Setting up nOps (Manual Setup)

In AWS Account

1. Creating Policy

  1. From AWS console login, go to ‘Identity and Access Management’ screen.
  2. From the left navigation panel choose ‘Policies’
  3. Click on ‘Create Policy’.
  4. Choose ‘Json Tab’
  5. Replace the existing Json script with the script given below and the click on ‘Review Policy’. Make sure you replace [bucket_name] with your billing bucket name to ensure policy efficacy.
IAM policy for nOps Last Updated: 31 October, 2018
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::[bucket_name]",
                "arn:aws:s3:::[bucket_name]/*"
            ]
        },
        {
            "Action": [
              "autoscaling:Describe*",
              "ce:Get*",
              "cloudformation:Describe*",
              "cloudformation:GetTemplate",
              "cloudformation:List*",
              "cloudfront:Get*",
              "cloudfront:List*",
              "cloudtrail:CreateTrail",
              "cloudtrail:Describe*",
              "cloudtrail:Get*",
              "cloudtrail:List*",
              "cloudtrail:Lookup*",
              "cloudtrail:StartLogging",
              "cloudtrail:UpdateTrail",
              "cloudwatch:Describe*",
              "cloudwatch:Get*",
              "cloudwatch:List*",
              "cur:DescribeReportDefinitions",
              "cur:PutReportDefinition",
              "config:Get*",
              "config:DescribeConfigurationRecorderStatus",
              "config:DescribeConfigurationRecorders",
              "dynamodb:Describe*",
              "dynamodb:List*",
              "ec2:Describe*",
              "ec2:Get*",
              "ecs:Describe*",
              "ecs:List*",
              "elasticache:Describe*",
              "elasticache:List*",
              "elasticloadbalancing:Describe*",
              "es:Describe*",
              "es:List*",
              "iam:Get*",
              "iam:List*",
              "kinesis:Describe*",
              "kinesis:List*",
              "lambda:Get*",
              "lambda:List*",
              "opsworks:Describe*",
              "opsworks:Get*",
              "rds:Describe*",
              "rds:List*",
              "rds:ListTagsForResource",
              "s3:HeadBucket",
              "s3:GetEncryptionConfiguration",
              "s3:GetBucketVersioning",
              "s3:GetBucketAcl",
              "s3:GetBucketLogging",
              "s3:List*",
              "support:Describe*",
              "tag:getResources",
              "tag:getTagKeys",
              "tag:getTagValues",
              "trustedadvisor:Describe*"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}
  1. Provide some name and description to the policy.
  2. Click on ‘Create Policy’.

2. Creating Roles

  1. From the left navigation panel choose ‘Roles’
  2. Click on ‘Create Role’
  3. Select type of trusted identity: Choose
    Screenshot
  4. Specify accounts that can use this role: AWS will ask for Account ID and External ID. For Account ID enter the nOps account ID (202279780353) and for External ID, enter any unique string. The External ID adds an extra level of security for you. Please do not check ‘Require MFA’
    Screenshot
  5. Click on ‘Next: Permissions’
  6. On Next Step, we will attach policy created in earlier task and then click on ‘Next:Review’
  7. Provide some name and description to the role and click on ‘Create Role’
  8. Return to nOps to complete setup.

3. Setup Cost & Report Usage

I. Setup Report

  1. Go to: Billing & Cost Management Dashboard → Report section. https://console.aws.amazon.com/billing/home?#/reports
  2. Click on create report
Screenshot
Step 1:
  • Enter the report name, and tick Include resource IDs checkbox. (required)
    Screenshot
Suggestion:
Report name: nopsbilling-daily-gzip
Tick: Include resource IDs
Tick: Automatically refresh your Cost & Usage Report when charges are detected for previous months with closed bills.
Step 2:
  • Enter the S3 bucket to deliver the report. Click on verify. (Make sure the S3 bucket has appropriate Policy for delivery report, check section II. )
  • Enter the report path prefix (Optional) - Suggestion: nopsbilling
  • Choose Daily (required) for Time granularity
  • Choose the Report versioning (Optional) - Suggestion: Overwrite existing report
  • Choose GZIP as Compression type (Required)
    Screenshot
Step 3: Review the report and complete.
  • Enter the S3 bucket to deliver the report. Click on verify. (Make sure the S3 bucket has appropriate Policy for delivery report, check section II. )
  • Enter the report path prefix (Optional) - Suggestion: nopsbilling
  • Choose Daily (required) for Time granularity
  • Choose the Report versioning (Optional) - Suggestion: Overwrite existing report
  • Choose GZIP as Compression type (Required)
    Screenshot

II. S3 Bucket policy for cost and usage report.

  1. Get Sample Policy by clicking on the link.
    Screenshot
  2. Go to the S3 bucket → Permissions → Bucket Policy and Save the Policy.
    Screenshot

III. Setup the Cost and Usage report on nOps.

  1. Automatically:
    Provide cur:DescribeReportDefinitions permission for IAM role using for nOps. In the next ingestion, the report would be tried to fetch report data from AWS APU.
  2. Manually:
    • Go to project details.
    • Enter:
      • S3 bucket name
      • Report name
      • Prefix path
      Screenshot


Adding project in nOps:

In nops setting up AWS account is a 2-step process. One is adding AWS account details to fetch CloudTrail data and other is adding billing bucket to fetch billing data, you can add both at the same time (recommended). If you don't add billing bucket your billing stats pages in nops will not show any data.

  1. Login to Nops.io and click on ‘settings’[under username section]
    Screenshot
  2. In the Settings page, click on Project settings icon.
    Screenshot
  3. To add new project, click on ‘Add new nOps project’.
    Screenshot
  4. Select "Manual Setup" method from the method selection popup.
    Screenshot
  5. Add Project Name.
    Screenshot
  6. For role based access, we need arn of the IAM role.
    Here are the steps to get the ARN:
    1. Go to IAM service in AWS. In the roles tab, look for the role for which we need arn. Screenshot
    2. Click the role and copy the arn of the role and paste it into the ‘ARN of IAM role’ field in nOps. Screenshot
  7. For External ID, use the same one you used when created role earlier.
  8. Add billing bucket name. Make sure the billing bucket name is the same as the S3 bucket you created for billing.
  9. Make sure you save the settings after filling all the fields as in screenshot below.
    Screenshot
    Note: It’ll take about a day for billing data to populate & couple of hours for CloudTrail data to populate. If you have any questions, please contact us at support@nops.io, or by phone at +1 866-673-9330.

Viewing Added Projects:

  1. You can view the list of all added projects in your project settings. To view go to UserName Dropdown (Top right) → Settings → Project Settings. where it shows name of billing bucket [If added] and also the “Last fetch” time of billing bucket.
    Screenshot

Editing a Existing Project:

  1. Go to UserName Dropdown (Top right) → Settings → Project Settings
    Screenshot
  2. Click on any project you want to edit and it will open edit project screen.
    Screenshot
  3. You can do changes as per your requirements and make sure to click “Save” button in order to save changes.
    Note: If you try to edit billing bucket of an existing project it can cause the changes in cost pages data or undesired results.

nOps Help Center

© 2019 nOps.io All Rights Reserved.