If you’ve already gone through the original CloudForecast setup, you just need to update the existing policy to add the required permissions. It should take less than 5 minute. Here are the step by steps:

  1. Log in to AWS Management Console

  2. Select IAM in the service list or visit https://console.aws.amazon.com/iam/home#/home

  3. Click on Policies on the left side panel

  4. Find the policy used by the user you provided to CloudForecast

  5. Update policy with the following user policy and replace F00 with your bucket name: 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": [
                "arn:aws:s3:::FOO/*",
                "arn:aws:s3:::FOO
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "organizations:ListAccounts",
                "cloudwatch:GetMetricStatistics",
                "dynamodb:DescribeTable",
                "dynamodb:ListTables",
                "elasticache:DescribeCacheClusters",
                "elasticache:DescribeReservedCacheNodes",
                "ec2:DescribeInstances",
                "ec2:DescribeReservedInstances",
                "ec2:DescribeVolumes",
                "ec2:DescribeAddresses",
                "rds:DescribeDBInstances",
                "rds:DescribeReservedDBInstances",
                "redshift:DescribeClusters",
                "redshift:DescribeReservedNodes",
                "elasticloadbalancing:DescribeLoadBalancers",
                "elasticloadbalancing:DescribeTargetGroups",
                "ce:*"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}


      6. Celebrate!