Once you have you have the initial configuration done you will want to add more accounts for Hyperglance to connect to. This is done by creating an IAM role in the account you want Hyperglance to pull from.



Step 1. Create a policy in the account you want Hyperglance to connect to


a. Go to the AWS console, then the 'IAM' section and 'Create Policy'

b. Select the 'JSON' tab




c. Copy the JSON text below and overwrite the text in the box. You can choose Read-Only or Read-Write. 



Hyperglance Read Only policy

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": ["ec2:Describe*",
    "sts:GetCallerIdentity",
    "sts:AssumeRole",
    "dynamodb:Describe*",
    "dynamodb:ListTables",
    "elasticloadbalancing:Describe*",
    "cloudwatch:ListMetrics",
    "cloudwatch:GetMetricStatistics",
    "cloudwatch:Describe*",
    "autoscaling:Describe*",
    "rds:Describe*",
    "rds:ListTagsForResource",
    "s3:GetAccelerateConfiguration",
    "s3:GetAnalyticsConfiguration",
    "s3:GetBucketAcl",
    "s3:GetBucketCORS",
    "s3:GetBucketLocation",
    "s3:GetBucketLogging",
    "s3:GetBucketNotification",
    "s3:GetBucketPolicy",
    "s3:GetBucketRequestPayment",
    "s3:GetBucketTagging",
    "s3:GetBucketVersioning",
    "s3:GetBucketWebsite",
    "s3:GetEncryptionConfiguration",
    "s3:GetInventoryConfiguration",
    "s3:GetLifecycleConfiguration",
    "s3:GetMetricsConfiguration",
    "s3:GetReplicationConfiguration",
    "s3:ListAllMyBuckets"],
    "Resource": "*"
  }]
}



Hyperglance Read Write Policy


{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": ["ec2:Describe*",
    "sts:GetCallerIdentity",
    "sts:AssumeRole",
    "dynamodb:Describe*",
    "dynamodb:ListTables",
    "elasticloadbalancing:Describe*",
    "cloudwatch:ListMetrics",
    "cloudwatch:GetMetricStatistics",
    "cloudwatch:Describe*",
    "autoscaling:Describe*",
    "rds:Describe*",
    "rds:ListTagsForResource",
    "s3:GetAccelerateConfiguration",
    "s3:GetAnalyticsConfiguration",
    "s3:GetBucketAcl",
    "s3:GetBucketCORS",
    "s3:GetBucketLocation",
    "s3:GetBucketLogging",
    "s3:GetBucketNotification",
    "s3:GetBucketPolicy",
    "s3:GetBucketRequestPayment",
    "s3:GetBucketTagging",
    "s3:GetBucketVersioning",
    "s3:GetBucketWebsite",
    "s3:GetEncryptionConfiguration",
    "s3:GetInventoryConfiguration",
    "s3:GetLifecycleConfiguration",
    "s3:GetMetricsConfiguration",
    "s3:GetReplicationConfiguration",
    "s3:ListAllMyBuckets",
    "s3:PutBucketTagging",  
    "rds:AddTagsToResource",
        "rds:RemoveTagsFromResource",
        "rds:DeleteDBInstance",
        "rds:RebootDBInstance",
    "ec2:RebootInstances",
        "ec2:StopInstances",
        "ec2:TerminateInstances",
        "ec2:StartInstances",
        "ec2:CreateTags",
        "ec2:DeleteTags",
        "ec2:CreateImage"],
    "Resource": "*"
  }]
}



d. Name the Policy and select 'Create Policy'




Step 2. Create a Role


a. Go to the account Hyperglance is running in and copy the 'Account ID' (Easiest way is via the 'My Account' Section in the AWS console)

b. Go back to the IAM section in the AWS console of the account you want Hyperglance to connect to and 'Create Role'

c. Select 'Another AWS Account', paste the Account ID of the account Hyperglance is running in and select 'Next: Permissions (Leave both 'Options' tick boxes unchecked)




c. Search for the Policy you created earlier, select the tick box and click 'Next: Review'





d. Name the role and select 'Create role'




e. You will then see a list of all your roles. Select the role you just created




f. Copy the 'Role ARN'



g. Paste the Role ARN into the Hyperglance 'New Record' dialog. Select the regions you are interested in and select 'Submit'





Hyperglance will then connect to the AWS API and pull the new account's details. The time it will take varies depending on a number of factors but it shouldn't take longer than a few minutes.