Automation for AWS services

CloudCADI helps you efficiently clean orphaned AWS resources and create ECR lifecycle policies directly from your AWS console.

Automation integration permission set up has 2 options:

• CloudFormation : Uses a stack to manage required permissions automatically.
• IAM role : Uses an existing role with permissions.

Note

• Use only one of the following approaches. These approaches must not be combined.

CloudFormation

• CloudFormation automates permission setup by creating the required IAM policies using a template.

Step 1 - Ceate CloudFormation template

1. To enable automation, navigate to Settings → Integration → Automation and click Enable.

2. Choose CloudFormation

3. Toggle on the services for which automation permissions are required. Only selected services will be included in the CloudFormation template.

4. Click Download CloudFormation template button

5. Click Create stack and click With new resources(standard)

6. Click Choose an existing template → Upload a template file → Choose a file → Next.

7. Enter the name - CloudCADIAutomationStack and click Next

8. Enter the tag key and tag value.Click Next.

9. Review the details, and click Submit.

10. Stack will be created and The permission will be attached to the IAM role.

11. Click Save after permission setup to activate automation for enabled services.

Step 2 - Update CloudFormation template

1. To enable automation, navigate to Settings → Integration → Automation and click Enable.

2. Choose CloudFormation

3. Toggle services on or off for which additional automation permissions are required. Only the selected services will be included in the CloudFormation template.

4. Click Download CloudFormation template button , which will have the updated template.

5. Select the existing stack -CloudCADIAutomationStack and click Update Stack → Make a direct update.

6. In the update stack click Replace existing template → Upload a template file → Choose a file → Upload the updated CloudFormatiion template → Next.

7. Click Next and Enter the tag key and tag value.Click Next.

8. Review the details, and click Submit.

9. Stack will be Updated and The permission will be attached to the IAM role.

10. Click Save after permission setup to activate automation for enabled services.

IAM role

• The IAM Role setup allows manual control over permissions by attaching a generated policy to an existing IAM role.

Step 1 - Create IAM policy

1. To enable automation, navigate to Settings → Integration → Automation and click Enable.

2. Choose IAM role

3. Enable the toggle for each required service to generate the corresponding IAM permissions.Use select all if you want to enable all the automation services.

4. Copy the generated policy JSON

5. Select the IAM role and Click Add permission → Create inline policy

6. In the Specify permissions switch to JSON and then paste the copied policy JSON and click Next.

7. Enter the name - CloudCADIAutomationPolicy and click Create Policy, policy will be attached for the IAM role.

8. Click Save after permission setup to activate automation for enabled services.

Step 2 - Update IAM policy

1. To enable automation, navigate to Settings → Integration → Automation and click Enable.

2. Choose IAM role

3. Enable or disable service toggles to generate updated IAM permissions. Use Select All to enable all services, then copy the policy JSON.

4. Select the IAM role and Select the exiting policy - CloudCADIAutomationPolicy and click Edit.

5. In the Modify permissions switch to JSON and then paste the copied policy JSON and click Next.

6. Review and click Save Changes, policy will be updated for the IAM role.

7. Click Save after permission setup to activate automation for enabled services.