AWS Accounts Integration

Connect DarcyIQ directly to your AWS accounts for real-time cloud intelligence. Query your infrastructure, analyze costs, and get Trusted Advisor recommendations by asking natural language questions about your actual AWS environment.

Your Cloud, Your Data: Ask "What's our monthly AWS spend by service?" or "Show me all unencrypted S3 buckets" and get instant, accurate answers from your live AWS environment.

Overview

The AWS Accounts Integration transforms DarcyIQ into your intelligent cloud assistant with direct access to your AWS accounts.

Capability

Function

Business Value

Multi-Account Access

Query across all your AWS accounts

Complete infrastructure visibility

Real-Time Data

Live information from AWS APIs

Always current insights

Cost Analysis

Detailed spend breakdowns

Optimize cloud costs

Security Insights

Identify compliance issues

Reduce security risks

Resource Discovery

Find resources across regions

Complete asset inventory

Key Features

Infrastructure Intelligence

Query your AWS environment using natural language:

Query Type

Example Questions

Value

Cost Analysis

"What's our highest cost service this month?"

Identify optimization opportunities

Resource Inventory

"List all EC2 instances in us-east-1"

Asset management

Security Audit

"Show me S3 buckets without encryption"

Compliance verification

Performance Review

"Which RDS instances are over 80% CPU?"

Performance optimization

Unused Resources

"Find unattached EBS volumes"

Cost reduction

Supported AWS Services

Comprehensive coverage of AWS services:

Service Category

Supported Services

Common Queries

Compute

EC2, Lambda, ECS, EKS

Instance types, utilization, scaling

Storage

S3, EBS, EFS, Glacier

Bucket policies, encryption, lifecycle

Database

RDS, DynamoDB, ElastiCache

Performance, backups, capacity

Networking

VPC, ELB, CloudFront, Route53

Configuration, traffic, DNS

Security

IAM, KMS, Security Groups

Permissions, keys, access rules

Monitoring

CloudWatch, CloudTrail, Config

Metrics, logs, compliance

Analytics

Athena, EMR, Kinesis

Data processing, streaming

Management

Organizations, Cost Explorer

Account structure, billing

Security Architecture

Cross-Account IAM Roles

Security-first design using AWS best practices:

Create IAM Role Set up a cross-account role in your AWS account with read-only permissions.

Configure Trust Policy Establish trust relationship with DarcyIQ's AWS account using External ID.

Define Permissions Grant specific read permissions for services you want to query.

External ID Protection Use mandatory External ID to prevent confused deputy attacks.

Assume Role Access DarcyIQ assumes your role only when you make queries.

Security Features

Security Control

Implementation

Benefit

Read-Only Access

No write permissions granted

Zero modification risk

External ID

Required unique identifier

Prevents unauthorized access

Session Limits

Temporary credentials with expiry

Minimized exposure

Audit Logging

CloudTrail tracks all API calls

Complete audit trail

Encryption

TLS for all API communications

Data protection in transit

Least Privilege

Only necessary permissions

Minimal access scope

Setup Process

Prerequisites

Before setting up the integration:

Requirement

Description

How to Verify

AWS Account

Active AWS account with resources

Log into AWS Console

IAM Permissions

Ability to create IAM roles

Check IAM dashboard

External ID

Unique identifier from DarcyIQ

Provided during setup

Trust Account

DarcyIQ's AWS account ID

Provided during setup

Step-by-Step Configuration

1. Create IAM Role

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::DARCYIQ_ACCOUNT:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "YOUR_EXTERNAL_ID"
        }
      }
    }
  ]
}

2. Attach Permissions Policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:Describe*",
        "s3:List*",
        "s3:GetBucketPolicy",
        "s3:GetBucketEncryption",
        "rds:Describe*",
        "cloudwatch:GetMetric*",
        "ce:GetCostAndUsage",
        "organizations:List*",
        "support:DescribeTrustedAdvisor*"
      ],
      "Resource": "*"
    }
  ]
}

3. Configure in DarcyIQ

Navigate to Settings → Integrations → AWS API
Enter your IAM Role ARN
Provide the External ID
Select AWS regions to query
Test the connection
Save configuration

Multi-Account Setup

Configure access to multiple AWS accounts:

Setup Type

Configuration

Use Case

Single Role

One role with cross-account access

AWS Organizations setup

Multiple Roles

Separate role per account

Independent accounts

Delegated Access

Organization-wide permissions

Enterprise deployment

Using AWS Integration

Natural Language Queries

Ask questions about your AWS environment naturally:

Cost Queries

"What's our total AWS spend this month?"
"Show me the top 5 most expensive services"
"Compare this month's costs to last month"
"What's the daily average for EC2 costs?"
"Show cost breakdown by tags"

Security Queries

"List all public S3 buckets"
"Show security groups with 0.0.0.0/0 access"
"Find IAM users without MFA"
"Which KMS keys are scheduled for deletion?"
"Show unencrypted RDS instances"

Resource Queries

"How many EC2 instances are running?"
"List all Lambda functions in us-west-2"
"Show EBS volumes over 1TB"
"Find unused Elastic IPs"
"What's the total S3 storage usage?"

Performance Queries

"Which RDS instances have high CPU?"
"Show Lambda functions with errors"
"List EC2 instances with low utilization"
"What's the CloudFront cache hit ratio?"
"Show ELBs with unhealthy targets"

Query Results

DarcyIQ presents AWS data in multiple formats:

Format

Use Case

Features

Tables

Resource lists

Sortable, filterable

Charts

Cost trends

Interactive visualizations

Summaries

Quick insights

Key metrics highlighted

Recommendations

Optimization suggestions

Actionable advice

Exports

Further analysis

CSV, JSON formats

Use Cases

Cost Optimization

Scenario

Query Examples

Business Impact

Monthly Review

"Show cost trends over 6 months"

Identify spending patterns

Service Analysis

"Which service increased most in cost?"

Target optimization efforts

Unused Resources

"Find resources with zero usage"

Immediate cost savings

Reserved Instances

"Show RI utilization rates"

Maximize reservations

Tag Analysis

"Costs by department tag"

Chargeback accuracy

Security Compliance

Scenario

Query Examples

Business Impact

Audit Preparation

"List non-compliant resources"

Faster audit readiness

Access Review

"Show overly permissive policies"

Reduce attack surface

Encryption Audit

"Find unencrypted data stores"

Data protection

Key Management

"List expiring certificates"

Prevent outages

Network Security

"Review security group rules"

Network hardening

Capacity Planning

Scenario

Query Examples

Business Impact

Growth Analysis

"Show resource growth rate"

Accurate forecasting

Utilization Review

"Find underutilized instances"

Right-sizing opportunities

Scaling Patterns

"Peak usage times for services"

Optimize auto-scaling

Storage Planning

"S3 growth projection"

Budget planning

Database Capacity

"RDS storage trending full"

Prevent outages

Operational Excellence

Scenario

Query Examples

Business Impact

Health Check

"Show all unhealthy resources"

Rapid issue identification

Backup Verification

"List resources without backups"

Data protection

Update Status

"Find outdated AMIs"

Security maintenance

Configuration Drift

"Resources not matching standards"

Maintain consistency

Service Limits

"Services approaching limits"

Prevent throttling

Trusted Advisor Integration

Access AWS Trusted Advisor recommendations directly:

Check Category

Examples

Value

Cost Optimization

Idle resources, unused volumes

Reduce waste

Performance

Provisioned IOPS usage

Improve efficiency

Security

Security group rules, IAM use

Enhance security

Fault Tolerance

Backup configuration, multi-AZ

Increase reliability

Service Limits

Approaching limits

Prevent issues

Best Practices

Query Optimization

Practice

Implementation

Benefit

Be Specific

Include service and region

Faster results

Use Filters

Add tag or date filters

Relevant data

Regular Queries

Schedule recurring checks

Proactive management

Save Queries

Create query library

Consistency

Combine Queries

Ask multi-part questions

Comprehensive view

Security Best Practices

Minimal Permissions: Only grant read access to needed services
Regular Audits: Review IAM role permissions quarterly
Rotate External ID: Change External ID periodically
Monitor Access: Use CloudTrail to track API calls
Remove Unused Roles: Delete roles for terminated integrations

Cost Management

Daily Reviews: Quick daily cost check queries
Anomaly Detection: Set up alerts for unusual spending
Tag Everything: Ensure resources are tagged for analysis
Regular Optimization: Weekly unused resource checks
Forecast Regularly: Monthly projection queries

Limitations and Considerations

Limitation

Description

Workaround

API Rate Limits

AWS API throttling

Cached results for repeated queries

Cross-Region

Must query each region

Use "all regions" option

Real-Time Data

Some metrics have delay

Understand data freshness

Service Coverage

Not all AWS services supported

Request additional services

Query Complexity

Complex queries may take time

Break into smaller queries

Coming Soon

Automated Recommendations: Proactive optimization suggestions
Custom Dashboards: Save and share AWS dashboards
Alerting: Notifications for AWS events and thresholds
Cost Predictions: AI-powered spend forecasting
Remediation Actions: One-click fixes for common issues
Multi-Cloud Support: Extend to Azure and GCP

Pro Tip: Start with read-only access to a single account, then expand to multiple accounts once you're comfortable with the integration. Use tags extensively to enable powerful cost allocation queries.

PreviousAWS Ecosystem NextAWS ACE Integration

Last updated 6 days ago

Was this helpful?