AWS Integration

Stackbooster.io integrates with your AWS environment to optimize Kubernetes clusters running on Amazon EKS. This guide explains the integration process, required permissions, and security considerations.

Integration Methods

Stackbooster.io offers three methods to connect with your AWS account:

1. CloudFormation (Recommended)

The easiest and most secure way to integrate:

1. Navigate to "Settings" > "Cloud Integrations" in your Stackbooster.io dashboard
2. Click "Add AWS Account"
3. Select "CloudFormation Quick Setup"
4. Click "Launch Stack" to open the AWS CloudFormation console
5. Review the template parameters (no changes needed for standard setup)
6. Acknowledge the IAM resources creation
7. Click "Create stack"
8. Wait for the stack creation to complete (typically 2-3 minutes)
9. Return to Stackbooster.io where the connection will be automatically verified

2. Manual IAM Role Creation

For organizations that require manual review of all IAM changes:

1. In your AWS account, navigate to IAM > Roles
2. Create a new role with the "Another AWS account" trust relationship
3. Enter the Stackbooster.io AWS account ID: 123456789012
4. Add the external ID shown in your Stackbooster.io integration page
5. Attach the following AWS managed policies:
   • AmazonEKSClusterPolicy
   • AmazonEC2ReadOnlyAccess
6. Create and attach a custom policy using the JSON template provided in your Stackbooster.io dashboard
7. Note the ARN of the created role
8. In Stackbooster.io, choose "Manual IAM Setup" and enter the role ARN

3. AWS Access Keys (Not Recommended for Production)

For testing or development purposes only:

1. Create an IAM user with programmatic access
2. Attach the required policies as described in the manual IAM role creation
3. Generate access keys for the user
4. In Stackbooster.io, choose "Access Key Setup" and enter the access key and secret

Required Permissions

Stackbooster.io requires the following permission sets to operate effectively:

Read-Only Permissions

These permissions allow us to analyze your infrastructure without making changes:

• EC2 instance details and metrics
• EKS cluster configuration
• CloudWatch metrics and logs
• Pricing information
• Resource tagging
• Auto Scaling group configurations

Write Permissions (Optional but Recommended)

These permissions enable full optimization capabilities:

• Modify Auto Scaling groups
• Start/stop EC2 instances
• Update EKS node groups
• Create and modify resource tags

Limiting Scope

You can limit Stackbooster.io's access to specific resources:

1. When creating the IAM role, add condition statements to restrict access by:

   • Region
   • Resource tags (e.g., only manage clusters with tag Stackbooster-Managed: true)
   • Resource naming patterns

2. Example condition to limit to specific regions:

{
  "Condition": {
    "StringEquals": {
      "aws:RequestedRegion": ["us-east-1", "us-west-2"]
    }
  }
}

Security Considerations

Stackbooster.io implements several security measures for AWS integration:

• Least Privilege: Our IAM policies request only the permissions needed
• External ID: We use external IDs in trust relationships to prevent confused deputy problems
• No Secret Storage: When using role-based authentication, no AWS secrets are stored in our systems
• Encryption: All API communications use TLS 1.2+ encryption
• Activity Logging: All actions taken by Stackbooster.io are logged in your AWS CloudTrail

Verifying the Integration

After setting up the integration, verify it's working correctly:

1. In your Stackbooster.io dashboard, go to "Cloud Integrations"
2. Check that your AWS account shows "Connected" status
3. Click "Test Connection" to verify all required permissions are granted
4. Review the diagnostic information if any permissions are missing

Removing Access

To revoke Stackbooster.io's access to your AWS account:

1. Delete the CloudFormation stack or IAM role from your AWS account
2. In Stackbooster.io, navigate to "Cloud Integrations"
3. Find your AWS account and click "Remove Integration"

Troubleshooting

Common integration issues and solutions:

"Access Denied" Errors

• Verify that the IAM role or user has all required permissions
• Check for restrictive service control policies (SCPs) in your AWS organization
• Ensure the external ID matches exactly what's shown in the Stackbooster.io dashboard

Clusters Not Appearing

• Confirm that your EKS clusters have the required tags if you're using tag filtering
• Check that the clusters are in regions covered by your IAM permissions
• Verify that the clusters are in a running state

For Additional Help

If you continue to experience integration issues:

1. Check our AWS troubleshooting guide
2. Contact support with your AWS account ID and specific error messages

Next Steps

After successfully integrating your AWS account:

1. Create your first cluster
2. Review security best practices
3. Learn about autoscaling concepts