Connect AWS Account

Connecting your AWS account to Servyx takes about 5 minutes. You will create a read-only IAM policy, create an IAM user with that policy, and enter the credentials in Servyx. No agents, no binaries, no changes to your infrastructure.

How It Works

You

IAM credentials

Encrypt

AES-256-GCM

Servyx

Servyx

Read-only calls

AWS

EC2 · RDS · EKS · EBS

Results

Dashboard + savings

Servyx collects data entirely server-side. When you trigger a sync, our servers use the AWS SDK to make read-only API calls to your account. We collect information about your instances, volumes, databases, load balancers, Kubernetes clusters, cost data, and performance metrics.

Your credentials are encrypted with AES-256-GCM before they are stored. They are only decrypted in memory during a sync and never logged or exposed.

Step 1: Create the IAM Policy

  1. Sign in to the AWS Console and navigate to IAM > Policies > Create policy
  2. Click the JSON tab
  3. Paste the following policy:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "ServyxReadOnlyDiscovery",
      "Effect": "Allow",
      "Action": [
        "sts:GetCallerIdentity",

        "ec2:DescribeInstances",
        "ec2:DescribeInstanceTypes",
        "ec2:DescribeVolumes",
        "ec2:DescribeAddresses",
        "ec2:DescribeNatGateways",
        "ec2:DescribeSnapshots",

        "eks:ListClusters",
        "eks:DescribeCluster",
        "eks:ListNodegroups",
        "eks:DescribeNodegroup",

        "rds:DescribeDBInstances",

        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeTargetGroups",

        "autoscaling:DescribeAutoScalingGroups",

        "s3:ListAllMyBuckets",
        "s3:GetBucketVersioning",
        "s3:GetLifecycleConfiguration",

        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics",

        "ce:GetCostAndUsage",
        "ce:GetCostForecast",
        "ce:GetSavingsPlansCoverage",
        "ce:GetReservationCoverage",

        "cloudtrail:LookupEvents",

        "pricing:GetProducts"
      ],
      "Resource": "*"
    }
  ]
}
  1. Click Next
  2. Name the policy ServyxReadOnly
  3. Add a description: "Read-only access for Servyx infrastructure intelligence"
  4. Click Create policy

This policy is strictly read-only. It cannot create, modify, or delete any resources in your account. See the IAM Policy Reference for a detailed breakdown of every permission.

Step 2: Create an IAM User

  1. In the AWS Console, navigate to IAM > Users > Create user
  2. Name the user servyx-reader (or any name you prefer)
  3. Do not enable console access -- this user only needs programmatic access
  4. On the permissions page, select Attach policies directly and search for ServyxReadOnly
  5. Attach the policy and create the user

Step 3: Generate Access Keys

  1. Open the user you just created and go to the Security credentials tab
  2. Click Create access key
  3. Select Third-party service as the use case
  4. Copy the Access Key ID and Secret Access Key

Keep these credentials safe. You will enter them in Servyx in the next step, and you will not be able to view the secret key again in AWS.

Step 4: Add the Account in Servyx

  1. In your Servyx dashboard, click Add AWS Account
  2. Enter a friendly name for this account (e.g., "Production", "Staging")
  3. Select the AWS region where most of your resources live
  4. Paste your Access Key ID and Secret Access Key
  5. Click Save

Servyx encrypts your credentials immediately. The plaintext keys are never stored.

Step 5: Run Your First Sync

After adding the account, click the Sync button. Servyx will:

  1. Verify connectivity with your AWS account
  2. Discover all supported resources (EC2 instances, RDS databases, EBS volumes, EKS clusters, load balancers, S3 buckets, and more)
  3. Collect performance metrics (CPU utilization, network throughput, disk I/O)
  4. Pull cost data (monthly breakdown by service, forecasts, commitment coverage)

The first sync typically takes 1-3 minutes depending on the size of your account.

What Data Gets Collected

CategoryData
ComputeEC2 instances (type, state, tags, launch time), instance type specs (vCPU, memory, network)
StorageEBS volumes (size, type, state, attachments), snapshots, S3 buckets (versioning, lifecycle)
DatabasesRDS instances (engine, class, storage, multi-AZ)
KubernetesEKS clusters, node groups (instance types, scaling config)
NetworkingLoad balancers, target groups, NAT Gateways, Elastic IPs
PerformanceCloudWatch metrics -- CPU, network in/out, disk read/write, LB request counts
CostMonthly cost by service, cost forecasts, Savings Plans coverage, Reserved Instance coverage
AuditRecent CloudTrail events for infrastructure changes

Enable Cost Explorer

If you have never used AWS Cost Explorer before, you need to enable it first:

  1. Go to the AWS Billing Console
  2. Click Cost Explorer in the left sidebar
  3. Click Enable Cost Explorer

It can take up to 24 hours for cost data to become available after enabling.

Adding Multiple Accounts

You can connect as many AWS accounts as you need. Each account is synced independently and has its own encrypted credentials. The Servyx dashboard aggregates data across all connected accounts so you get a unified view of your entire cloud footprint.