ to continue.

Step 26

Come up with any Role name and scroll down.

Step 27

Click ‘Create role.’

Step 28

Click ‘View role.’


Step 29

Now copy/paste the ARN-role.

Step 30

Enter the copied role on the site in the proper field and click ‘Connect account.’

Did this answer your question?