Manual Setup

This section explains how an Admin can onboard AWS accounts into CloudCADI using the Manual Setup flow.

Step 1 - Configure Data Source for Deployed Account

1. In the Add Data Source tab, select Manual Setup.

   

2. To onboard a CloudCADI-deployed account, enter the AWS Account ID, Account Name and Cost export path.

3. Click Next.

4. CloudCADI validates the cost export path and required permissions.

5. Refer to the AWS Cost & Usage Data Export (FOCUS) for detailed steps.

   

6. Once validation is complete, a confirmation page is displayed. Click Done to create the data source.

   

7. You will be redirected to the Data Sources list page.

   

Step 2 - Configure Cross-Account Setup

1. To onboard a cross-account setup, enter the AWS Account ID, Account Name and Cost export path, then follow the stack deployment steps mentioned below.

2. Click Download CloudFormation Template.

   

Step 3 - Deploy CloudFormation Stack

1. After downloading the script, go to the AWS Console for the respective account, navigate to the CloudFormation service, and create a stack with new resources.

   

2. Select Choose an existing template.

3. Then select Upload a template file.
4. Click Choose file and upload the downloaded script.

5. Click Next.

   

6. Enter the Stack name and S3BucketName.

7. Click on Next.

   

8. Enter the tag key and tag value.

9. Click Next. The Review page appears. Review the details, and click Submit.

   

   

10. Review and click Submit and It'll take up to 5 minutes to finish the resource creation.

Step 4 - Complete Cross-Account Onboarding

1. Once the stack has been created successfully, go to the Outputs tab. Copy the Role ARN

   

2. Paste the Role ARN in Enter the Role ARN to be assumed obtained during stack creation and click Confirm.

   

3. Once validation is complete, a confirmation page is displayed.

4. Verfiy the details and Click on Done to complete account creation.

   

5. You will be redirected to the Data Sources list page.

6. Confirm that the created AWS account appears in the list.

   

Troubleshooting

• Create Cost & Usage Data Export in AWS Management Account (recommended).
• If onboarding fails due to cost export path validation, check the S3 bucket policy.
• Existing bucket permissions can be reused for additional accounts.

Update S3 Bucket Policy

1. In the AWS Console, navigate to the S3 bucket configured for cost export path.

   

2. Go to the Permissions tab and click Edit.

   

3. Add the following statement to the existing bucket policy and click Save changes.

   {
     "Effect": "Allow",
     "Principal": {
       "AWS": "<ROLE_ARN>"
     },
     "Action": [
       "s3:GetObject",
       "s3:ListBucket"
     ],
     "Resource": [
       "arn:aws:s3:::<BUCKET_NAME>",
       "arn:aws:s3:::<BUCKET_NAME>/*"
     ]
   }
   

Tip

• Replace <ROLE_ARN> with the Role ARN obtained during stack creation.
• Replace <BUCKET_NAME> with your S3 bucket name.

Warning

Do not remove existing statements in the bucket policy. Only add the above statement.