Background

Cloud Analytics uses two primary data sources for helping you manage costs:

  • Bill data - Bill information is collected from your public cloud provider to enable an accurate view of all of your costs across your accounts and services
  • Usage data - Usage data is collected from RightScale Cloud Management to provide additional detail for slicing and dicing costs across many different dimensions

This page describes how to connect bill data for AWS. Learn about the data sources for Cloud Analytics, how to connect bills for other clouds, and how to connect usage data.

Overview

This page will walk you through the steps to connect Amazon Web Services (AWS) to RightScale for cost reporting purposes. If you have any questions and would like live assistance, please join us on our chat channel, chat.rightscale.com.

The following steps must be completed in order for RightScale to provide insight on your AWS bill:

  1. Enable Cost and Usage Reporting on your AWS account
    1. Create and configure an S3 bucket
    2. Configure AWS billing reports
  2. Create an IAM user that can read billing reports
  3. Provide billing report details to RightScale

Each of the steps above is explained in detail on this page.

Enable Cost and Usage Reporting on your AWS payer account

In order to obtain all of the detail required in order to accurately display your cost information, we require you to enable the AWS Cost and Usage report. If your account is part of a consolidated billing group, this action must be performed on the payer's account. This process is detailed in the AWS documentation referenced in the Configure billing reports subsection below.

Create and configure an S3 bucket

First you need to create an S3 bucket and grant AWS permission to write your billing details into this bucket (the animation below illustrates the process flow).

s3-bucket-creation-for-billing-setup
s3-bucket-policy-for-billing-setup

  1. Create a new S3 bucket to hold your cloud bills if you have not done so already.
  2. Grant AWS permission to write your bills into that bucket. (Please see the example policy below. Be sure to replace the two occurrences of YOUR_BILLING_BUCKET_NAME_HERE accordingly.)
{
       "Version": "2008-10-17",
       "Id": "Policy1335892530063",
       "Statement": [
           {
               "Sid": "Stmt1335892150622",
               "Effect": "Allow",
               "Principal": {
                   "AWS": "arn:aws:iam::386209384616:root"
               },
               "Action": [
                   "s3:GetBucketAcl",
                   "s3:GetBucketPolicy"
               ],
               "Resource": "arn:aws:s3:::YOUR_BILLING_BUCKET_NAME_HERE"
           },
           {
               "Sid": "Stmt1335892526596",
               "Effect": "Allow",
               "Principal": {
                   "AWS": "arn:aws:iam::386209384616:root"
               },
               "Action": [
                   "s3:PutObject"
               ],
               "Resource": "arn:aws:s3:::YOUR_BILLING_BUCKET_NAME_HERE/*"
           }
       ]
}

Configure billing reports

Configure AWS Billing to send bills to your S3 bucket with the required information in the proper format. The numbered instructions below refer to the steps described in the AWS documentation.

create_billing_report.gif

  1. On the top-right of the console, hover over your name and select My Billing Dashboad.
  2. Select Reports on the left-hand menu.
  3. Click Create report.
  4. Enter a report name of your choosing.
  5. Ensure Hourly is selected as the Time unit.
  6. Toggle the checkbox to include Resource IDs.
  7. Click Next.
  8. Enter your bucket name from the previous step.
  9. Enter a report prefix of your choosing.
  10. Ensure GZIP is selected as the compression type.
  11. Click Next.
  12. Click Review and Complete.

Create an IAM user for RightScale

In order for RightScale to digest your bills, we require read access via an IAM user to the S3 bucket that you are exporting the bills to. This can be accomplished by performing the following steps:

  1. Create a new IAM policy (see example below) which will allow read only actions to be performed on the S3 bucket that you assigned in the Enable Cost and Usage Reporting section of this document.
  2. Create a new IAM user which only has the newly created policy attached. AWS has a tutorial which documents this process.

The following template can be used for the policy, simply replace the YOUR_BILLING_BUCKET_NAME_HERE with your bucket name. Please take care not to delete the trailing /* in the s3:GetObject permission.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BILLING_BUCKET_NAME_HERE"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BILLING_BUCKET_NAME_HERE/*"
            ]
        }
    ]
}

We have also provided an example of this procedure in the animation below:

ca-add-iam.gif

Give RightScale Details of your Setup

Note: the following process is temporary - the below will be built-in to the platform shortly.

Please contact us at support@rightscale.com with the following information:

  • Please provide the RightScale Enterprise Master Account ID as billing creds can only be associated with an Enterprise Master Account.
  • The AWS S3 bucket name that obtains your billing files.
  • The AWS Access Key ID for the IAM user you have created.

Additionally, we require the AWS Secret Access Key. To provide this information, please use one of the secure methods below or another method of your choosing. Do NOT send your AWS Secret Access Key via email.

We recommend the use of Cryptobin or Privnote -- other forms of credential sharing are acceptable as well. You can then send us the link to the note along with the password used to encrypt it to support@rightscale.com