Create IAM Role

(Recommended) Learn how to create an IAM Role in order to securely delegate Sedai uninterrupted access to your AWS resources.

Use CloudFormation to automatically create an IAM Role and attach Sedai's policies.

If you prefer to manually create an IAM Role with sufficient privileges for Sedai to access your topology, you must have access to your organization's AWS Console and permission to create a new IAM Role.

To grant Sedai access to your resources, you will create an IAM Role and link

If you plan to connect multiple EKS clusters from the same environment to Sedai, you will only need to create one IAM Role. The same ARN can be used to connect each cluster to Sedai.

Choose your preferred method of creating the IAM Role:

  1. Go to Settings > Integrations and select Connect Cloud.

  2. Select AWS as your cloud provider & select your resource types and the cloud products you'd like Sedai to manage.

  3. After giving you cloud a nickname, click the button the Launch CloudFormation (Make sure you're logged in to the AWS account you wish to integrate with Sedai)

  4. On the screen that will open in the CloudFormation console, leave the selections as is and click Next.

  5. In the Specify stack details page, enter the stack name.

  6. In the Sedai app configuration section, leave the custom external ID field empty (unless a custom external ID was provided previously).

  7. In the Permission section, select which cloud products you'd like Sedai to manage (please ensure this matches the selections you previously made within Sedai when connecting your account)

  8. Click Next, then scroll down and click Next again.

  9. In the Review and create page, check the capabilities and click Submit


Updating a CloudFormation Stack with Change Sets

You can update a CloudFormation stack to change Sedai's permissions. If read-only access is disabled, you can then manage which cloud products Sedai has permission to optimize, as long as optimization is enabled in Settings > Resources within Sedai.

To update Sedai's cloud product permissions, adjust permissions both within Sedai and the AWS console. Within the AWS console, follow the steps below. Within Sedai, go to Settings > Integrations, select the cloud account, and click Edit under Managed Cloud Products.

When updating a CloudFormation stack, change sets allow you to preview planned changes before applying them, ensuring no unintended consequences. To do this, follow this process:

  1. Access the CloudFormation console within the AWS Management Console.

  2. Select the desired stack from the list and select the Change Sets tab.

  3. Click Create change set then name the change set.

  4. On the page to specify the template, choose Use existing template and click Next.

  5. Update the Permission sections to reflect which cloud products you'd like Sedai to manage.

  6. Click Next, then scroll down and click Next again.

  7. In the Review and create page, check the capabilities and click Submit.

  8. Review the planned changes then click Execute change set.

  9. On the Execute change set? pop up, review the planned changes and specify your preferred options (We recommend using the pre-selected options).

  10. Click Execute change set to enact the changes.

After updating a CloudFormation stack, we recommend monitoring the deployment.


Monitoring the Deployment

When you create or update a CloudFormation stack, you can track the update's progress ensure to it's functioning properly. Within the CloudFormation console, the Events tab displays the status of each resource during the update process. Refresh this tab to ensure it shows the CREATE_COMPLETE or UPDATE_COMPLETE status. If the deployment has failed, try re-deploying it.


Learn more about IAM Roles:

Last updated