Skip to Content
IntegrationsCloud Node IntegrationAWSAdvanced Setup

Advanced Setup
Available in v1.15.7+

AWS Node Integration Setup

IAM Permissions

IAM role and policy granting ScaleOps read access to your CUR bucket.

Launch CloudFormation (or Download Template / Preview)

Fill in the following parameters: externalID, policyName, roleName (reference)

Settings

The External ID is a unique, fixed value tied to your account. It is used to securely assume the read-only IAM role you create. The value can be found in Cloud Integration under the Settings page.


Settings

ScaleOps Setup

Helm Install

Install ScaleOps Helm Chart with the following values (reference):


cloudNodeIntegration:
  aws:
    enabled: true
    roleName: <ROLE_NAME>
    # roleArn: ""       # Optional, default: "arn:aws:iam::<account-id>:role/<role-name>"
    # accountID: ""     # Optional, will auto discover if not provided
    # region: ""        # Optional, will auto discover if not provided

Verify Integration

Navigate to Cloud Integration under the Settings page, and verify ScaleOps is integrated successfully.


Settings

Reference

Helm Parameters

KeyDescriptionDefault
enabledEnable integrationfalse
roleNameName of the IAM role that grants ScaleOps read-only permissions (from this step)scaleops-node-integration-access-role
roleArnIAM role ARN that grants ScaleOps read-only permissions""
accountIDThe AWS account ID that the setup is in""
regionThe AWS region that CUR was setup in""

Using External Secret

Run helm template with correct values of the AWS billing integration to retrieve secret definition:

helm template ... --show-only templates/cloud_node_integration_settings_secret.yaml

Store the secret data from the helm template output on your secret provider, and reference it using External Secrets:

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: scaleops-cloud-node-integration-settings
  namespace: scaleops-system
spec:
  secretStoreRef:
    name: SECRET_STORE_NAME # Replace with your secret store name
    kind: ClusterSecretStore # Replace with your secret store kind
  target:
    name: scaleops-cloud-node-integration-settings
    template:
      data:
        settings: "{{ .aws_integration_config }}"
  data:
    - secretKey: aws_integration_config
      remoteRef:
        key: path/to/secret # Replace with your secret path

If you use this approach, do not include cloudNodeIntegration.aws values in your helm values file.

Update PermissionsTerraform Setup