本文描述了AWS相关的调研功能,用户所提供的信息使用方式的说明以及安全保证。
AWS迁移成本评估
对于AWS的AK/SK调研方式,需要您提前打开AWS Cost Explorer服务,并确保提供的账号拥有如下权限:
arn:aws:iam::aws:policy/AWSBillingReadOnlyAccess
arn:aws:iam::aws:policy/Billing
arn:aws:iam::aws:rds/DescribeDbInstances由于需要使用AWS的SDK(GetCostAndUsageRequest/Response)访问您的账单接口,可能会产生接口读调用带来的相关费用。同时,需要授权RDS的只读权限,来访问RDS的配置信息,以推荐阿里云上合适的RDS规格。
CMH不会记录或存储您的敏感信息(如AK/SK),您填写的密钥信息只会被使用在当次任务。
AWS在线调研
在线AWS调研需要您提供一个AWS的账号来获取您的云资源列表,该账号需要拥有所有云资源的读权限。AWS 提供一个只读的系统策略,您可以直接用该策略进行授权:
arn:aws:iam::aws:policy/ReadOnlyAccessAWS在线调研支持的资源类型和使用的相关API参考文档:AWS采集字段明细。如果您希望提供更小的权限策略,您可以参考AWS只读权限脱敏。
同样,CMH不会记录或存储您的敏感信息(如AK/SK),您填写的密钥信息只会被使用在当次任务。
在线调研使用的相关API参考
支持的资源 | 使用的API | 使用的client |
EC2 | DescribeInstancesRequest/Response,DescribeInstanceTypesRequest/Response,DescribeImagesRequest/Response | Ec2Client |
NAT | DescribeNatGatewaysResponse | Ec2Client |
安全组 | DescribeSecurityGroupsResponse,DescribeSecurityGroupRulesIterable | Ec2Client |
VPC | DescribeVpcsResponse | Ec2Client |
可用区 | DescribeAvailabilityZonesResponse | Ec2Client |
负载均衡 | DescribeTargetGroupsResponse,DescribeInstancesResponse,DescribeLoadBalancersResponse,DescribeTagsRequest/Response | ElasticLoadBalancingV2Client,Ec2Client |
RDS | DescribeDbInstancesRequest/Response, | RdsClient |
ElastiCache | DescribeCacheClustersResponse,DescribeCacheSubnetGroupsResponse,ListTagsForResourceRequest/Response | ElastiCacheClient |
S3 | ListBucketsResponse,ListObjectsV2Request/Response,GetBucketTaggingRequest/Response,GetPublicAccessBlockRequest/Response,GetBucketLifecycleConfigurationRequest/Response,GetBucketReplicationRequest/Response,ListBucketInventoryConfigurationsRequest/Response | S3Client |
ElastiCache | DescribeCacheClustersResponse,DescribeCacheSubnetGroupsResponse,ListTagsForResourceRequest/Response | ElastiCacheClient |
DocumentDB | DescribeSecurityGroupsResponse,DescribeDbClustersResponse,ListTagsForResourceRequest/Response, | DocDbClient,Ec2Client |
ES | DescribeCacheClustersResponse,DescribeCacheSubnetGroupsResponse,ListTagsForResourceRequest/Response | ElastiCacheClient |
KAFAKA | DescribeSecurityGroupsResponse,ListClustersV2Request/Response, | KafkaClient,Ec2Client |
SECURITY_GROUP_RULE | DescribeSecurityGroupRulesRequest/Response,DescribeSecurityGroupRulesIterable | Ec2Client |
OLAPDB | DescribeClustersResponse, | RedshiftClient |
Eks | ListClustersRequest/Response,DescribeClusterRequest/Response | EksClient |
GlobalAccelerator | ListAcceleratorsRequest/Response, | GlobalAcceleratorClient |
Athena | ListDataCatalogsRequest/Response,ListDatabasesRequest/Response,ListTableMetadataRequest/Response | AthenaClient |
Lambda | ListFunctionsRequest/Response,GetFunctionRequest/Response, | LambdaClient |
CloudFront | ListDistributionsResponse,ListTagsForResourceRequest/Response, | CloudFrontClient |
MQ | ListBrokersResponse,DescribeBrokerRequest/Response, | MqClient |
SQS | ListQueuesRequest/Response,GetQueueAttributesRequest/Response,ListQueueTagsRequest/Response | SqsClient |
AutoScaling | DescribeAutoScalingGroupsRequest/Response | AutoScalingClient |
EIP | DescribeAddressesResponse | Ec2Client |