Turbonomic SaaS IAM Role Setup

Document created by byemini Expert on Feb 27, 2020Last modified by jacob.bendavid on May 28, 2020
Version 8Show Document
  • View in full screen mode

With the release of our new Turbonomic SaaS offering we've modified the steps to target AWS accounts using IAM Roles. Below is a summary as well as step by step instructions. The Identity Provider and IAM Role need to be created in every AWS account you would like to add as a target to Turbonomic.


Before you proceed, please ensure to obtain the Service Account number from Turbonomic Support, which is required for step 1.5.

Step by Step Instructions: 

Step 1: Create an IAM Role

  1. Access the AWS Identity and Access Management (IAM) console and navigate to the Roles option on the left menu.
  2. Select Create Role
  3. When asked to select the type of trusted entity, select Web Identity
  4. On the Identity provider pulldown, select the Google provider that you just created
  5. In the Audience field, enter the service account number obtained from Turbonomic: for example 11223344556677889900
  6. Click Next
  7. Add the following policies:
    1. AmazonEC2ReadOnlyAccess (Use EC2FullAccess for action automation)
    2. AmazonRDSReadOnlyAccess (Use RDSFullAccess for future action automation, currently not supported) 
    3. AWSOrganizationsReadOnlyAccess
    4. AmazonS3ReadOnlyAccess (only required in Master (payer) account for accessing the cost and usage report) 
  8. Click Next: Tags
  9. Add Tags if required by your organizational IT policies, otherwise, just click Next: Review
  10. On the Review screen, enter the Role Name: TurbonomicSaaSRole
  11. Enter a Role Description. For example, Role to allow the Turbonomic SaaS service access to this account.

  12. Select the Create button
  13. On the list of roles, find the TurbonomicSaaSRole you just created and click the name of the role


Step 2: Obtain the Role ARN  

  1. Select the Role you just created (i.e. TurbonomicSaaSRole)
  2. Copy the Role ARN (top of the screen), you will need it to add the AWS target in Turbonomic


Step 3: Add Target in Turbonomic 

  1. Log in to the Turbonomic SaaS console
  2. Navigate to Settings > Target Configuration
  3. Click the New Target button
  4. Select Cloud Management
  5. Select AWS
  6. On the Add AWS Target screen enter the following:
    Address: enter any text string you would like to identify the account being targeted
    IAM Role ARN: Paste the Role ARN you copied in step 2.2
    Cost and usage report fields: Enter this information, if configured in this account (see this article for more details). This should only be added for your Master (payer) account.
  7. Click the Add button
  8. Confirm the new target is added with a successful result
1 person found this helpful