Preparing Your AWS Account


For CloudCheckr to monitor your AWS account, you must perform the following actions in order:

  • grant access to CloudCheckr using an AWS role for cross-account access
  • enable detailed billing reports
  • enable tags for cost reports

This topic shows you how to complete each procedure to ensure your AWS account is prepared accurately prior to your CloudCheckr deployment.

Creating a Cross-Account Access Role

A cross-account access role provides you with control and visibility into all the users and roles within your deployment.

You can use AWS CloudFormation to perform the process automatically or you can create the role manually.  While the CloudFormation method is the fastest, the manual method, Set Up Your IAM Role for Cross-Account Access, is a good option if you are new to the AWS environment.


After you create your cross-account access role, you must enable billing reports to ensure your Detailed Billing Report is written to the proper S3 bucket and it is accessible to CloudCheckr. CloudCheckr utilizes your AWS Detailed Billing Reports to generate your cost reports.

See Procedure...

  1. Login to the AWS Console.
  2. In the top-right corner of the AWS console, click on your username and from the fly-out menu, select My Billing Dashboard.
  3. The Billing & Cost Management Dashboard opens.

  4. From the Dashboard, click Preferences.
  5. The Preferences page opens.

  6. Select the Receive Billing Reports checkbox and click Save preferences.
  7. To receive billing reports you have to choose the S3 bucket where they will be stored. You must enter the name of an S3 bucket. If you have not created an S3 bucket:
    • Go to the S3 service section in the AWS Console.
    • Type the exact name of the bucket within the Save to S3 Bucket text field.
    • Edit the S3 bucket properties and add a permission policy granting AWS access to publish your reports.

  8. Click the sample policy beneath the bucket name where it reads, Note: You must apply appropriate permissions to your S3 bucket sample policy.
  9. A popup message will display the permissions policy AWS needs to add the files to your S3 bucket.

  10. Copy the entire policy.
  11. From the menu at the top of the page, click Services and select S3.
  12. Locate the S3 bucket added to billing preferences as the billing bucket and click the magnifying glass icon to its left to see the list of properties for that bucket.
  13. Expand Permissions and click the Edit bucket policy button.
  14. Paste the sample policy that we copied from the billing permissions here.
  15. Save your changes.
  16. Return to the Preferences page.
  17. Scroll down and choose which Billing Reports to receive.
  18. Note: We highly recommend that you select Detailed billing report with resources and tags. If you only select Detailed billing report, we will not be able to show your bill by resources.

    To get the most out of CloudCheckr, we recommend that you enable all reports.

  19. Save these changes.
  20. Note: It can take a few days for AWS to build these reports. Once they are available within AWS, CloudCheckr will use the data to build your cost reports.


Once you have enabled detailed billing reports, you can enable the tags you will use with your cost reporting (if applicable to your deployment).

See Procedure...

  1. Login to the AWS Billing & Cost Management Console.
  2. Click Preferences.
  3. Scroll down to the Report section, and click the Manage report tags link under the report list.

  4. The Cost Allocation Tags page opens.

  5. Select the tag keys you want added to the Cost Allocation report.
  6. Save your changes.

Note: It can take a few days for AWS to add the tag costs to your billing reports. Once they are available within AWS, CloudCheckr will use the data to build your cost reports.