Periodically, you will be required to update the IAM Role Stax uses to access your account for the purpose of acquiring cost and compliance information.
This guidance assumes you're subscribed to only the Stax Cost & Compliance module. If your AWS accounts are Stax-managed, Stax takes care of this for you.
If you're unsure how to do this, please raise a support case to speak with Stax's support team.
Before You Begin
- Estimated time to complete: 10 minutes
- Ensure you are a member of the Admin role in Stax
- You need permissions in your AWS accounts to deploy and update CloudFormation stacks
- Depending on your AWS account setup, you may need to run this on one or on many different accounts.
Update the IAM Role
For each account with the Cost & Compliance IAM role, you must:
- Log in to the AWS console
- Navigate to the CloudFormation console, and choose the region you originally deployed the Cost & Compliance IAM role into
- Locate the stack, typically named similar to stax-iam-role
- Open the given stack and choose Update Stack
- When prompted to choose a template, select Specify an Amazon S3 Template URL then choose the appropriate template:
- For organization management accounts: stax-iam-role-billing-cfn.json
- For member accounts: stax-iam-role-service-cfn.json
- Choose Next
- Leave the existing values as-is, then choose Next
- Choose Next again on the Options page
- Place a check in the I acknowledge that AWS CloudFormation might create IAM resources checkbox then choose Update
The stack may take a few minutes to update, but will eventually transition to the UPDATE_COMPLETE status, at which point the new IAM role will have been deployed.