If you’ve already gone through the original CloudForecast setup, you just need to update the existing policy to add the required permissions. It should take less than 5 minute. Here are the step by steps:
Log in to AWS Management Console
Select IAM in the service list or visit https://console.aws.amazon.com/iam/home#/home
Click on Policies on the left side panel
Find the policy used by the user you provided to CloudForecast
Update policy with the following user policy and replace F00 with your bucket name:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::FOO/*,
"arn:aws:s3:::FOO
]
},
{
"Effect": "Allow",
"Action": [
"organizations:ListAccounts",
"cloudwatch:GetMetricStatistics",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"elasticache:DescribeCacheClusters",
"elasticache:DescribeReservedCacheNodes",
"ec2:DescribeInstances",
"ec2:DescribeReservedInstances",
"ec2:DescribeVolumes",
"ec2:DescribeAddresses",
"rds:DescribeDBInstances",
"rds:DescribeReservedDBInstances",
"redshift:DescribeClusters",
"redshift:DescribeReservedNodes",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"ce:*"
],
"Resource": [
"*"
]
}
]
}6. Celebrate!