Skip to main content

Connect your AWS account to Holori

To retrieve your billing info and understand your infrastructure, Holori needs to be granted an access to your AWS account. This procedure is made in full compliance with AWS's access rules. We will guide you step by step through this configuration process.

In Holori App, click on your username at the bottom left of the page, then select the ""Integrations" tab and click on "+Connect now" under the AWS logo.

info

You must first define which feature you want to use bewteen cost visibility and diagrams To get both costs visibility and diagrams, we recommend starting with the costs visibility connections.

Screenshot

Your goal is: AWS Cost visibility

Video demo

Step by step procedure:

Step 1: Use CloudFormation

Connect Holori via CloudFormation to your root account using this link: https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://holori-marketplace.s3.us-east-1.amazonaws.com/cloud_formation_templates/template.yaml&stackName=Holori&param_HoloriRoleExternalID=undefined

Screenshot

In a few clicks, CloudFormation creates all the required permissions.

At the bottom of the page on AWS console don't forget to tick the last box before clicking on "Create stack" and wait a few minutes.

Screenshot

Step 2: Get the ARN

Once the stack status is Create complete, go to Outputs on the right side and copy the ARN.

Screenshot

Paste the ARN in the corresponding field on Holori App.

Screenshot

Prerequisite

Holori will generate a CUR that includes only the past 2 months of historical data from the creation date. To view up to 38 months, we can temporarily use Cost Explorer in addition.

A toggle on the account integration page allows you to activate or deactivate the Cost Explorer option.

Screenshot

Please note that using Cost Explorer is a temporary solution — we suggest contacting AWS to backfill historical CUR data. Reach out to us in the chat for more details.

Step 3 : Enable cost retrieval from your AWS account

Cost Explorer

Enable Cost Explorer: https://console.aws.amazon.com/cost-management/home Then navigate to Cost Management preferences, and to the Cost Explorer tab. Make sure that the following configuration is selected:

  • Enable Historical data up to 38 months
  • Resource level data at daily granularity (up to 14 days)

Cost Optimization Hub

AWS Cost Optimization Hub must be activated: In the navigation panel, go to Cost Optimization Hub: https://console.aws.amazon.com/cost-management/home

AWS Compute Optimizer

AWS Compute Optimizer must be activated. Make sure you opted in: https://console.aws.amazon.com/cost-management/home

Once you have performed all the steps above, on Holori App, click Save at the bottom of AWS integration page. Your account will be synchronized in the following minutes. Go grab a coffee and start exploring your cost and infra.

Your goal is: AWS Diagrams

Video demo

Step by step procedure:

Step 1:Create a cross account on the AWS console

  1. On the AWS integration page, select the "Diagrams" option

  2. Below, click on the "AWS IAM Console" link. A new tab will open redirecting you to the AWS console login page (or the role creation page directly if you are already logged in).

Alternatively, use this link: https://console.aws.amazon.com/iamv2/home#/roles/create?awsAccount=112070389366&externalId=f97fd11c-3fcc-4c28-bcf4-b327179915c2&policies=arn%3Aaws%3Aiam%3A%3Aaws%3Apolicy%2FReadOnlyAccess&isThirdParty=true&step=review&trustedEntityType=AWS_ACCOUNT

  1. You will be redirected to the “create role page”on AWS. Holori will have already pre-filled information. All you need to do is to double check the fields.

The information are the following :

Trusted entity type : AWS Account Account ID : 112070389366 Checkbox for Require external ID: checked A unique external ID is auto generated and filled and should match the one from the Holori app Checkbox for MFA option: unchecked

The information follows AWS best practices and security recommendations.

  1. Click next,

Step 2: Verify the new policy

  1. On the second page make sure that: "ReadOnlyAccess" permission is selected

  2. Click next,

Step 3: Name and Create role

On the third and last page :

  1. Give the name "holori" to this role

  2. In “Step 2 : Add permissions” you can check once again the permissions and it should be : “ReadOnlyAccess”.

Screenshot

  1. Now click on "Create role" at the bottom of the page.

Congratulations, your AWS role should now be created.

Step 4 : Add the cross account role to Holori app

  1. Give a name to your provider account, this name will be used to identify it in Holori software.

  2. Copy your ARN and come back to the Holori tab to paste it.

Screenshot

Once you have performed all the steps above, on Holori App, click Save at the bottom of AWS integration page. Your account will be synchronized, it can take up to a few hours for the initial diagram to be generated.