Creating access key for AWS
Published 09 February 2026
To grant Monitor read-only access to your AWS account, you will need to create an IAM user with specific permissions and generate an access key. The following instructions summarize the key steps and provide references to the official AWS documentation for detailed guidance.
1. Create an IAM User
- Sign in to the AWS Management Console.
- Navigate to IAM → Users and click Add user.
- Username: Choose a descriptive name such as `monitor`.
- Access type: Select Programmatic access (to generate access keys).
For detailed instructions, see the https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html.
2. Assign Permissions
You can grant permissions in one of two ways:
a. Use AWS Managed Policies (Recommended)
Attach the following AWS managed policy to the new user:
- In the "Set permissions" step, choose "Attach policies directly".
- Search for each policy by name and check the box next to it.
b. Use a Custom Policy
If you prefer finer control, you can attach a custom policy with these exact permissions:
- Click "Create policy" during the permissions step.
- Choose the JSON editor and add a policy similar to the following:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeRegions", "ec2:DescribeVolumes", "account:GetAccountInformation", "ce:GetCostAndUsageWithResources" ], "Resource": "*" } ] } - Save the policy and attach it to the new user.
For a step-by-step guide, see the AWS documentation on creating and attaching IAM policies.
Note
ce:GetCostAndUsageWithResources is required only if you want to see cost information
3. Enable Cost Explorer and Resource-Level Billing Data
If you would like Redgate Monitor to query and display AWS costs associated with your resources, you must enable Cost Explorer and Resource-Level Data.
Note that Monitor's calls to the AWS APIs do incur a small cost, as detailed in Analyzing your costs and usage with AWS Cost Explorer. Given the granularity of the data is daily, Monitor only requests the data once a day.
4. Create Access Keys
You will need programmatic access credentials for Monitor.
- After creating the user, on the "Success" page, click “Download .csv” or copy the access key and secret access key.
If you need to generate keys later:
Go to IAM → Users → [Your user] → Security credentials tab, and click Create access key.
Full instructions and screenshots: Managing access keys for IAM users.
Store the access key securely. You won’t be able to retrieve the secret access key after you leave the page.
Never share these credentials publicly.
