Skip to main content

Permissions Needed to Link AWS to Stax Cost & Compliance

warning
This module is being shut down in March 2025. See Shutdown of Cost and Compliance Modules for more information.
note

This guidance assumes you're subscribed to only the Stax Cost & Compliance module. If your AWS accounts are Stax-managed, Stax takes care of this for you.

Stax accesses your AWS metadata using AWS best practices, as described here. This access is provisioned using a CloudFormation template that creates the IAM Role Stax needs.

To deploy this stack, your identity in AWS needs permission to create this stack in AWS. Specifically:

  • cloudformation:CreateStack
  • iam:CreateRole
  • iam:CreatePolicy
  • iam:AttachRolePolicy

If your IAM credential has the AdministratorAccess managed policy attached, then these are included.