Skip to content

Sosivio AWS Billing

Important Notice: If your EKS cluster contains more than 1,000 cores please contact us at [email protected] for a volume-based discounted enterprise license. Sosivio does not currently support tiered metering in AWS.


  • AWS CLI installed and configured
  • Admin access to your cluster. You can verify this with kubectl auth can-i "*" "*"
  • Ability to add AWS IAM policy and role
  • EKS cluster with IAM roles for service accounts enabled


Thank you for choosing Sosivio for AWS! After clicking subscribe in the AWS Marketplace, we need to install Sosivio and allow access to AWS in order to meter the cluster usage.

Environment Variables

The Sosivio installer will use the following environment variables. Please change them to correspond with your internal guidelines and naming conventions.

export AWS_ACCOUNT_ID=<your aws account id>
export SOSIVIO_ROLE_NAME=sosivio-marketplace-role
export CLUSTER_NAME=<your-cluster-name>
export REGION=<your-cluster-region>
export CLUSTER_OIDC_ISSUER_URL=$(aws eks describe-cluster --name $CLUSTER_NAME --query "cluster.identity.oidc.issuer" --region $REGION --output text )
export EXPOSE_TYPE=LoadBalancer #or PortForward or Ingress

# If you chose Ingress as the EXPOSE_TYPE, you'll need to provide domain URL:
# export #will create

Creating an AWS Roles

First, we'll need to create an AWS role with the appropriate AWS-managed permissions to contact the AWS Marketplace API: Our Role should have the following permissions: - AWSMarketplaceMeteringFullAccess - AWSMarketplaceMeteringRegisterUsage

*You can create the role via the AWS Console, but we'll provide you with the command to create it via the AWS CLI.

Run the following commands:

Step 1: Create the trust policy:

echo "{
    \"Version\": \"2012-10-17\",
    \"Statement\": [
            \"Effect\": \"Allow\",
            \"Principal\": {
                \"Federated\": \"arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${CLUSTER_OIDC_ISSUER}\"
            \"Action\": \"sts:AssumeRoleWithWebIdentity\",
            \"Condition\": {
                \"StringEquals\": {
                    \"${CLUSTER_OIDC_ISSUER}:aud\": \"\"
}" > sosivio-trust-policy.json

Step 2: Create the AWS role:

aws iam create-role \
--role-name $SOSIVIO_ROLE_NAME \

Step 3: Attach the required permissions:

aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess \
--role-name $SOSIVIO_ROLE_NAME 

aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage \
--role-name $SOSIVIO_ROLE_NAME 

Install/Upgrade Sosivio

Note: we'll provide a cli one-type commands to install sosivio with the correct configuration. We recommend editing the helm values file and save the helm chart with your preferred values.

Step 1: Add Sosivio Helm repo

helm repo add sosivio
helm repo update

Step 2: If it’s a fresh Installation of Sosivio:

#Deploy Via AWS LoadBalancer
helm install -n sosivio sosivio sosivio/sosivio --create-namespace \
--set expose=$EXPOSE_TYPE \ #--set domain=$DOMAIN_URL (if you chose EXPOSE_TYPE=Ingress
--set cluster_name=$CLUSTER_NAME \
--set aws.accountId=$AWS_ACCOUNT_ID \
--set aws.markteplaceRole=$SOSIVIO_ROLE_NAME 

Step 3: If its an upgrade for an existing (AWS-metered) installation:

helm upgrade -n sosivio sosivio sosivio/sosivio \
--set expose=$EXPOSE_TYPE \
--set cluster_name=$CLUSTER_NAME \
--set aws.accountId=$AWS_ACCOUNT_ID \
--set aws.markteplaceRole=$SOSIVIO_ROLE_NAME 

First Login to Sosivio

Step 1: Open the Sosivio URL in your browser. The Helm chart installation will output how to get the Sosivio URL. If for any reason the command printed is incorrect, you can run the following commands:

  • for LoadBalancer: kubectl get svc dashboard-lb -n sosivio
  • for Ingress: kubectl get ingress dashboard -n sosivio
  • for PortForward: kubectl port-forward -n sosivio svc/dashboard 8088:8088

Step 2: The default user is admin. in order to get the generated password, run the following command: kubectl get secret -n sosivio sosivio-admin-otp -o jsonpath='{.data.password}' | base64 -d