Skip to main content
Skip table of contents

Step-2: Create an IAM role for Mavvrik

Mavvrik supports both types of AWS authentications

  1. Roles

  2. Users

Role-based access is generally considered to be more secure than user-based access, as it allows organizations to control access to resources and functions based on defined roles and responsibilities. We recommend using roles over individual users

Roles

  1. Login to AWS Member account you’re trying to onboard as an Administrator if not already logged in. And navigate to IAM service using AWS search bar.

  2. On a IAM Console, Select Roles from the left menu, and click Create role. One the create role screen please select the configuration as follows

a. Trusted entity type: AWS Account

b. An AWS account: Choose Another AWS account and fill in the account number as 911403356698

c. External ID: In this field, please put the Tenant ID for your Mavvrik account. To get the tenant id follow instructions outlined in this page Retrieve the Tenant Id

d. Click Next

  1. Click Next, on next screen for permissions, Choose 'AWS Managed - job function' in the filter . Search and select the listed policies below.

  • ReadOnlyAccess

  • ViewOnlyAccess

image-20250320-065046.png

Choose 'AWS Managed in the filter. Search and select the listed policies below.

  • IAMReadOnlyAccess

  • CloudWatchReadOnlyAccess

  • ComputeOptimizerReadOnlyAccess

  • AWSOrganizationsReadOnlyAccess

  1. Click Next again & on a final page, enter a name to the role & click Create role

  2. Search for the newly created role

  3. Click on Add permissions → Create inline policy.

    image-20250320-065313.png

  4. Search for Cost Explorer Service

  5. Click on Write → StartSavingsPlansPurchaseRecommendationGenerationNext

    image-20250320-065505.png

  6. Enter the policy name.

  7. Click onCreate policy.

image-20250320-065539.png

  1. Once the role is created, please note the ARN of a role, which will be required in the next step.

image-20250320-065649.png

Users

  1. Login to AWS Member account you’re trying to onboard as an Administrator if not already logged in. And navigate to IAM service using AWS search bar.

  2. On a IAM Console, Select Users from the left menu

  1. Click on Create User

  1. Enter the Username & click Next.

  1. Select Attach policies directly, on next screen for permissions, please choose 'All Types' in the filter and select the listed policies below.

  • ReadOnlyAccess

  • ViewOnlyAccess

  • IAMReadOnlyAccess

  • CloudWatchReadOnlyAccess

  • ComputeOptimizerReadOnlyAccess

  • AWSOrganizationsReadOnlyAccess

  1. Click Next again & on a final page, give a name to the role & click Create user

  2. Once the user is created, please click on the user to create a Secret Key

  3. Go to Security Credentials tab & Click on Create Access Key

  4. Select Application running outside AWS & Click on Next

  5. Click on Create access key.

  1. Secret Key will get generated.

  2. Copy the Access Key & Secret Key which will be required in the next step.

  1. Open newly created user

  2. Click on Add permissions → Create inline policy.

  1. Search for Cost Explorer Service

  2. Click on Write → StartSavingsPlansPurchaseRecommendationGenerationNext

  3. Enter the policy name.

  4. Click onCreate policy.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close