You can use the AWS CLI to apply our required IAM resources into your AWS account. We've provided some helpful scripts that do everything for you!
Our IAM role should ideally be set up in every AWS account you have. If that’s not feasible, then please apply it to your master payer account and your largest (by spend) accounts.
You'll need the AWS CLI installed and configured for your target AWS account. Your AWS user will need to have privileges to create IAM roles and policies in your target account.
From this directory, create the IAM role and policies via our role creation script:
$ make create
The script will prompt you for a couple of required parameters:
Customer Name Slug: This is a short, lower-case slug that identifies your company, e.g. acme-corp. Duckbill Group provided this to you in the Client Onboarding Guide.
CUR S3 Bucket Name: The name of the S3 bucket in which you are storing Cost and Usage Reports. If you haven't set up Cost and Usage reports in your master payer account yet, talk to us before applying this role.
External ID: The External ID used when Duckbill assumes the role. Duckbill Group provided this to you in the Client Onboarding Guide.
After we've completed our engagement, you can delete our IAM role and policy resources from your AWS account:
$ make delete
If you prefer or need to use the AWS console, you can delete the resources manually.
Log into the AWS console,
- navigate to
IAM > Policiesand delete theDuckbillGroupBillingpolicy - navigate to
IAM > Policiesand delete theDuckbillGroupResourceDiscoverypolicy - navigate to
IAM > Policiesand delete theDuckbillGroupCURIngestPipelinepolicy - navigate to
IAM > Rolesand delete theDuckbillGroupRolerole
We lint our shell scripts with shellcheck, which runs in CI on every PR. If you have shellcheck installed locally, you can run the linter:
$ make lint