Skip to main content

AWS Data Source

This data source establishes a connection to AWS for extracting data about existing or running cloud service instances, including compute instances like EC2, block storage volumes, or databases (RDS).

Importable types

Using this data source allows importing assets (and link them) from AWS estates. The following table details all the types that can be imported. In addition, it provides a comprehensive overview in how far Txture can provide target architecture replacements and cost predictions.

Note that usage costs (e.g. data traffic) are not taken into account in the cost predictions.

Importable typeTarget Architecture replacementsCost predictions
Virtual Machine
Image
Volume
Network Zone (VPC)
Network Zone (Subnet)
Load balancer
RDS database
Elasticsearch Domain
Elasticache
Lambda function
Elastic File System
S3 Bucket
ECS Cluster
ECS Container
CloudFront Distributions
CloudFront Functions
CloudTrail
CloudWatch Metrics
DynamoDB Tables
Kafka Cluster
Kinesis Stream
Secrets Manager Secrets
Network Traffic
Scalabale Compute Group

Note that link importers require the permissions for both types that will be linked.

Configure credentials in AWS

Before configuring the data source in your Txture instance, ensure that all required settings are completed in your AWS Console.

To connect Txture to your AWS environment, you must provide read‑only credentials from an IAM User with programmatic access. These credentials include:

  • Access Key ID – The IAM User’s access key ID
  • Secret Access Key – The IAM User’s secret access key
  • Region(s) – The AWS region(s) Txture should import from (multiple regions can be specified within the same data source)

Txture supports two authentication approaches, depending on whether your setup involves a single AWS account or multiple accounts using the AssumeRole method.

In the next section, choose between Option A and Option B based on your AWS environment.

Option A: Standard IAM User (Single Account)

Best suited for testing environments or scenarios where Txture only needs access to resources within a single AWS account. In this setup, permissions are assigned directly to the IAM User.

→ Setup Guide for option A: Creating a Standard IAM User

Option B: AssumeRole ARN (Multi-Account/Cross-Account)

Best suited for multi‑account environments where Txture needs to access resources across multiple AWS accounts. In this setup, Txture uses a central Identity User to assume Target Roles in each account, and permissions are applied directly to the Role in the target accounts.

→ Setup Guide for option B: Configuring AssumeRole ARN

Permission configuration

Permissions Guide

Optional configurations

Fetching usage data

Fetching usage data with Amazon CloudWatch can cause additional costs.
The CloudWatch API is required by the asset-type Network Traffic and S3-Bucket and is optional for Virtual Machine, Volume, RDS Database, CloudFront Function and Lambda Function.

EC2 metrics for RAM usage

In order to be able to get RAM utilization metric you need to follow the following guide: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/install-and-configure-cloudwatch-agent-using-ec2-console.html#install-and-configure-cw-agent-procedure

EC2 Autoscaling Groups for Avg/Min/Max Group Size / Replicas

In order to be able to get information about average/minimum/maximum replicas you need to enable the Auto Scaling Group metrics collection.

Setting up importers

After configuring the data source, you can create auto-configured importers to bring data from AWS into Txture.

Troubleshooting

Since connectivity is established via AWS APIs and authenticated using tokens, you must ensure that AWS Security Token Service (STS) actions are available and permitted in the corresponding IAM policy.

In addition to the standard Get, List, or Describe actions required to access cloud service information, include the following STS actions in the IAM policy attached to the AWS user:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["sts:GetAccessKeyInfo", "sts:GetCallerIdentity", "sts:GetSessionToken"],
      "Resource": "*"
    }
  ]
}