Score:0

AWS budget cannot do stop RDS action

bt flag

I do not want to create an IAM user: I am logged in as root in AWS console.

How can I create a role such that my RDS instance stops on budgeted amount?

I do always get the error when I configure a budgeted RDS action:

Budgets permission required to assume [ExecutionRole: arn:aws:iam::351811911299:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor]. Please follow the instruction to grant assumeRole access to [Service Principal: budgets.amazonaws.com].
Leder avatar
bt flag
this is the third place I post my question: no crosspost! plz do not delete unanswered!
Tim avatar
gp flag
Tim
You create a role with appropriate permissions. Based on your question though I suspect you are a beginner with AWS, as no-one with experience will use the root user. Suggest you get some training in AWS basics, then in AWS security, if you want to continue to use AWS. To answer your question have a read of this blog post https://aws.amazon.com/blogs/aws-cost-management/get-started-with-aws-budgets-actions/
Leder avatar
bt flag
thanx for the link. BTW I am proficient in S3 and RDS: the management console is there to support the user not the other way round! Do you have a link for IAM creation with full rights?
Tim avatar
gp flag
Tim
Create an IAM user and attach the administrator policy - easy :) The AWS security training is really interesting, even after years using AWS and having architect pro certification I learned a lot that has been really practical especially around IAM.
Leder avatar
bt flag
thank you for the heads up: though the budgeting answer from support was not that easy...
Tim avatar
gp flag
Tim
AWS is a complex enterprise environment, not a simple web host, anyone using it really needs to be trained as there are gotchas and security issues. In AWS terms the answer from support was trivial, it'd take me about 2 minutes, but I've been doing AWS for many years.
Leder avatar
bt flag
OK: I learned the basic concepts. Budgets seem to be more useful than cloudwatch and service quotas...
Score:0
bt flag

I have answer from AWS support:

You can follow these steps to create the correct policy first:

  1. Go to the IAM Dashboard and to the Policies section: https://console.aws.amazon.com/iam/home?region=us-east-2#/policies
  2. Click on "Create Policy"
  3. In the Visual Editor section, select Service as RDS >> Actions as All Actions >> Resources as All Resources
  4. Click on Next
  5. Add Tags if needed, then on Next: Review
  6. Give a Policy name
  7. Click on Create Policy

This created the needed policy for the Budget action, now let's go to the IAM Role Creation.

  1. Go to the IAM Dashboard and to the Roles section: https://console.aws.amazon.com/iam/home?region=us-east-2#/roles
  2. Click on "Create Role"
  3. Under the AWS Services section, select "Budgets"
  4. Click on Next: Permissions
  5. Find the policy with that was created, with the steps mentioned above, with the name >> Next
  6. Add Tags if needed, then on Next: Review
  7. Give a name for the Role
  8. Click on Create Role

You can refer to these public documentations:

  1. To create IAM policy: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-and-attach-iam-policy.html
  2. To create IAM role: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html#roles-creatingrole-service-console

You now have the IAM Role needed for the Budget actions.


Upon checking the error you are receiving: Budgets permission required to assume [ExecutionRole: arn:aws:iam: 351811911299 :role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor]. Please follow the instruction to grant assumeRole access to [Service Principal: budgets.amazonaws.com].

It seems that you are trying to add a different role for the Budget action. Now that you have the correct IAM role and policy created, you can follow these steps to create a Budget action:

  1. Go to the Budgets section of the Billing Dashboard: https://console.aws.amazon.com/billing/home?region=us-east-2#/budgets
  2. Please follow this documentation to add the previously created policy to a new budget: https://aws.amazon.com/blogs/aws-cost-management/get-started-with-aws-budgets-actions/
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.