Learn how to connect your AWS account and start optimizing your cloud costs.
What you'll need: Access to your AWS Console with permission to create IAM users. This process takes about 5-10 minutes.
To analyze your AWS costs, CloudK needs read-only access to your AWS account. We'll guide you through creating a secure IAM user with minimal permissions.
Sign in to AWS Console
Go to console.aws.amazon.com
Navigate to IAM
In the search bar at the top, type IAM and click on "IAM" under Services.
Go to Users
In the left sidebar, click "Users", then click the "Create user" button.
Name your user
Enter a username like cloudk-readonly
Do NOT check "Provide user access to the AWS Management Console" - this user only needs programmatic access.
Click "Next"
Select "Attach policies directly"
Create a custom policy (Recommended)
Click "Create policy" to open a new tab. Select the "JSON" tab and paste this policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CloudKReadOnly",
"Effect": "Allow",
"Action": [
"ce:GetCostAndUsage",
"ce:GetCostForecast",
"ce:GetReservationUtilization",
"ce:GetSavingsPlansUtilization",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots",
"ec2:DescribeAddresses",
"rds:DescribeDBInstances",
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Resource": "*"
}
]
}Name the policy
Click "Next", then name it CloudK-ReadOnly-Policy and click "Create policy".
Attach the policy to your user
Go back to the user creation tab, click the refresh button, search for CloudK-ReadOnly-Policy, check the box, and click "Next".
Create the user
Review the settings and click "Create user".
Click on your new user
In the IAM Users list, click on cloudk-readonly.
Go to Security credentials tab
Click the "Security credentials" tab.
Create access key
Scroll down to "Access keys" and click "Create access key".
Select use case
Choose "Third-party service", check the confirmation box, and click "Next".
Add description (optional)
Enter CloudK cost monitoring and click "Create access key".
Important: Save your keys!
You will see your Access Key ID and Secret Access Key. Copy both of these now - the Secret Access Key will only be shown once!
Go to your CloudK Dashboard
Navigate to your dashboard
Click "Connect AWS Account"
Enter your credentials
Paste your Access Key ID and Secret Access Key from the previous step.
Select your AWS Region
Choose the primary region where your AWS resources are located (e.g., us-east-1).
Click "Connect Account"
We'll verify your credentials and start analyzing your AWS costs!
You're all set! CloudK will now analyze your AWS costs and provide optimization recommendations.
CloudK only requests read-only permissions. We cannot modify, delete, or create any resources in your AWS account.
Your AWS credentials are encrypted using AES-256 encryption before being stored. We never store credentials in plain text.
We recommend creating a dedicated IAM user for CloudK. This allows you to easily revoke access at any time without affecting other services.
AWS recommends rotating access keys every 90 days. You can update your keys in CloudK settings at any time.