Tevico Documentation

Introduction


Tevico is a Cloud Governance tool designed to manage AWS cloud resources efficiently, focusing on Cost, Security, Reliability, and Compliance. As a SaaS platform, Tevico empowers users to monitor and optimize their AWS accounts efficiently.

User Manual Overview

This User Manual for Tevico provides comprehensive guidance for onboarding your AWS account onto the platform. It outlines the prerequisites for onboarding and offers step-by-step instructions for utilizing key features such as Security Assessment and Well-Architected Framework Review.

Product Features

This user manual explains how to upgrade subscription plans. Presently, Tevico offers the following plans:

  • Collaborator Plan
  • Basic Plan
  • Premium Plan


Key Features

By the end of this guide, users will be able to:

  • Onboard their AWS account onto Tevico.
  • Upgrade their account to the Premium plan.
  • Enable and execute Standard and/or Advanced Security Assessments.
  • Generate detailed security reports compliant with various standards.
  • Identify, analyze, and remediate security findings using Tevico’s Security Assessment.
  • Create a Well-Architected Framework workload, review it against industry best practices, and address identified gaps.

 

 

Prerequisites


1. To begin using Tevico as a cloud management platform, a Cross-Account IAM role is utilized. All necessary resources for this access are provisioned using a CloudFormation Template provided by the platform upon subscription.

Users require the following access to create the required resources in their AWS account and grant necessary permissions to Tevico:

{
    “Version”: “2012-10-17”,
    “Statement”: [
        {
            “Sid”: “FullAccess”,
            “Effect”: “Allow”,
            “Action”: [

                “aws-marketplace:Subscribe”,

                “aws-marketplace:ViewSubscriptions”,

                “aws-marketplace:Unsubscribe”,

                “config:*”,

                “cloudformation:CreateStack”,

                “cloudformation:UpdateStack”,

                “cloudformation:DeleteStack”,

                “cloudformation:CreateChangeSet”,

                “cloudformation:ContinueUpdateRollback”,

                “cloudformation:DeleteChangeSet”,

                “cloudformation:DescribeChangeSet”,

                “cloudformation:DescribeStacks”,

                “cloudformation:DescribeStackEvents”,

                “cloudformation:ListChangeSets”,

                “cloudformation:DetectStackDrift”,

                “cloudformation:DescribeStackDriftDetectionStatus”,

                “cloudformation:DescribeStackResourceDrifts”,

                “cloudformation:ListStackInstanceResourceDrifts”,

                “cloudformation:GetTemplateSummary”,

                “cloudformation:ListStacks”,

                “cloudformation:ListStackResources”,

                “cloudformation:ListStackSets”,

                “cloudformation:ListTypes”,

                “cloudformation:ListTypeVersions”,

                “cur:DescribeReportDefinitions”,

                “cur:PutReportDefinition”,

                “cur:ModifyReportDefinition”,

                “cur:GetClassicReport”,

                “cur:GetUsageReport”,

                “cur:DeleteReportDefinition”,

                “iam:CreateRole”,

                “iam:CreateInstanceProfile”,

                “iam:CreateServiceLinkedRole”,

                “iam:CreatePolicy”,

                “iam:CreatePolicyVersion”,

                “iam:PutRolePolicy”,

                “iam:UpdateRole”,

                “iam:AttachRolePolicy”,

                “iam:DetachRolePolicy”,

                “iam:GetRole”,

                “iam:ListRoles”,

                “iam:PassRole”,

                “iam:GetPolicy”,

                “iam:ListPolicyVersions”,

                “iam:DeleteRole”,

                “iam:DeleteRolePolicy”,

                “iam:DeletePolicyVersion”,

                “iam:AddRoleToInstanceProfile”,

                “iam:RemoveRoleFromInstanceProfile”,

                “iam:GetInstanceProfile”,

                “iam:DeleteInstanceProfile”,

                “lambda:CreateFunction”,

                “lambda:ListFunctions”,

                “lambda:GetFunction”,

                “lambda:InvokeFunction”,

                “lambda:ListVersionsByFunction”,

                “lambda:PublishVersion”,

                “lambda:UpdateFunctionCode”,

                “lambda:DeleteFunction”,

                “license-manager:ListReceivedLicenses”,

                “sns:ListTopics”,

                “s3:ListBucket”,

                “s3:CreateBucket”,

                “s3:PutBucketPolicy”,

                “s3:GetBucketPolicy”,

                “s3:DeleteBucketPolicy”,

                “s3:GetBucketAcl”,

                “s3:GetBucketLocation”,

                “s3:PutBucketOwnershipControls”,

                “s3:DeleteBucket”,

                “s3:GetObject”,

                “s3:PutObject”
            ],
            “Resource”: [“*”]
        }
    ]
}

2. Users who create a stack using the CloudFormation template must use a valid email ID to receive an activation link.

Tevico Onboarding

AWS Marketplace Subscription from Management Console

  1. Login into AWS Management Console and navigate to AWS Marketplace.



  2. In the AWS Marketplace, click Discover products and search “Tevico” in the search bar.

  3. Select the product Tevico, and click View purchase options to get the price details.





  4. Click View purchase options. In Available offers, you can find the Public and Free trial offers.





  5. Click Subscribe to complete the purchase.




  6. Click on Set up your Account button on the top right of the page. It will take the user to Tevico’s sign-up process defined in detail in the Sign up on Tevico section given below.



Sign up on Tevico

Follow the steps given below to onboard.

  1. Open the environment URL (by clicking Set up your account in the previous step)




  2. On Create a New Account page, sign up using Google or enter a valid email ID and proceed to Create Account.



  3. On Add Tevico as your Trusted Account page, click ‘Next’ to create necessary resources like IAM policies and cross-account roles.

    Note: The permissions that Tevico needs in a cross-account role can be found here.


  4. Click Launch Stack.







  5. A new tab or window is opened. The user will be taken to the AWS CloudFormation Stack creation page. Keep pre-populated values and tick IAM capabilities-related checkboxes allowing stack to create IAM resources.




  6. Wait until the status for both the stacks changes from

    ‘CREATE_IN_PROGRESS’ to ‘CREATE_COMPLETE’.


  7. Tevico will automatically fetch the Role ARN & populate the correct value in the placeholder text box. Click Next once it is fetched.

  8. When prompted to set the password on the Set Password page, enter the password, and re-enter the password.  Click a password that satisfies all the required conditions and click Next.


  9. Click Let’s Get Started.


  10. Check the email with which you signed up on Tevico. Click on the activation link received in the email to activate your account.


  11. Login to your Tevico account using your registered mail ID.


  12. The above link will take you to the login page. Enter your email ID and password, and click Sign In.




  13. The sign-up created on Tevico is in the Basic Plan. To access advanced features



Upgrading to the Premium Plan


Follow the steps given below to upgrade your Tevico account to Premium plan:

  1. Log in to https://console.tevi.co using valid credentials. Click on the Tevico Account ID (Eg. 60800-ara.salestoken+30) on the top right of the Home page after logging in.

  2. Go to the Account Settings page from the options given in the sidebar.



  3. Click Plan from the sub-sections given below.




  4. Select the Premium plan and click the Get Started button under the Premium plan category.


  5. Click the AWS sub-menu and select Update Stack.


  6. Click on the Update Stack button again. The user will be redirected to the AWS Update Cloudformation Stack page.



  7. Click Next for every section of the Update stack form without modifying any of the existing values. Tick the checkboxes and click Submit.




  8. When the Stack is updated, the status will change from UPDATE_IN_PROGRESS to UPDATE_COMPLETE.




  9. Return to the Tevico tab in your browser and refresh the screen to view the Premium tag under your Tevico Account ID. The Premium plan features were activated successfully.


Security Assessments

Tevico enables users to capture the security posture of their AWS infrastructure by running Security Assessments. There are two types of assessments supported by Tevico.

  1. Standard Security Assessment
    Tevico provides a consolidated Security Assessment report which gives an aggregated view of the findings by resource type, status, and severity. You can assess your AWS account security levels using the security score based on CIS AWS Foundations Benchmark v1.2.0 and AWS Foundational Security Best Practices v1.0.0. You will get actionable recommendations for security remediation.


  1. Advanced Security Assessment
    The Advanced Security Assessment generates the report across various security standards such as CIS-1.2, CIS-1.4, PCI-DSS, NIST, GDPR, SOC2 & 15, HIPAA, and other standards along with guidance for security posture enhancements.
    Detailed risk analysis of the generated findings at individual service and resource levels is provided in the summary report for a better infrastructure remediation approach.


Enable Standard Security Assessment

  1. Login to https://console.tevi.co

  2. Click Dashboard on the navigation bar on the left. On the right side of the page, there are four tabs each for Cost, Security, Reliability & Inventory.




  3. Click Security.



  4. In the Assessments sub-section, click Explore Reports.



  5. Click Generate under Standard Security Assessment.



  6. Select the Region from the drop-down list to run the Standard Security
    Assessment based on where the existing workload is. You can select one region at a time for a single Standard Security Assessment.






  7. When the user clicks on Open AWS Config, they will receive details about the AWS pricing for the Config service and guidance on setting up a budget for it.
    Users can either set up a budget by selecting Set Budget Now or proceed without setting up any budget.



  8. Open a new tab and navigate to the AWS Management Console’s Setup AWS Config page. Keep the default settings unchanged and click Next to proceed to Step 2: Rules page.






  9. There is no need to select any specific rule before clicking Next. The user will then be taken to Step 3: Review.







  10. Click Confirm to enable AWS Config. The AWS Config Enabled status will now be visible on Tevico as well.







  11. Click Generate Report. Tevico will initiate the assessment in your account. This assessment typically takes around 5-6 hours to complete, after which the data will begin to appear on the dashboard.
















    Enable Advanced Security Assessment

    1. Login to https://console.tevi.co

    2. Click Dashboard on the navigation bar on the left. On the right side of the page, there are four tabs each for Cost, Security, Reliability & Inventory.



    3. Click Security Dashboard.



    4. In the Assessments sub-section, click Explore Reports.




    5. Click the Generate button in Advanced Security Assessment.




    6. Fill in the necessary fields:
      • Select the Region(s) based on where the workload is.

      • Select Compliance from the drop-down list.




      • Select the S3 Bucket in which the assessment findings are to be stored.



      • Copy the S3 bucket policy visible in Tevico. It is required to attach this policy to the S3 bucket where the assessment findings are to be stored.


        Note
        : The S3
        bucket policy is provided below for reference. Replace <AWS-Account-ID> and <role-name> with the appropriate values before attaching the policy to the S3 bucket.

        {
                    “Version”: “2012-10-17”,
                    “Statement”: [
                      {
                        “Sid”: “AllowPutObject”,
                        “Effect”: “Allow”,
                        “Principal”: {
                          “AWS”: arn:aws:iam::<AWS-Account-ID>:role/<role-name>
                        },
                        “Action”: [
                          “s3:PutObject”,
                          “s3:PutObjectAcl”
                        ],
                        “Resource”: [
                          “arn:aws:s3:::”,
                          “arn:aws:s3:::/*”
                        ]
                      },
                      {
                        “Sid”: “ReadBucketPermission”,
                        “Effect”: “Allow”,
                        “Principal”: {
                          “AWS”: “arn:aws:iam::956059115090:root”
                        },
                        “Action”: [
                          “s3:GetObject”,
                          “s3:ListBucket”,
                          “s3:GetBucketLocation”
                        ],
                        “Resource”: [
                          “arn:aws:s3:::”,
                          “arn:aws:s3:::/*”
                        ]
                      }
                    ]
                  }


      • To attach required S3 bucket policy, login to AWS Management Console and open S3. For the required S3 bucket, go to the Permissions tab.






      • In the Bucket Policy section, click on the Edit button and paste the given bucket policy statement.




      • After pasting the policy, click the Save button.






      • Go back to Tevico. Confirm the changes by ensuring that all status checks are passing and click Submit.







    7. Click Submit once again to get the Advanced Security Assessment results.




    8. The Advanced Security Assessment report will be ready after the scan which takes around 20-30 minutes to complete.

















Inventory Dashboard

Tevico enables you to get a real-time view of your AWS resource inventory, helping you make informed decisions and take proactive actions.


You can get a summary of the frequently used cloud services and their distribution across AWS regions. This assists you in Identifying unused resources and having them removed based on the findings.



Set up Inventory Dashboard


To get a detailed inventory, use following steps:

  1. Login to https://console.tevi.co. Open Dashboard and navigate to the Inventory tab.




  2. You need to set up an S3 Bucket for storing Inventory Reports. Select the appropriate S3 bucket from the dropdown.



  3. The bucket policy that needs to be attached to the selected bucket is visible on the UI. Copy the given bucket policy.




  4. In the AWS Management Console, go to S3 and open the same S3 bucket. Go to the Permissions tab.



  5. In the Bucket policy section, click on the Edit button and paste the bucket policy given by Tevico. Save the bucket policy.




  6. Once the bucket policy is updated, go back to the Tevico tab. Click the “Generate” button to get the results.








  7. Wait for the inventory dashboard to be ready.




  8. Once the inventory dashboard is populated with data, you can see the sections showing various AWS services used in your AWS account. The sub-menu helps you navigate to the appropriate category of AWS services.


Well-Architected Framework Review and Remediation


Tevico provides an end-to-end user experience for conducting a Well-Architected Framework Review and Remediation of your workload running in AWS cloud. The process is conducted in 3 phases.

  1. Capture the application details:

Customer-Centric Approach: Tevico captures the details of application like architecture diagrams along with technology stack. By deeply understanding your business through Product-Market Synergy, Tevico documents your expectations from the application architecture considering the growth prospect. Tevico aims towards the workloads to be both technically robust and aligned with your specific needs.


  1. Review Process:

Expert Guidance and Continuous Improvement: Tevico’s Well-Architected module harnesses AWS Solution Architects’ best practices to help design and operate secure, efficient, and cost-effective workloads. The review process supports continuous improvement, allowing the users to save milestones, track architectural changes, and keep the workloads aligned with the latest AWS standards.


  1. Remediation:

Efficient Risk Assessment and Remediation: Tevico simplifies the review and remediation process by focusing on the intent behind each question, enhancing user engagement, and making the process more productive. This approach helps identify potential risks and outlines actionable steps for improvement, ensuring the workloads consistently meet AWS best practices.



Create a Workload

  1. Login to https://console.tevi.co

  2. Go to the Well-Architected section shown in the navigation bar on the left.






  3. Click on Create Workload and enter the necessary details such as
    • Workload Name
    • Description
    • Review Owner
    • AWS Region


  4. Click Next to move to Step 2 of the workload creation phase.









  5. In Step 2 of the Workload Creation phase, users can draw, upload, or add links to their Application/Infrastructure Architecture Diagram. Upon performing any of these actions click Next.







  6. Tevico offers several blueprints using which the review can be done. Blueprints are a set of questions that are to be answered depending on the type of review that the user wishes to conduct.

    Eg. KYA- Know Your Architecture

    SSB- Startup Security Baseline
    WAFR- Well-Architected Framework Review



    Select the appropriate blueprint and click Next.











  7. Once the workload is created, click Next to place a request for assigning a Solutions Architect to the newly created workload.




  8. When the Solutions Architect is assigned to the workload, the workload creation will be complete immediately.








Review a Workload


    1. On the Workload Summary page, click Start Review.




    2. Enter the necessary details for the Product Market Synergy:

      i) Industry Type
      ii) Problem Statement
      iii) Solution Provided
      iv) Traffic Pattern
      v) Compliance Requirements
      vi) Growth Forecast And Context


    3. Click Save.











    4. Enter the details related to the Technology Stack
      i) Web Application
      ii) Mobile Application
      iii) Backend Application
      iv) Database(s)
      v) Continuous Integration / Continuous Delivery (CI/CD) Pipelines
      vi) Artificial Intelligence (AI) / Machine Learning (ML) Workloads
      vii) Analytics Workloads


      Providing these details will help the assigned Solutions Architect give better recommendations during the review.


    5. Click Save.











    6. Users can ask any queries or add notes on the Queries & Notes page. These queries can be addressed during the review process. Once noted, click Save.





    7. A list of all the Pillars under this blueprint will be visible.
      i) Security
      ii) Reliability
      iii) Cost Optimization


    8. Click Start Review for Security Pillar





    9. In the Security pillar, the user has to answer these sets of questions according to AWS Best Practices implemented in their workload.



    10. During this review phase, further details for your infrastructure can also be noted down by the user or by the Solution Architect assigned such as
      i) Observations
      ii) Improvement Plans
      iii) Reference Links













    11. To submit the Review, the User must answer a required number of questions for all the pillars. Once done, click on Request Approval.






    12. Click Submit Review. Once the request is submitted, a Solution Architect will accept your request.




Remediate HRIs and MRIs from a Workload


  1. On the Workload summary page, click on Start Remediation to start the remediation process.





  2. After clicking on Start Remediation for security, the user will have to remediate the HRIs and MRIs that are generated.





  3. Once the remediation is complete for all the pillars, click on Request Approval. Wait for the Solution Architect’s approval.










  4. After the Solution Architect approves the remediation request, click Submit Remediation.





  5. Well-Architected Framework remediation has now completed successfully.




  6. The remediation report can be downloaded by choosing the Download Report.


Tevico Deboarding


If a user wants to unsubscribe from Tevico, the steps given below are to be followed.

  • Unsubscribe from AWS Marketplace.
  • Delete cross-account IAM role and other resources created by the platform during the onboarding process.
  • Close Tevico account.



Unsubscribe from AWS Marketplace

  1. Log in to the same AWS Account from which the user has subscribed to Tevico. Navigate to AWS Marketplace from the AWS Management Console.

  2. Search for Tevico in the Manage Subscriptions section and click Manage.





  3. Click Cancel Subscription from the Actions drop-down.







  4. You will receive a Subscription Cancellation email on the registered email ID.








  5. Once the platform is done cleaning up resources created by Tevico in your AWS account, you will receive a final email indicating completion of Subscription Cancellation.






  6. After completing the steps above, you have unsubscribed from the Tevico AWS Marketplace subscription.

    Note: It takes 1 hour to unsubscribe from the AWS Marketplace, during which your resources will be deleted and billing will be settled completely.



Delete cross-account IAM role and other resources created by the platform during the onboarding process.



The resources created in the AWS account during onboarding need to be removed. To achieve this, the CloudFormation stack must be deleted.

Note: Before initiating the CloudFormation stack delete operation, ensure that the S3 buckets created for storing Security Assessment Reports and/or CUR data are ’empty’. Failure to do so will result in an error during S3 bucket deletion and CloudFormation stack deletion. If you prefer not to delete these S3 buckets, please tick the appropriate checkbox during the Delete Stack operation in the AWS Management Console


  1. Log in to the same AWS Account and open S3.






  2. Empty the respective S3 buckets



  3. Go to AWS CloudFormation.
    Select the Tevico stack and then click Delete.







  4. Wait until the stacks transition to DELETE_COMPLETE without encountering any errors.




  5. After the stack transition completes, the resources are successfully deleted.



Close Tevico Account

To close the Tevico account, follow the steps given below:


  1. Login to https://console.tevi.co using your Tevico credentials.




  2. Go to Account Settings and select Close Account from the sub-menu.




  3. Request an OTP for the account closure activity from the Close Account subsection on the Account Settings page.






  4. Enter the OTP received on your registered email and click Submit.




  5. Your Tevico account is closed successfully.







Website/Social Media


To know more about Tevico, here are quick reference links:

Website Link: https://tevi.co

Contact Us: connect@tevi.co


Social Media:

LinkedIn: https://www.linkedin.com/showcase/tevico/posts/?feedView=all

X: https://twitter.com/AskTevico?t=FvOtU8KnnjB4mreys9jtNg&s=09

Appendix


In a cross-account IAM role, Tevico requires the following permissions in your AWS account to capture insights and display them in the dashboard.

{
  “Version”: “2012-10-17”,
  “Statement”: [
    {
      “Effect”: “Allow”,
      “Action”: [
        “events:*”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “cloudwatch:List*”,
        “cloudwatch:PutMetricAlarm”,
        “cloudwatch:Get*”,
        “cloudwatch:SetAlarmState”,
        “cloudwatch:DeleteAlarms”,
        “cloudwatch:Describe*”,
        “events:List*”,
        “events:Put*”,
        “events:DeleteRule”,
        “events:DisableRule”,
        “events:EnableRule”,
        “ce:Describe*”,
        “ce:List*”,
        “ce:Get*”,
        “pricing:Get*”,
        “compute-optimizer:Get*”,
        “cloudformation:ListStacks”,
        “guardduty:List*”,
        “guardduty:Get*”,
        “budgets:Describe*”,
        “budgets:ViewBudget”,
        “budgets:ModifyBudget”,
        “organizations:ListAccounts”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “wellarchitected:*”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “securityhub:Get*”,
        “securityhub:Describe*”,
        “securityhub:BatchEnableStandards”,
        “securityhub:EnableSecurityHub”,
        “securityhub:UpdateSecurityHubConfiguration”,
        “config:DescribeConfigurationRecorderStatus”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “access-analyzer:createAnalyzer”,
        “access-analyzer:deleteAnalyzer”,
        “access-analyzer:getAnalyzer”,
        “access-analyzer:listAnalyzers”,
        “access-analyzer:ListFindings”,
        “wafv2:ListWebACLs”,
        “wafv2:ListLoggingConfigurations”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “SSM:List*”,
        “SSM:Get*”,
        “SSM:CreateDocument”,
        “SSM:DeleteDocument”,
        “SSM:Describe*”,
        “SSM:SendCommand”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “SNS:CreateTopic”,
        “SNS:Subscribe”,
        “SNS:Publish”,
        “SNS:Get*”,
        “SNS:Set*”,
        “SNS:List*”,
        “SNS:DeleteTopic”,
        “SNS:Unsubscribe”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “ec2:Describe*”,
        “ec2:Copy*”,
        “ec2:CreateImage”,
        “ec2:CreateTags”,
        “ec2:DeleteSnapshot”,
        “ec2:DeregisterImage”,
        “elasticloadbalancing:Describe*”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “iam:Get*”,
        “iam:List*”,
        “iam:SimulatePrincipalPolicy”,
        “iam:PassRole”,
        “iam:CreateServiceLinkedRole”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “s3:ListAllMyBuckets”,
        “S3:GetBucketLocation”,
        “S3:GetBucketPolicyStatus”,
        “S3:GetBucketAcl”,
        “S3:GetBucketPublicAccessBlock”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “sns:AddPermission”,
        “sns:CreateTopic”,
        “sns:DeleteTopic”,
        “sns:ListTopics”,
        “sns:SetTopicAttributes”,
        “sns:GetTopicAttributes”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: “cloudtrail:*”,
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “lambda:GetFunction”,
        “lambda:ListFunctions”,
        “lambda:InvokeFunction”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “autoscaling:DescribeAutoScalingGroups”,
        “ce:CreateAnomalyMonitor”,
        “ce:CreateAnomalySubscription”,
        “ce:DeleteAnomalyMonitor”,
        “ce:DeleteAnomalySubscription”,
        “ce:UpdateAnomalyMonitor”,
        “ce:UpdateAnomalySubscription”,
        “cloudformation:DescribeStackResources”,
        “cloudformation:DescribeStacks”,
        “cloudformation:GetTemplate”,
        “cloudfront:ListDistributions”,
        “cloudwatch:DescribeAlarms”,
        “cloudwatch:GetMetricStatistics”,
        “cloudwatch:ListMetrics”,
        “config:DescribeConfigurationRecorders”,
        “config:DescribeDeliveryChannelStatus”,
        “config:DescribeDeliveryChannels”,
        “cur:DescribeReportDefinitions”,
        “cur:PutReportDefinition”,
        “dynamodb:DescribeContinuousBackups”,
        “dynamodb:DescribeTable”,
        “dynamodb:ListTables”,
        “ecs:ListClusters”,
        “eks:ListClusters”,
        “elasticache:DescribeCacheClusters”,
        “elasticache:DescribeCacheSubnetGroups”,
        “elasticache:DescribeReplicationGroups”,
        “elasticfilesystem:DescribeFileSystems”,
        “elasticloadbalancing:DescribeLoadBalancers”,
        “es:DescribeElasticsearchDomains”,
        “inspector:ListAssessmentRuns”,
        “kms:ListKeys”,
        “lambda:GetPolicy”,
        “rds:DescribeDBInstances”,
        “rds:DescribeDBSnapshots”,
        “rds:DescribePendingMaintenanceActions”,
        “rds:ListTagsForResource”,
        “redshift:DescribeClusters”,
        “s3:GetBucketLogging”,
        “s3:GetBucketPolicy”,
        “s3:GetBucketVersioning”,
        “s3:GetEncryptionConfiguration”,
        “ssm:ListComplianceSummaries”,
        “support:DescribeCases”,
        “support:DescribeTrustedAdvisorCheckRefreshStatuses”,
        “support:DescribeTrustedAdvisorCheckResult”,
        “support:DescribeTrustedAdvisorChecks”,
        “tag:GetResources”,
        “tag:GetTagKeys”,
        “tag:GetTagValues”,
        “workspaces:DescribeWorkspaceDirectories”,
        “workspaces:DescribeWorkspaces”
      ],
      “Resource”: “*”
    }
  ]
}

Get started

Introduction

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras interdum accumsan sollicitudin. Nullam malesuada egestas quam, id sodales erat consequat ut. In id facilisis massa, nec pulvinar arcu. Aenean augue justo, gravida quis lectus at, lobortis ultrices felis. Integer tristique lorem sit amet risus gravida, at maximus magna facilisis. Aliquam eget dictum ex. Etiam sed nibh auctor, feugiat tortor quis, rutrum justo. Quisque dui ipsum, pellentesque tempor diam quis, posuere feugiat ligula. Nullam id urna convallis, pellentesque arcu id, cursus neque. Ut faucibus velit at orci interdum luctus. Duis pellentesque vestibulum sapien eget pulvinar. Quisque iaculis ex ac tincidunt tempor.

Get started

Introduction

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras interdum accumsan sollicitudin. Nullam malesuada egestas quam, id sodales erat consequat ut. In id facilisis massa, nec pulvinar arcu. Aenean augue justo, gravida quis lectus at, lobortis ultrices felis. Integer tristique lorem sit amet risus gravida, at maximus magna facilisis. Aliquam eget dictum ex. Etiam sed nibh auctor, feugiat tortor quis, rutrum justo. Quisque dui ipsum, pellentesque tempor diam quis, posuere feugiat ligula. Nullam id urna convallis, pellentesque arcu id, cursus neque. Ut faucibus velit at orci interdum luctus. Duis pellentesque vestibulum sapien eget pulvinar. Quisque iaculis ex ac tincidunt tempor.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras interdum accumsan sollicitudin. Nullam malesuada egestas quam, id sodales erat consequat ut. In id facilisis massa, nec pulvinar arcu. Aenean augue justo, gravida quis lectus at, lobortis ultrices felis. Integer tristique lorem sit amet risus gravida, at maximus magna facilisis. Aliquam eget dictum ex. Etiam sed nibh auctor, feugiat tortor quis, rutrum justo. Quisque dui ipsum, pellentesque tempor diam quis, posuere feugiat ligula. Nullam id urna convallis, pellentesque arcu id, cursus neque. Ut faucibus velit at orci interdum luctus. Duis pellentesque vestibulum sapien eget pulvinar. Quisque iaculis ex ac tincidunt tempor.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras interdum accumsan sollicitudin. Nullam malesuada egestas quam, id sodales erat consequat ut. In id facilisis massa, nec pulvinar arcu. Aenean augue justo, gravida quis lectus at, lobortis ultrices felis. Integer tristique lorem sit amet risus gravida, at maximus magna facilisis. Aliquam eget dictum ex. Etiam sed nibh auctor, feugiat tortor quis, rutrum justo. Quisque dui ipsum, pellentesque tempor diam quis, posuere feugiat ligula. Nullam id urna convallis, pellentesque arcu id, cursus neque. Ut faucibus velit at orci interdum luctus. Duis pellentesque vestibulum sapien eget pulvinar. Quisque iaculis ex ac tincidunt tempor.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras interdum accumsan sollicitudin. Nullam malesuada egestas quam, id sodales erat consequat ut. In id facilisis massa, nec pulvinar arcu. Aenean augue justo, gravida quis lectus at, lobortis ultrices felis. Integer tristique lorem sit amet risus gravida, at maximus magna facilisis. Aliquam eget dictum ex. Etiam sed nibh auctor, feugiat tortor quis, rutrum justo. Quisque dui ipsum, pellentesque tempor diam quis, posuere feugiat ligula. Nullam id urna convallis, pellentesque arcu id, cursus neque. Ut faucibus velit at orci interdum luctus. Duis pellentesque vestibulum sapien eget pulvinar. Quisque iaculis ex ac tincidunt tempor.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras interdum accumsan sollicitudin. Nullam malesuada egestas quam, id sodales erat consequat ut. In id facilisis massa, nec pulvinar arcu. Aenean augue justo, gravida quis lectus at, lobortis ultrices felis. Integer tristique lorem sit amet risus gravida, at maximus magna facilisis. Aliquam eget dictum ex. Etiam sed nibh auctor, feugiat tortor quis, rutrum justo. Quisque dui ipsum, pellentesque tempor diam quis, posuere feugiat ligula. Nullam id urna convallis, pellentesque arcu id, cursus neque. Ut faucibus velit at orci interdum luctus. Duis pellentesque vestibulum sapien eget pulvinar. Quisque iaculis ex ac tincidunt tempor.

Introduction

Tevico is a Cloud Governance tool designed to manage AWS cloud resources efficiently, focusing on Cost, Security, Reliability, and Compliance. As a SaaS platform, Tevico empowers users to monitor and optimize their AWS accounts efficiently.

User Manual Overview

This User Manual for Tevico provides comprehensive guidance for onboarding your AWS account onto the platform. It outlines the prerequisites for onboarding and offers step-by-step instructions for utilizing key features such as Security Assessment and Well-Architected Framework Review.

Product Features

This user manual explains how to upgrade subscription plans. Presently, Tevico offers the following plans:

  • Collaborator Plan
  • Basic Plan
  • Premium Plan

Key Features

By the end of this guide, users will be able to:

  • Onboard their AWS account onto Tevico.
  • Upgrade their account to the Premium plan.
  • Enable and execute Standard and/or Advanced Security Assessments.
  • Generate detailed security reports compliant with various standards.
  • Identify, analyze, and remediate security findings using Tevico’s Security Assessment.
  • Create a Well-Architected Framework workload, review it against industry best practices, and address identified gaps.

Prerequisites


1. To begin using Tevico as a cloud management platform, a Cross-Account IAM role is utilized. All necessary resources for this access are provisioned using a CloudFormation Template provided by the platform upon subscription.

Users require the following access to create the required resources in their AWS account and grant necessary permissions to Tevico:

{
    “Version”: “2012-10-17”,
    “Statement”: [
        {
            “Sid”: “FullAccess”,
            “Effect”: “Allow”,
            “Action”: [

                “aws-marketplace:Subscribe”,

                “aws-marketplace:ViewSubscriptions”,

                “aws-marketplace:Unsubscribe”,

                “config:*”,

                “cloudformation:CreateStack”,

                “cloudformation:UpdateStack”,

                “cloudformation:DeleteStack”,

                “cloudformation:CreateChangeSet”,

                “cloudformation:ContinueUpdateRollback”,

                “cloudformation:DeleteChangeSet”,

                “cloudformation:DescribeChangeSet”,

                “cloudformation:DescribeStacks”,

                “cloudformation:DescribeStackEvents”,

                “cloudformation:ListChangeSets”,

                “cloudformation:DetectStackDrift”,

                “cloudformation:DescribeStackDriftDetectionStatus”,

                “cloudformation:DescribeStackResourceDrifts”,

                “cloudformation:ListStackInstanceResourceDrifts”,

                “cloudformation:GetTemplateSummary”,

{
    “Version”: “2012-10-17”,
    “Statement”: [
        {
            “Sid”: “FullAccess”,
            “Effect”: “Allow”,
            “Action”: [

                “aws-marketplace:Subscribe”,

                “aws-marketplace:ViewSubscriptions”,

                “aws-marketplace:Unsubscribe”,

                “config:*”,

                “cloudformation:CreateStack”,

                “cloudformation:UpdateStack”,

                “cloudformation:DeleteStack”,

                “cloudformation:CreateChangeSet”,

                “cloudformation:ContinueUpdateRollback”,

                “cloudformation:DeleteChangeSet”,

                “cloudformation:DescribeChangeSet”,

                “cloudformation:DescribeStacks”,

                “cloudformation:DescribeStackEvents”,

                “cloudformation:ListChangeSets”,

                “cloudformation:DetectStackDrift”,

                “cloudformation:DescribeStackDriftDetectionStatus”,

                “cloudformation:DescribeStackResourceDrifts”,

                “cloudformation:ListStackInstanceResourceDrifts”,

                “cloudformation:GetTemplateSummary”,

“license-manager:ListReceivedLicenses”,

                “sns:ListTopics”,

                “s3:ListBucket”,

                “s3:CreateBucket”,

                “s3:PutBucketPolicy”,

                “s3:GetBucketPolicy”,

                “s3:DeleteBucketPolicy”,

                “s3:GetBucketAcl”,

                “s3:GetBucketLocation”,

                “s3:PutBucketOwnershipControls”,

                “s3:DeleteBucket”,

                “s3:GetObject”,

                “s3:PutObject”
            ],
            “Resource”: [“*”]
        }
    ]
}



2. Users who create a stack using the CloudFormation template must use a valid email ID to receive an activation link.

Tevico Onboarding


AWS Marketplace Subscription from Management Console

  1. Login into AWS Management Console and navigate to AWS Marketplace.





  2. In the AWS Marketplace, click Discover products and search “Tevico” in the search bar.



  3. Select the product Tevico, and click View purchase options to get the price details.








  4. Click View purchase options. In Available offers, you can find the Public and Free trial offers.







  5. Click Subscribe to complete the purchase.



  6. Click on Set up your Account button on the top right of the page. It will take the user to Tevico’s sign-up process defined in detail in the Sign up on Tevico section given below.



Sign up on Tevico


Follow the steps given below to onboard.

  1. Open the environment URL (by clicking Set up your account in the previous step)




  2. On Create a New Account page, sign up using Google or enter a valid email ID and proceed to Create Account.



  3. On Add Tevico as your Trusted Account page, click ‘Next’ to create necessary resources like IAM policies and cross-account roles.


    Note
    : The permissions that Tevico needs in a cross-account role can be found here.



  4. Click Launch Stack.






  5. A new tab or window is opened. The user will be taken to the AWS CloudFormation Stack creation page. Keep pre-populated values and tick IAM capabilities-related checkboxes allowing stack to create IAM resources.







  6. Wait until the status for both the stacks changes from



    ‘CREATE_IN_PROGRESS’ to ‘CREATE_COMPLETE’.










  7. Tevico will automatically fetch the Role ARN & populate the correct value in the placeholder text box. Click Next once it is fetched.




  8. When prompted to set the password on the Set Password page, enter the password, and re-enter the password.  Click a password that satisfies all the required conditions and click Next.




  9. Click Let’s Get Started.



  10. Check the email with which you signed up on Tevico. Click on the activation link received in the email to activate your account.


  11. Login to your Tevico account using your registered mail ID.




  12. The above link will take you to the login page. Enter your email ID and password, and click Sign In.






  13. The sign-up created on Tevico is in the Basic Plan. To access advanced features



Upgrading to the Premium Plan



Follow the steps given below to upgrade your Tevico account to Premium plan:


  1. Log in to https://console.tevi.co using valid credentials. Click on the Tevico Account ID (Eg. 60800-ara.salestoken+30) on the top right of the Home page after logging in.



  2. Go to the Account Settings page from the options given in the sidebar.




  3. Click Plan from the sub-sections given below.



  4. Select the Premium plan and click the Get Started button under the Premium plan category.







  5. Click the AWS sub-menu and
    select Update Stack.



  6. Click on the Update Stack button again. The user will be redirected to the AWS Update Cloudformation Stack page.





  7. Click Next for every section of the Update stack form without modifying any of the existing values. Tick the checkboxes and click Submit.


















  8. When the Stack is updated, the status will change from UPDATE_IN_PROGRESS to UPDATE_COMPLETE.








  9. Return to the Tevico tab in your browser and refresh the screen to view the Premium tag under your Tevico Account ID. The Premium plan features were activated successfully.

Security Assessments


Tevico enables users to capture the security posture of their AWS infrastructure by running Security Assessments. There are two types of assessments supported by Tevico.


  1. Standard Security Assessment
    Tevico provides a consolidated Security Assessment report which gives an aggregated view of the findings by resource type, status, and severity. You can assess your AWS account security levels using the security score based on CIS AWS Foundations Benchmark v1.2.0 and AWS Foundational Security Best Practices v1.0.0. You will get actionable recommendations for security remediation.


  1. Advanced Security Assessment
    The Advanced Security Assessment generates the report across various security standards such as CIS-1.2, CIS-1.4, PCI-DSS, NIST, GDPR, SOC2 & 15, HIPAA, and other standards along with guidance for security posture enhancements.
    Detailed risk analysis of the generated findings at individual service and resource levels is provided in the summary report for a better infrastructure remediation approach.



Enable Standard Security Assessment


  1. Login to https://console.tevi.co

  2. Click Dashboard on the navigation bar on the left. On the right side of the page, there are four tabs each for Cost, Security, Reliability & Inventory.



  3. Click Security.




  4. In the Assessments sub-section, click Explore Reports.

  5. Click Generate under Standard Security Assessment.



  6. Select the Region from the drop-down list to run the Standard Security
    Assessment based on where the existing workload is. You can select one region at a time for a single Standard Security Assessment.





  7. When the user clicks on Open AWS Config, they will receive details about the AWS pricing for the Config service and guidance on setting up a budget for it.
    Users can either set up a budget by selecting Set Budget Now or proceed without setting up any budget.



  8. Open a new tab and navigate to the AWS Management Console’s Setup AWS Config page. Keep the default settings unchanged and click Next to proceed to Step 2: Rules page.






  9. There is no need to select any specific rule before clicking Next. The user will then be taken to Step 3: Review.






  10. Click Confirm to enable AWS Config. The AWS Config Enabled status will now be visible on Tevico as well.







  11. Click Generate Report. Tevico will initiate the assessment in your account. This assessment typically takes around 5-6 hours to complete, after which the data will begin to appear on the dashboard.















    Enable Advanced Security Assessment

    1. Login to https://console.tevi.co

    2. Click Dashboard on the navigation bar on the left. On the right side of the page, there are four tabs each for Cost, Security, Reliability & Inventory.



    3. Click Security Dashboard.



    4. In the Assessments sub-section, click Explore Reports.



    5. Click the Generate button in Advanced Security Assessment.



    6. Fill in the necessary fields:

      • Select the Region(s) based on where the workload is.

      • Select Compliance from the drop-down list.




      • Select the S3 Bucket in which the assessment findings are to be stored.



      • Copy the S3 bucket policy visible in Tevico. It is required to attach this policy to the S3 bucket where the assessment findings are to be stored.


        Note
        : The S3 bucket policy is provided below for reference. Replace <AWS-Account-ID> and <role-name> with the appropriate values before attaching the policy to the S3 bucket.

        {
                    “Version”: “2012-10-17”,
                    “Statement”: [
                      {
                        “Sid”: “AllowPutObject”,
                        “Effect”: “Allow”,
                        “Principal”: {
                          “AWS”: arn:aws:iam::<AWS-Account-ID>:role/<role-name>
                        },
                        “Action”: [
                          “s3:PutObject”,
                          “s3:PutObjectAcl”
                        ],
                        “Resource”: [
                          “arn:aws:s3:::”,
                          “arn:aws:s3:::/*”
                        ]
                      },
                      {
                        “Sid”: “ReadBucketPermission”,
                        “Effect”: “Allow”,
                        “Principal”: {
                          “AWS”: “arn:aws:iam::956059115090:root”
                        },
                        “Action”: [
                          “s3:GetObject”,
                          “s3:ListBucket”,
                          “s3:GetBucketLocation”
                        ],
                        “Resource”: [
                          “arn:aws:s3:::”,
                          “arn:aws:s3:::/*”
                        ]
                      }
                    ]
                  }


      • To attach required S3 bucket policy, login to AWS Management Console and open S3. For the required S3 bucket, go to the Permissions tab.






      • In the Bucket Policy section, click on the Edit button and paste the given bucket policy statement.




      • After pasting the policy, click the Save button.





      • Go back to Tevico. Confirm the changes by ensuring that all status checks are passing and click Submit.






    7. Click Submit once again to get the Advanced Security Assessment results.



    8. The Advanced Security Assessment report will be ready after the scan which takes around 20-30 minutes to complete.












Inventory Dashboard

Tevico enables you to get a real-time view of your AWS resource inventory, helping you make informed decisions and take proactive actions.


You can get a summary of the frequently used cloud services and their distribution across AWS regions. This assists you in Identifying unused resources and having them removed based on the findings.



Set up Inventory Dashboard


To get a detailed inventory, use following steps:

  1. Login to https://console.tevi.co. Open Dashboard and navigate to the Inventory tab.




  2. You need to set up an S3 Bucket for storing Inventory Reports. Select the appropriate S3 bucket from the dropdown.



  3. The bucket policy that needs to be attached to the selected bucket is visible on the UI. Copy the given bucket policy.



  4. In the AWS Management Console, go to S3 and open the same S3 bucket. Go to the Permissions tab.





  5. In the Bucket policy section, click on the Edit button and paste the bucket policy given by Tevico. Save the bucket policy.



  6. Once the bucket policy is updated, go back to the Tevico tab. Click the “Generate” button to get the results.




  7. Wait for the inventory dashboard to be ready.




  8. Once the inventory dashboard is populated with data, you can see the sections showing various AWS services used in your AWS account. The sub-menu helps you navigate to the appropriate category of AWS services.

Well-Architected Framework Review and Remediation


Tevico provides an end-to-end user experience for conducting a Well-Architected Framework Review and Remediation of your workload running in AWS cloud. The process is conducted in 3 phases.


  1. Capture the application details:

Customer-Centric Approach: Tevico captures the details of application like architecture diagrams along with technology stack. By deeply understanding your business through Product-Market Synergy, Tevico documents your expectations from the application architecture considering the growth prospect. Tevico aims towards the workloads to be both technically robust and aligned with your specific needs.


  1. Review Process:

Expert Guidance and Continuous Improvement: Tevico’s Well-Architected module harnesses AWS Solution Architects’ best practices to help design and operate secure, efficient, and cost-effective workloads. The review process supports continuous improvement, allowing the users to save milestones, track architectural changes, and keep the workloads aligned with the latest AWS standards.


  1. Remediation:


Efficient Risk Assessment and Remediation: Tevico simplifies the review and remediation process by focusing on the intent behind each question, enhancing user engagement, and making the process more productive. This approach helps identify potential risks and outlines actionable steps for improvement, ensuring the workloads consistently meet AWS best practices.



Create a Workload

  1. Login to https://console.tevi.co


  2. Go to the Well-Architected section shown in the navigation bar on the left.






  3. Click on Create Workload and enter the necessary details such as
    • Workload Name
    • Description
    • Review Owner
    • AWS Region


  4. Click Next to move to Step 2 of the workload creation phase.










  5. In Step 2 of the Workload Creation phase, users can draw, upload, or add links to their Application/Infrastructure Architecture Diagram. Upon performing any of these actions click Next.






  6. Tevico offers several blueprints using which the review can be done. Blueprints are a set of questions that are to be answered depending on the type of review that the user wishes to conduct.

    Eg. KYA- Know Your Architecture

    SSB- Startup Security Baseline
    WAFR- Well-Architected Framework Review



    Select the appropriate blueprint and click Next.







  7. Once the workload is created, click Next to place a request for assigning a Solutions Architect to the newly created workload.



  8. When the Solutions Architect is assigned to the workload, the workload creation will be complete immediately.






Review a Workload


    1. On the Workload Summary page, click Start Review.



    2. Enter the necessary details for the Product Market Synergy:

      i) Industry Type
      ii) Problem Statement
      iii) Solution Provided
      iv) Traffic Pattern
      v) Compliance Requirements
      vi) Growth Forecast And Context


    3. Click Save.







    4. Enter the details related to the Technology Stack
      i) Web Application
      ii) Mobile Application
      iii) Backend Application
      iv) Database(s)
      v) Continuous Integration / Continuous Delivery (CI/CD) Pipelines
      vi) Artificial Intelligence (AI) / Machine Learning (ML) Workloads
      vii) Analytics Workloads

      Providing these details will help the assigned Solutions Architect give better recommendations during the review.


    5. Click Save.







    6. Users can ask any queries or add notes on the Queries & Notes page. These queries can be addressed during the review process. Once noted, click Save.




    7. A list of all the Pillars under this blueprint will be visible.
      i) Security
      ii) Reliability
      iii) Cost Optimization


    8. Click Start Review for Security Pillar




    9. In the Security pillar, the user has to answer these sets of questions according to AWS Best Practices implemented in their workload.



    10. During this review phase, further details for your infrastructure can also be noted down by the user or by the Solution Architect assigned such as
      i) Observations
      ii) Improvement Plans
      iii) Reference Links












    11. To submit the Review, the User must answer a required number of questions for all the pillars. Once done, click on Request Approval.






    12. Click Submit Review. Once the request is submitted, a Solution Architect will accept your request.



Remediate HRIs and MRIs from a Workload


  1. On the Workload summary page, click on Start Remediation to start the remediation process.




  2. After clicking on Start Remediation for security, the user will have to remediate the HRIs and MRIs that are generated.



  3. Once the remediation is complete for all the pillars, click on Request Approval. Wait for the Solution Architect’s approval.










  4. After the Solution Architect approves the remediation request, click Submit Remediation.



  5. Well-Architected Framework remediation has now completed successfully.



  6. The remediation report can be downloaded by choosing the Download Report.

Tevico Deboarding


If a user wants to unsubscribe from Tevico, the steps given below are to be followed.

  • Unsubscribe from AWS Marketplace.
  • Delete cross-account IAM role and other resources created by the platform during the onboarding process.
  • Close Tevico account.



Unsubscribe from AWS Marketplace


  1. Log in to the same AWS Account from which the user has subscribed to Tevico. Navigate to AWS Marketplace from the AWS Management Console.

  2. Search for Tevico in the Manage Subscriptions section and click Manage.







  3. Click Cancel Subscription from the Actions drop-down.





  4. You will receive a Subscription Cancellation email on the registered email ID.











  5. Once the platform is done cleaning up resources created by Tevico in your AWS account, you will receive a final email indicating completion of Subscription Cancellation.






  6. After completing the steps above, you have unsubscribed from the Tevico AWS Marketplace subscription.

    Note: It takes 1 hour to unsubscribe from the AWS Marketplace, during which your resources will be deleted and billing will be settled completely.



Delete cross-account IAM role and other resources created by the platform during the onboarding process.



The resources created in the AWS account during onboarding need to be removed. To achieve this, the CloudFormation stack must be deleted.

Note: Before initiating the CloudFormation stack delete operation, ensure that the S3 buckets created for storing Security Assessment Reports and/or CUR data are ’empty’. Failure to do so will result in an error during S3 bucket deletion and CloudFormation stack deletion. If you prefer not to delete these S3 buckets, please tick the appropriate checkbox during the Delete Stack operation in the AWS Management Console


  1. Log in to the same AWS Account and open S3.






  2. Empty the respective S3 buckets




  3. Go to AWS CloudFormation. Select the Tevico stack and then click Delete.






  4. Wait until the stacks transition to DELETE_COMPLETE without encountering any errors.





  5. After the stack transition completes, the resources are successfully deleted.



Close Tevico Account

To close the Tevico account, follow the steps given below:

  1. Login to https://console.tevi.co using your Tevico credentials.



  2. Go to Account Settings and select Close Account from the sub-menu.



  3. Request an OTP for the account closure activity from the Close Account subsection on the Account Settings page.






  4. Enter the OTP received on your registered email and click Submit.







  5. Your Tevico account is closed successfully.




Website/Social Media


To know more about Tevico, here are quick reference links:


Website Link:
https://tevi.co

Contact Us: connect@tevi.co



Social Media:

LinkedIn: https://www.linkedin.com/showcase/tevico/posts/?feedView=all

X: https://twitter.com/AskTevico?t=FvOtU8KnnjB4mreys9jtNg&s=09

Appendix


In a cross-account IAM role, Tevico requires the following permissions in your AWS account to capture insights and display them in the dashboard.


{
  “Version”: “2012-10-17”,
  “Statement”: [
    {
      “Effect”: “Allow”,
      “Action”: [
        “events:*”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “cloudwatch:List*”,
        “cloudwatch:PutMetricAlarm”,
        “cloudwatch:Get*”,
        “cloudwatch:SetAlarmState”,
        “cloudwatch:DeleteAlarms”,
        “cloudwatch:Describe*”,
        “events:List*”,
        “events:Put*”,
        “events:DeleteRule”,
        “events:DisableRule”,
        “events:EnableRule”,
        “ce:Describe*”,
        “ce:List*”,
        “ce:Get*”,
        “pricing:Get*”,
        “compute-optimizer:Get*”,
        “cloudformation:ListStacks”,
        “guardduty:List*”,
        “guardduty:Get*”,
        “budgets:Describe*”,
        “budgets:ViewBudget”,
        “budgets:ModifyBudget”,
        “organizations:ListAccounts”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “wellarchitected:*”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “securityhub:Get*”,
        “securityhub:Describe*”,
        “securityhub:BatchEnableStandards”,
        “securityhub:EnableSecurityHub”,
        “securityhub:UpdateSecurityHubConfiguration”,
        “config:DescribeConfigurationRecorderStatus”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “access-analyzer:createAnalyzer”,
        “access-analyzer:deleteAnalyzer”,
        “access-analyzer:getAnalyzer”,
        “access-analyzer:listAnalyzers”,
        “access-analyzer:ListFindings”,
        “wafv2:ListWebACLs”,
        “wafv2:ListLoggingConfigurations”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “SSM:List*”,
        “SSM:Get*”,
        “SSM:CreateDocument”,
        “SSM:DeleteDocument”,
        “SSM:Describe*”,
        “SSM:SendCommand”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “SNS:CreateTopic”,
        “SNS:Subscribe”,
        “SNS:Publish”,
        “SNS:Get*”,
        “SNS:Set*”,
        “SNS:List*”,
        “SNS:DeleteTopic”,
        “SNS:Unsubscribe”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “ec2:Describe*”,
        “ec2:Copy*”,
        “ec2:CreateImage”,
        “ec2:CreateTags”,
        “ec2:DeleteSnapshot”,
        “ec2:DeregisterImage”,
        “elasticloadbalancing:Describe*”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “iam:Get*”,
        “iam:List*”,
        “iam:SimulatePrincipalPolicy”,
        “iam:PassRole”,
        “iam:CreateServiceLinkedRole”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “s3:ListAllMyBuckets”,
        “S3:GetBucketLocation”,
        “S3:GetBucketPolicyStatus”,
        “S3:GetBucketAcl”,
        “S3:GetBucketPublicAccessBlock”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “sns:AddPermission”,
        “sns:CreateTopic”,
        “sns:DeleteTopic”,
        “sns:ListTopics”,
        “sns:SetTopicAttributes”,
        “sns:GetTopicAttributes”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: “cloudtrail:*”,
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “lambda:GetFunction”,
        “lambda:ListFunctions”,
        “lambda:InvokeFunction”
      ],
      “Resource”: “*”
    },
    {
      “Effect”: “Allow”,
      “Action”: [
        “autoscaling:DescribeAutoScalingGroups”,
        “ce:CreateAnomalyMonitor”,
        “ce:CreateAnomalySubscription”,
        “ce:DeleteAnomalyMonitor”,
        “ce:DeleteAnomalySubscription”,
        “ce:UpdateAnomalyMonitor”,
        “ce:UpdateAnomalySubscription”,
        “cloudformation:DescribeStackResources”,
        “cloudformation:DescribeStacks”,
        “cloudformation:GetTemplate”,
        “cloudfront:ListDistributions”,
        “cloudwatch:DescribeAlarms”,
        “cloudwatch:GetMetricStatistics”,
        “cloudwatch:ListMetrics”,
        “config:DescribeConfigurationRecorders”,
        “config:DescribeDeliveryChannelStatus”,
        “config:DescribeDeliveryChannels”,
        “cur:DescribeReportDefinitions”,
        “cur:PutReportDefinition”,
        “dynamodb:DescribeContinuousBackups”,
        “dynamodb:DescribeTable”,
        “dynamodb:ListTables”,
        “ecs:ListClusters”,
        “eks:ListClusters”,
        “elasticache:DescribeCacheClusters”,
        “elasticache:DescribeCacheSubnetGroups”,
        “elasticache:DescribeReplicationGroups”,
        “elasticfilesystem:DescribeFileSystems”,
        “elasticloadbalancing:DescribeLoadBalancers”,
        “es:DescribeElasticsearchDomains”,
        “inspector:ListAssessmentRuns”,
        “kms:ListKeys”,
        “lambda:GetPolicy”,
        “rds:DescribeDBInstances”,
        “rds:DescribeDBSnapshots”,
        “rds:DescribePendingMaintenanceActions”,
        “rds:ListTagsForResource”,
        “redshift:DescribeClusters”,
        “s3:GetBucketLogging”,
        “s3:GetBucketPolicy”,
        “s3:GetBucketVersioning”,
        “s3:GetEncryptionConfiguration”,
        “ssm:ListComplianceSummaries”,
        “support:DescribeCases”,
        “support:DescribeTrustedAdvisorCheckRefreshStatuses”,
        “support:DescribeTrustedAdvisorCheckResult”,
        “support:DescribeTrustedAdvisorChecks”,
        “tag:GetResources”,
        “tag:GetTagKeys”,
        “tag:GetTagValues”,
        “workspaces:DescribeWorkspaceDirectories”,
        “workspaces:DescribeWorkspaces”
      ],
      “Resource”: “*”
    }
  ]
}