Cloud Cruiser became HPE Consumption Analytics on Nov. 1, 2018. You'll still see the old name in places while we update this site.



Consumption Analytics Documentation

Home > HPE Consumption Analytics Portal Documentation > Configuring the HPE Consumption Analytics Portal > Creating Collections > Amazon Web Services > AWS permissions needed by the HPE Consumption Analytics Portal

AWS permissions needed by the HPE Consumption Analytics Portal

This article is a detailed list of credentials and permissions that you set up in your Amazon Web Services (AWS) accounts to give HPE Consumption Analytics Portal the ability to collect data and, in limited cases, make changes for you.

For each AWS user to which you grant these permissions, you must provide an access key ID and a secret key to HPE Consumption Analytics Portal.

Usage and cost data

The permissions in this section are needed for HPE Consumption Analytics Portal to collect detailed billing reports, which are the primary source of the data you see in reports and analytics.

The following permissions are required on the billing (payer) account for each AWS collection that you create. You cannot create a collection without them.

Because you enter the credentials for usage and billing data into HPE Consumption Analytics Portal separately from credentials for other access, you can use separate AWS user accounts for these two purposes.

Specific user permissions needed
  • Access to billing information on the account from which HPE Consumption Analytics Portal will collect usage and billing information. If you use consolidated billing, this is the payer account.
  • The Amazon S3 Read Only policy. If you do not want this policy to provide access to all S3 buckets, you can restrict it to the bucket where this account's detailed billing reports are placed. For the JSON version of the Amazon S3 Read Only policy, see Amazon S3 Read Only in the AWS documentation.

Utilization and other metrics

The permissions in this section are needed for HPE Consumption Analytics Portal to collect resource utilization, application performance, and operational health data available through the Amazon CloudWatch service. This not only provides richer reporting, but also enables Insights to alert users to take action based on these metrics, such as when a resource is underutilized.

Specific user permissions needed

For each applicable account, the CloudWatchReadOnlyAccess policy. If this policy does not exist in your cloud, you must create a role with the CloudWatch Read Only policy.  

For the JSON version of the CloudWatch Read Only policy, see CloudWatch Read Only in the AWS documentation. 

For general information about IAM roles, see Managing IAM Roles in the AWS documentation

Last modified


This page has no custom tags.


This page has no classifications.