Periodically, OpsCompass updates its permissions needed to complete cloud account scanning. This article provides steps on how to update existing account connections to use the latest permissions.OpsCompass is continually assessing its capabilities and required permissions to ensure least-privilege-access is enforced within customer accounts. However, periodically permission changes are needed within existing account connections to gain access to new OpsCompass features.
The latest of these permission changes were released February 2023, with the new capability allowing OpsCompass to process AWS Pricing APIs within cloud accounts.
This allows OpsCompass to:
- Provide context to resource changes that may reflect changes to your AWS Bill
- Provide actionable guidance to decrease cost of resources with low utilization.
Fortunately, you can ensure your AWS account integration is up to date by running a single AWS CLI command:
aws cloudformation update-stack --stack-name OpsCompassIntegration --capabilities CAPABILITY_NAMED_IAM --template-url https://opscompass-templates.s3.amazonaws.com/opscompass_role_creation.template --parameters ParameterKey=ExternalID,UsePreviousValue=true
It is possible, that your integration is already up to date. In this scenario you will receive the following error message:
An error occurred (ValidationError) when calling the UpdateStack operation: No updates are to be performed.
In this case, no more actions are needed on your part!