Skip to main content

Permissions Needed to Link AWS to Stax Cost & Compliance

note

This guidance assumes you're subscribed to only the Stax Cost & Compliance module. If your AWS accounts are Stax-managed, Stax takes care of this for you.

Stax accesses your AWS metadata using AWS best practices, as described here. This access is provisioned using a CloudFormation template that creates the IAM Role Stax needs.

To deploy this stack, your identity in AWS needs permission to create this stack in AWS. Specifically:

  • cloudformation:CreateStack

  • iam:CreateRole

  • iam:CreatePolicy

  • iam:AttachRolePolicy

If your IAM credential has the AdministratorAccess managed policy attached, then these are included.