Amazon Web Services

Learn how to connect your account and autonomously manage AWS cloud resources.
Sedai currently supports the following AWS resource types:
  • Lambda (Serverless functions)
  • Elastic Cloud Compute (EC2)
  • Elastic Container Service (ECS)
  • Fargate
  • Elastic Kubernetes Service (EKS) (Stateless workloads only; for stateful workloads, Sedai does not currently support autonomous management, but will still generate recommendations)

Connect to AWS

Sedai connects to AWS accounts via Identity and Access Management (IAM) to discover ECS clusters, Fargate, Lambda and EC2 resources. (Note: Sedai individually connects to Kubernetes clusters, so EKS clusters are displayed within Sedai independent of their corresponding AWS account).
To connect to EKS, we recommend deploying Sedai's Smart Agent within the cluster; however, you can alternatively setup agentless access via IAM authentication and Kubernetes Role Based Access Control (RBAC).
Sedai requires the following IAM configurations to connect to your AWS account:

IAM Policy Statement for Sedai

AWS Service
Autonomously executes operations to reduce cost, improve performance, and prevent availability issues. Sedai will only act if feature settings are set to auto-execute within the platform and if the operation passes rigorous safety checks.
Pulls monitoring data for continuous seasonality and performance analysis.
X-Ray ELB Kinesis DynamoDB Logs
Informs discovery process to help Sedai understand topology infrastructure.
While Sedai discovers multiple resource types within an AWS account, you can configure how each resource type is managed within the platform from the Settings > Topology page.
🔗 View the full policy here.
Learn how to setup Sedai's IAM policy:

IAM Role for Sedai

The Role allows Sedai secure and continuous access to discover resources and detect infrastructure changes. If you plan on adding multiple AWS accounts to Sedai, you will need to generate a unique IAM Role per account.
Learn how to setup Sedai's IAM Role: