Please note this article applies only to BYO AWS clouds, and not AWS from Telstra. |
You need to follow the steps documented below if you're seeing a 'Missing extension permissions' error against your cost feature on a BYO AWS account (a cloud you've purchased from a provider other than Telstra).
Pre-requisites
You need to have a Telstra Cloud Sight provider role deployed to your AWS account. You may have already followed instructions to deploy it by running a CloudFormation script.
Giving Cloud Sight permission to enable cost management
1. Log into your AWS console and navigate to 'IAM'. You can type 'IAM' into the search bar to find this.
2. Within the IAM page, select 'Roles'
3. Click on the 'TelstraCloudSightCostReportingRole'
Note: If you can't find a role with the name 'TelstraCloudSightCostReportingRole', you could instead have a role called ‘CloudHealth’ or ‘CostReporting’. Click on either of those.
4. In the 'Permissions' tab, expand 'Permissions Policies'. Under it you'll find 'TelstraCloudSightCostReportingPolicy'. Expand this as well.
Note: Your policy name may differ, depending on the role name. Please continue regardless of the name.
6. Click on the Edit Policy button and select the 'JSON' tab.
7. Replace the contents of the JSON text with the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"autoscaling:Describe*",
"aws-portal:ViewBilling",
"aws-portal:ViewUsage",
"cloudformation:ListStacks",
"cloudformation:ListStackResources",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResources",
"cloudformation:GetTemplate",
"cloudfront:Get*",
"cloudfront:List*",
"cloudtrail:DescribeTrails",
"cloudtrail:GetEventSelectors",
"cloudtrail:ListTags",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"config:Get*",
"config:Describe*",
"config:Deliver*",
"config:List*",
"cur:Describe*",
"dms:Describe*",
"dms:List*",
"dynamodb:DescribeTable",
"dynamodb:List*",
"ec2:Describe*",
"ec2:GetReservedInstancesExchangeQuote",
"ecs:List*",
"ecs:Describe*",
"elasticache:Describe*",
"elasticache:ListTagsForResource",
"elasticbeanstalk:Check*",
"elasticbeanstalk:Describe*",
"elasticbeanstalk:List*",
"elasticbeanstalk:RequestEnvironmentInfo",
"elasticbeanstalk:RetrieveEnvironmentInfo",
"elasticfilesystem:Describe*",
"elasticloadbalancing:Describe*",
"elasticmapreduce:Describe*",
"elasticmapreduce:List*",
"es:List*",
"es:Describe*",
"firehose:ListDeliveryStreams",
"firehose:DescribeDeliveryStream",
"iam:List*",
"iam:Get*",
"iam:GenerateCredentialReport",
"kinesis:Describe*",
"kinesis:List*",
"kms:DescribeKey",
"kms:GetKeyRotationStatus",
"kms:ListKeys",
"lambda:List*",
"logs:Describe*",
"organizations:ListAccounts",
"organizations:ListTagsForResource",
"organizations:DescribeOrganization",
"redshift:Describe*",
"route53:Get*",
"route53:List*",
"rds:Describe*",
"rds:ListTagsForResource",
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketPolicyStatus",
"s3:GetBucketPublicAccessBlock",
"s3:GetAccountPublicAccessBlock",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:List*",
"sagemaker:Describe*",
"sagemaker:List*",
"savingsplans:DescribeSavingsPlans",
"sdb:GetAttributes",
"sdb:List*",
"ses:Get*",
"ses:List*",
"sns:Get*",
"sns:List*",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"storagegateway:List*",
"storagegateway:Describe*",
"workspaces:Describe*"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
8. Click on the Review Policy button at the bottom of the screen.
9. On the 'Review policy' screen, click on Save changes.
Once you've completed these steps, return to your details page on Cloud Sight and hit the check status button. If the error continues to appear, please contact us.