All Products
Search

This Product

    Cloud Migration Hub:Usage notes for using an AccessKey pair to survey AWS resources

    Document Center

    Cloud Migration Hub:Usage notes for using an AccessKey pair to survey AWS resources

    Last Updated:Aug 06, 2024

    This topic describes the feature to survey AWS resources. This topic also describes how user-provided information is used and how information security is assured.

    Analyze the costs for migrating AWS resources

    Before you select AK/SK as the survey method, make sure that AWS Cost Explorer is active and the account that you assign to Cloud Migration Hub (CMH) has the following permissions:

    arn:aws:iam::aws:policy/AWSBillingReadOnlyAccess
arn:aws:iam::aws:policy/Billing
arn:aws:iam::aws:rds/DescribeDbInstances

    AWS SDKs are used to call the GetCostAndUsageRequest and GetCostAndUsageResponse operations to read your service bills on AWS during the process. Therefore, you may be charged for the relevant read operations. At the same time, you need to authorize read-only access to RDS to access its specifications information and recommend suitable RDS specifications on Alibaba Cloud.

    Important

    CMH does not record or store your sensitive information such as the AccessKey pair. The key information you fill in is used only for the current task.

    Survey AWS resources in online mode

    To use CMH to survey all your resources on AWS in online mode, you must provide an AWS account that is granted the read permissions on all the resources. AWS provides a system policy that allows read-only access to AWS resources. You can use this policy to grant read-only permissions to your AWS account:

    arn:aws:iam::aws:policy/ReadOnlyAccess

    For more information about the resource types supported for AWS resource survey in online mode and API reference, see Fields collected from AWS. If you need a policy that covers the permissions on fewer resources, you can create a custom policy based on the ReadOnlyAccess policy of AWS.

    Important

    Similarly, CMH does not record or store your sensitive information such as the AccessKey pair. The key information you fill in is used only for the current task.

    API reference

    Supported resources

    API operation

    Client

    Amazon Elastic Compute Cloud (Amazon EC2)

    DescribeInstancesRequest/Response,DescribeInstanceTypesRequest/Response,DescribeImagesRequest/Response

    Ec2Client

    NAT gateways

    DescribeNatGatewaysResponse

    Ec2Client

    Security groups

    DescribeSecurityGroupsResponse and DescribeSecurityGroupRulesIterable

    Ec2Client

    Amazon Virtual Private Cloud (Amazon VPC)

    DescribeVpcsResponse

    Ec2Client

    Availability Zones (AZs)

    DescribeAvailabilityZonesResponse

    Ec2Client

    Elastic Load Balancing (ELB)

    DescribeTargetGroupsResponse, DescribeInstancesResponse, DescribeLoadBalancersResponse, and DescribeTagsRequest/Response

    ElasticLoadBalancingV2Client and Ec2Client

    Amazon RDS

    DescribeDbInstancesRequest/Response

    RdsClient

    Amazon ElastiCache

    DescribeCacheClustersResponse, DescribeCacheSubnetGroupsResponse, and ListTagsForResourceRequest/Response

    ElastiCacheClient

    Amazon Simple Storage Service (Amazon S3)

    ListBucketsResponse, ListObjectsV2Request/Response, GetBucketTaggingRequest/Response, GetPublicAccessBlockRequest/Response, GetBucketLifecycleConfigurationRequest/Response, GetBucketReplicationRequest/Response, and ListBucketInventoryConfigurationsRequest/Response

    S3Client

    Amazon ElastiCache

    DescribeCacheClustersResponse, DescribeCacheSubnetGroupsResponse, and ListTagsForResourceRequest/Response

    ElastiCacheClient

    Amazon DocumentDB

    DescribeSecurityGroupsResponse, DescribeDbClustersResponse, and ListTagsForResourceRequest/Response

    DocDbClient and Ec2Client

    Elasticsearch

    DescribeCacheClustersResponse, DescribeCacheSubnetGroupsResponse, and ListTagsForResourceRequest/Response

    ElastiCacheClient

    Amazon Managed Streaming for Apache Kafka (Amazon MSK)

    DescribeSecurityGroupsResponse and ListClustersV2Request/Response

    KafkaClient and Ec2Client

    Security group rules

    DescribeSecurityGroupRulesRequest/Response and DescribeSecurityGroupRulesIterable

    Ec2Client

    OLAP databases

    DescribeClustersResponse

    RedshiftClient

    Amazon Elastic Kubernetes Service (Amazon EKS)

    ListClustersRequest/Response and DescribeClusterRequest/Response

    EksClient

    AWS Global Accelerator

    ListAcceleratorsRequest/Response

    GlobalAcceleratorClient

    Amazon Athena

    ListDataCatalogsRequest/Response, ListDatabasesRequest/Response, and ListTableMetadataRequest/Response

    AthenaClient

    Amazon Lambda

    ListFunctionsRequest/Response and GetFunctionRequest/Response

    LambdaClient

    Amazon CloudFront

    ListDistributionsResponse and ListTagsForResourceRequest/Response

    CloudFrontClient

    Amazon MQ

    ListBrokersResponse and DescribeBrokerRequest/Response

    MqClient

    Amazon Simple Queue Service (Amazon SQS)

    ListQueuesRequest/Response, GetQueueAttributesRequest/Response, and ListQueueTagsRequest/Response

    SqsClient

    Auto Scaling

    DescribeAutoScalingGroupsRequest/Response

    AutoScalingClient

    Elastic IP Address (EIP)

    DescribeAddressesResponse

    Ec2Client