Connect AWS Account
Connecting your AWS account to Servyx takes about 5 minutes. You will create a read-only IAM policy, create an IAM user with that policy, and enter the credentials in Servyx. No agents, no binaries, no changes to your infrastructure.
How It Works
You
IAM credentials
Encrypt
AES-256-GCM
Servyx
Read-only calls
AWS
EC2 · RDS · EKS · EBS
Results
Dashboard + savings
Servyx collects data entirely server-side. When you trigger a sync, our servers use the AWS SDK to make read-only API calls to your account. We collect information about your instances, volumes, databases, load balancers, Kubernetes clusters, cost data, and performance metrics.
Your credentials are encrypted with AES-256-GCM before they are stored. They are only decrypted in memory during a sync and never logged or exposed.
Step 1: Create the IAM Policy
- Sign in to the AWS Console and navigate to IAM > Policies > Create policy
- Click the JSON tab
- Paste the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ServyxReadOnlyDiscovery",
"Effect": "Allow",
"Action": [
"sts:GetCallerIdentity",
"ec2:DescribeInstances",
"ec2:DescribeInstanceTypes",
"ec2:DescribeVolumes",
"ec2:DescribeAddresses",
"ec2:DescribeNatGateways",
"ec2:DescribeSnapshots",
"eks:ListClusters",
"eks:DescribeCluster",
"eks:ListNodegroups",
"eks:DescribeNodegroup",
"rds:DescribeDBInstances",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"autoscaling:DescribeAutoScalingGroups",
"s3:ListAllMyBuckets",
"s3:GetBucketVersioning",
"s3:GetLifecycleConfiguration",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"ce:GetCostAndUsage",
"ce:GetCostForecast",
"ce:GetSavingsPlansCoverage",
"ce:GetReservationCoverage",
"cloudtrail:LookupEvents",
"pricing:GetProducts"
],
"Resource": "*"
}
]
}
- Click Next
- Name the policy
ServyxReadOnly - Add a description: "Read-only access for Servyx infrastructure intelligence"
- Click Create policy
This policy is strictly read-only. It cannot create, modify, or delete any resources in your account. See the IAM Policy Reference for a detailed breakdown of every permission.
Step 2: Create an IAM User
- In the AWS Console, navigate to IAM > Users > Create user
- Name the user
servyx-reader(or any name you prefer) - Do not enable console access -- this user only needs programmatic access
- On the permissions page, select Attach policies directly and search for
ServyxReadOnly - Attach the policy and create the user
Step 3: Generate Access Keys
- Open the user you just created and go to the Security credentials tab
- Click Create access key
- Select Third-party service as the use case
- Copy the Access Key ID and Secret Access Key
Keep these credentials safe. You will enter them in Servyx in the next step, and you will not be able to view the secret key again in AWS.
Step 4: Add the Account in Servyx
- In your Servyx dashboard, click Add AWS Account
- Enter a friendly name for this account (e.g., "Production", "Staging")
- Select the AWS region where most of your resources live
- Paste your Access Key ID and Secret Access Key
- Click Save
Servyx encrypts your credentials immediately. The plaintext keys are never stored.
Step 5: Run Your First Sync
After adding the account, click the Sync button. Servyx will:
- Verify connectivity with your AWS account
- Discover all supported resources (EC2 instances, RDS databases, EBS volumes, EKS clusters, load balancers, S3 buckets, and more)
- Collect performance metrics (CPU utilization, network throughput, disk I/O)
- Pull cost data (monthly breakdown by service, forecasts, commitment coverage)
The first sync typically takes 1-3 minutes depending on the size of your account.
What Data Gets Collected
| Category | Data |
|---|---|
| Compute | EC2 instances (type, state, tags, launch time), instance type specs (vCPU, memory, network) |
| Storage | EBS volumes (size, type, state, attachments), snapshots, S3 buckets (versioning, lifecycle) |
| Databases | RDS instances (engine, class, storage, multi-AZ) |
| Kubernetes | EKS clusters, node groups (instance types, scaling config) |
| Networking | Load balancers, target groups, NAT Gateways, Elastic IPs |
| Performance | CloudWatch metrics -- CPU, network in/out, disk read/write, LB request counts |
| Cost | Monthly cost by service, cost forecasts, Savings Plans coverage, Reserved Instance coverage |
| Audit | Recent CloudTrail events for infrastructure changes |
Enable Cost Explorer
If you have never used AWS Cost Explorer before, you need to enable it first:
- Go to the AWS Billing Console
- Click Cost Explorer in the left sidebar
- Click Enable Cost Explorer
It can take up to 24 hours for cost data to become available after enabling.
Adding Multiple Accounts
You can connect as many AWS accounts as you need. Each account is synced independently and has its own encrypted credentials. The Servyx dashboard aggregates data across all connected accounts so you get a unified view of your entire cloud footprint.