本文描述了AWS相關的調研功能,用戶所提供的信息使用方式的說明以及安全保證。
AWS遷移成本評估
對于AWS的AK/SK調研方式,需要您提前打開AWS Cost Explorer服務,并確保提供的賬號擁有如下權限:
arn:aws:iam::aws:policy/AWSBillingReadOnlyAccess
arn:aws:iam::aws:policy/Billing
arn:aws:iam::aws:rds/DescribeDbInstances由于需要使用AWS的SDK(GetCostAndUsageRequest/Response)訪問您的賬單接口,可能會產生接口讀調用帶來的相關費用。同時,需要授權RDS的只讀權限,來訪問RDS的配置信息,以推薦阿里云上合適的RDS規格。
CMH不會記錄或存儲您的敏感信息(如AK/SK),您填寫的密鑰信息只會被使用在當次任務。
AWS在線調研
在線AWS調研需要您提供一個AWS的賬號來獲取您的云資源列表,該賬號需要擁有所有云資源的讀權限。AWS 提供一個只讀的系統策略,您可以直接用該策略進行授權:
arn:aws:iam::aws:policy/ReadOnlyAccessAWS在線調研支持的資源類型和使用的相關API參考文檔:AWS采集字段明細。如果您希望提供更小的權限策略,您可以參考AWS只讀權限脫敏。
同樣,CMH不會記錄或存儲您的敏感信息(如AK/SK),您填寫的密鑰信息只會被使用在當次任務。
在線調研使用的相關API參考
支持的資源 | 使用的API | 使用的client |
EC2 | DescribeInstancesRequest/Response,DescribeInstanceTypesRequest/Response,DescribeImagesRequest/Response | Ec2Client |
NAT | DescribeNatGatewaysResponse | Ec2Client |
安全組 | DescribeSecurityGroupsResponse,DescribeSecurityGroupRulesIterable | Ec2Client |
VPC | DescribeVpcsResponse | Ec2Client |
可用區 | DescribeAvailabilityZonesResponse | Ec2Client |
負載均衡 | DescribeTargetGroupsResponse,DescribeInstancesResponse,DescribeLoadBalancersResponse,DescribeTagsRequest/Response | ElasticLoadBalancingV2Client,Ec2Client |
RDS | DescribeDbInstancesRequest/Response, | RdsClient |
ElastiCache | DescribeCacheClustersResponse,DescribeCacheSubnetGroupsResponse,ListTagsForResourceRequest/Response | ElastiCacheClient |
S3 | ListBucketsResponse,ListObjectsV2Request/Response,GetBucketTaggingRequest/Response,GetPublicAccessBlockRequest/Response,GetBucketLifecycleConfigurationRequest/Response,GetBucketReplicationRequest/Response,ListBucketInventoryConfigurationsRequest/Response | S3Client |
ElastiCache | DescribeCacheClustersResponse,DescribeCacheSubnetGroupsResponse,ListTagsForResourceRequest/Response | ElastiCacheClient |
DocumentDB | DescribeSecurityGroupsResponse,DescribeDbClustersResponse,ListTagsForResourceRequest/Response, | DocDbClient,Ec2Client |
ES | DescribeCacheClustersResponse,DescribeCacheSubnetGroupsResponse,ListTagsForResourceRequest/Response | ElastiCacheClient |
KAFAKA | DescribeSecurityGroupsResponse,ListClustersV2Request/Response, | KafkaClient,Ec2Client |
SECURITY_GROUP_RULE | DescribeSecurityGroupRulesRequest/Response,DescribeSecurityGroupRulesIterable | Ec2Client |
OLAPDB | DescribeClustersResponse, | RedshiftClient |
Eks | ListClustersRequest/Response,DescribeClusterRequest/Response | EksClient |
GlobalAccelerator | ListAcceleratorsRequest/Response, | GlobalAcceleratorClient |
Athena | ListDataCatalogsRequest/Response,ListDatabasesRequest/Response,ListTableMetadataRequest/Response | AthenaClient |
Lambda | ListFunctionsRequest/Response,GetFunctionRequest/Response, | LambdaClient |
CloudFront | ListDistributionsResponse,ListTagsForResourceRequest/Response, | CloudFrontClient |
MQ | ListBrokersResponse,DescribeBrokerRequest/Response, | MqClient |
SQS | ListQueuesRequest/Response,GetQueueAttributesRequest/Response,ListQueueTagsRequest/Response | SqsClient |
AutoScaling | DescribeAutoScalingGroupsRequest/Response | AutoScalingClient |
EIP | DescribeAddressesResponse | Ec2Client |