Key Concepts
Key Concepts
Understanding these core concepts will help you make the most of SkySaver.
Projects
A Project is the top-level entity in SkySaver, created during the registration process. One AWS Marketplace subscription = one project.
Each project has its own:
- Default tag name
- Default IAM role name
- Enabled regions
- Enabled services
- User permissions
A single project can manage AWS accounts from multiple AWS Organizations, giving you flexibility to consolidate management across different AWS organizational boundaries.
AWS Accounts
AWS Accounts are the individual AWS accounts you connect to SkySaver. Each account requires:
- An IAM role that SkySaver can assume
- Configuration in the SkySaver portal
You can add accounts from multiple AWS Organizations to your SkySaver project.
Schedules
A Schedule defines when a resource should be active (running) or inactive (stopped/scaled down). Schedules consist of:
- Name - A unique identifier used in resource tags
- Type - The resource type (EC2, RDS, Lambda, ASG)
- Timezone - The timezone for schedule timing
- Periods - Time windows when resources should be active
Periods
Periods are the building blocks of schedules. Each period defines:
- Start Time - When the resource should become active
- End Time - When the resource should become inactive
- Days - Which days of the week the period applies
- Configuration - Resource-specific settings (e.g., instance type for EC2)
Multiple periods can be combined in a single schedule for complex timing needs.
Tags
Tags are AWS resource metadata used to associate resources with schedules. SkySaver uses a key-value tagging approach:
| Component | Description | Example |
|---|---|---|
| Tag Key | Your configured tag name | Schedule |
| Tag Value | The schedule name | dev-business-hours |
Automations
Automations are background processes that optimize your AWS environment. There are three types:
| Type | Description | Example |
|---|---|---|
| Continuous | Runs constantly, processing data | Cost Explorer, Resource Scheduler |
| Cadence | Runs on a regular schedule | S3 Intelligent Tiering |
| Trigger | Runs on-demand when initiated | Security Group Finder |
Automation Reports
Automation Reports provide visibility into automation execution:
- Execution timestamps
- Status (success, failure, partial)
- Affected resources
- Downloadable CSV exports
IAM Roles
SkySaver uses IAM Roles to access your AWS accounts. The role:
- Is created via our CloudFormation template
- Uses an External ID for security
- Has permissions scoped to required actions only
- Is assumed by SkySaver’s AWS account
External ID
The External ID is a security measure used when assuming IAM roles. It prevents confused deputy attacks and ensures only your SkySaver account can use your IAM role.
Cost and Usage Reports (CUR)
CUR is an AWS feature that provides detailed billing data. SkySaver can read CUR data from S3 for enhanced cost analysis.
Role-Based Access Control (RBAC)
RBAC allows you to control what users can do within SkySaver using granular permission scopes:
| Scope Category | Examples |
|---|---|
| Accounts | read:accounts, write:accounts, manage:account, delete:accounts |
| Members | read:project_members, write:project_members, manage:project_members |
| Schedules | read:schedules, write:schedules, manage:schedules |
| Project | read:project, manage:project |
Users can be assigned any combination of scopes for fine-grained access control. See RBAC for details.
Related Topics
- AWS Account Setup - Setting up IAM roles
- Resource Scheduling - Creating and managing schedules
- Automations - Understanding automation types