Amazon Web Services

Learn how to connect your account and autonomously manage AWS cloud resources.

Sedai currently supports the following AWS resource types:
Lambda (Serverless functions)
Elastic Cloud Compute (EC2)
Elastic Container Service (ECS)
Fargate
Elastic Kubernetes Service (EKS) (Stateless workloads only; for stateful workloads, Sedai does not currently support autonomous management, but will still generate recommendations)
Connect to AWS
Sedai connects to AWS accounts via Identity and Access Management (IAM) to discover ECS clusters, Fargate, Lambda and EC2 resources. (Note: Sedai individually connects to Kubernetes clusters, so EKS clusters are displayed within Sedai independent of their corresponding AWS account).
To connect to EKS, we recommend deploying Sedai's Smart Agent within the cluster; however, you can alternatively setup agentless access via IAM authentication and Kubernetes Role Based Access Control (RBAC).
Sedai requires the following IAM configurations to connect to your AWS account:
IAM Policy Statement for Sedai
Permission
AWS Service
Purpose
Read-write
ECS
Fargate
Lambda
EC2
Autonomously executes operations to reduce cost, improve performance, and prevent availability issues. Sedai will only act if feature settings are set to auto-execute within the platform and if the operation passes rigorous safety checks. 
Read-only
CloudWatch
Pulls monitoring data for continuous seasonality and performance analysis.
Read-only
X-Ray
ELB
Kinesis
DynamoDB
Logs
Informs discovery process to help Sedai understand topology infrastructure.
While Sedai discovers multiple resource types within an AWS account, you can configure how each resource type is managed within the platform from the Settings > Topology page.
🔗 View the full policy here.
Learn how to setup Sedai's IAM policy:
Create IAM Policy
IAM Role for Sedai
The Role allows Sedai secure and continuous access to discover resources and detect infrastructure changes. If you plan on adding multiple AWS accounts to Sedai, you will need to generate a unique IAM Role per account.
Learn how to setup Sedai's IAM Role:
Create IAM Role

Permission	AWS Service	Purpose
Read-write	ECS Fargate Lambda EC2	Autonomously executes operations to reduce cost, improve performance, and prevent availability issues. Sedai will only act if feature settings are set to auto-execute within the platform and if the operation passes rigorous safety checks.
Read-only	CloudWatch	Pulls monitoring data for continuous seasonality and performance analysis.
Read-only	X-Ray ELB Kinesis DynamoDB Logs	Informs discovery process to help Sedai understand topology infrastructure.

Setup - Previous

Connect Cloud

Configure IAM

Last modified 3mo ago