Table of contents
1. Granular roles and permissions for AWS Take Action
2. How to give access to the Take Action feature for custom groups.
3. Disabling Cloud Catalog items
4. How to Customize Take Action workflows
Granular roles and permissions for AWS Take Action
We’ll explore the step-by-step process of creating and attaching an inline policy with granular permission for taking actions via the AWS Cloud Management app. Cloud admins can equip their team with precise, tailored access, ensuring a secure and efficient Freshservice - AWS Cloud Management Integration.
1. Use your AWS account ID or account alias, IAM user name, and password to sign in to the IAM console.
2. Select Users → Permissions→ Create Inline policy.
3. Click on the Json option to specify the below-given permissions and select Next & Save button.
"ec2:DeleteSubnet
"ec2:DescribeInstances
"ec2:DeleteVpcPeeringConnection
"ec2:CreateKeyPair
"ec2:DeleteRouteTable
"ec2:DeleteVolume
"elasticloadbalancing:DescribeLoadBalancers
"ec2:StartInstances
"ec2:DescribeVolumes
"ec2:DescribeKeyPairs
"ec2:DetachVolume
"ec2:CreateTags
"ec2:CreateRouteTable
"ec2:RunInstances
"ec2:DetachInternetGateway
"ec2:StopInstances
"ec2:DisassociateRouteTable
"ec2:GetPasswordData
"ec2:DeleteNatGateway
"ec2:DeleteVpc
"ec2:CreateSubnet
"ec2:DescribeSubnets
"ec2:DeleteKeyPair
"ec2:AttachVolume
"ec2:DescribeAddresses
"ec2:DeleteTags
"ec2:DescribeInstanceAttribute
"ec2:DescribeRegions
"ec2:CreateVpc
"ec2:DescribeNetworkInterfaces
"ec2:CreateSecurityGroup
"rds:DescribeDBInstances
"ec2:ModifyInstanceAttribute
"ec2:DescribeInstanceStatus
"ec2:RebootInstances
"ec2:TerminateInstances
"ec2:DescribeSecurityGroups
"ec2:DescribeImages
"s3:ListAllMyBuckets
"ec2:DescribeVpcs
"ec2:DeleteSecurityGroup
"elasticloadbalancing:DescribeTargetGroups
"sts:GetCallerIdentity
"ec2:CreateImage
"ec2:DeregisterImage
"ec2:CopyImage
Note:
As Freshservice AWS cloud management app evolves with additional actions and asset types, permissions must be kept up to date. While generic write permissions are recommended for simplicity, users with specific asset-level permissions will need to regularly update the above permission list in accordance with any changes to this article.
4. To assign the above permissions to a user, Navigate to IAM > Users > Select the created user for Freshservice Integration > Add Permissions.
5. Select the respective permission policy to be assigned to the user.
6. Finally, click on Next and Add the permissions.
How to give access to the Take Action feature for custom groups.
After integrating the AWS Cloud Management application with Freshservice, it's essential to tailor access permissions amongst agents so that only the intended agents can modify your cloud assets. This article provides step-by-step instructions on how to customize agent group access permissions within Freshservice, specifically for AWS Take Action.
1. Navigate to Admin → Service Management → Service Catalog.
2. Click on the Cloud service category.
3. Choose the 'select all' option and select the agent visibility from the visibility dropdown.
4. Select the Agents groups from the dropdown; by default “ FS Cloud Agent” group will be selected. To add any custom groups, select the respective group from the agent group dropdown.
5. To give access to a specific service item, click on the item.
6. Select the respective agent group from the Agent visibility dropdown and hit save.
Note: All admins have default access to the 'FS Cloud Agent’ group for Take Action features. Add more agents to this group to give them the ability to perform actions on cloud resources.
3. Disabling a Cloud Catalog item
In the dynamic landscape of service management, there are instances where disabling or restricting access to specific service catalog items is essential. Follow the steps below to disable or restrict a service catalog item using Freshservice.
1. Navigate to Admin → Service Management → Service Catalog.
2. Click on the Cloud service category.
3. Choose the respective service item and click on the "Change status" button at the top of the page.
4. Select the "Draft" option to indicate that the service item is not currently available for general use. Admins can revert it to "Publish" to lift the restriction when needed.
5. Finally, hit the save button to confirm the changes.
How to customize the Take Action cloud workflows
Efficient management of cloud workflows is crucial for maintaining control and improving communication within your organization's cloud environment. The following steps guide administrators in customizing workflows using a use case.
Use case: Set up an approval process to stop AWS instance cloud action requests and send an email to the requester.
1. Navigate to Admin → Automation and Productivity → Workflow Automator
2. Select the respective workflow (Stop Instance AWS) to Customize
3. Click on the vertical dotted line located in the top right corner of the workflow box. From the dropdown menu, select "Edit" to modify the workflow.
4. Drag and drop an action block before the "Stop instance" App node. Choose the "Send approval mail to the Reporting Manager" action within the action block options. Save the changes by clicking "Done".
5. Drag and drop another action block to the end of the workflow. Configure this action block to send an email notification to the requester. Confirm the settings and click "Done" to save the changes.
6. Once the approval process and email notification are configured, select the "Activate" button to enable the workflow.
