Overview

CloudFix can import an entire AWS Organization with a few clicks. This article outlines the steps required to connect CloudFix to your AWS Organization and the resources that are created by the Cloud Formation stack.

Solution

1. Login to your CloudFix account.
2. If you are logging in for the first time or haven't connected an AWS Organization yet, then you will be directly taken to the step to connect the AWS Organization.
3. Click on Onboard your AWS Organization
4. Click on Sign in to your root AWS account. Follow the on-screen instructions.
5. Allow for some time to retrieve the Organizational Units list.
6. Select the Organizational Unit to be connected to CloudFix, and click on Allow read access
7. Allow for up to 24 hours to provide the first set of recommendations.

Resources Created by the Cloud Formation Stack

The CloudFix Cloud Formation stack creates two IAM roles in your account that are assumed by CloudFix. These roles are used to find recommendations and apply fixes.

1. The Finder role is used to monitor resource usage and identify cost-savings opportunities. This includes permissions to APIs such as ec2:DescribeVolumes, config:DeliverConfigSnapshot, and cloudwatch:GetMetricData.
2. The Fixer role is used to safely automate and orchestrate cost optimization changes. This includes permissions such as ec2:ModifyVolume, ec2:ModifyInstanceAttribute, and dlm:CreateLifecyclePolicy.

If you’d like to explore what’s in the CloudFormation template, you can check the Template files. Note that both roles include permissions that will be used in forthcoming releases which include additional cost savings optimizations.