Background

Optima uses bill data to provide an accurate view of your costs across accounts and services. This data is consumed by the Optima platform and made available for pre-built and ad-hoc analyses. In order to gather the cost information, certain configuration steps must be performed with specific data and credentials being shared with Optima.

This page describes the configuration and input information needed to connect AWS billing data to Optima.

For instructions on using Optima to add or update billing information, see the billing information guide. For instructions on connecting your cloud accounts to the platform for management purposes, see the cloud account management guide

If you have any questions and would like live assistance, please join us on our chat channel on chat.rightscale.com or email us at support@rightscale.com.

Overview

This page will walk you through the steps to configure Amazon Web Services for cost reporting purposes in Optima.

The following steps must be completed in order for RightScale to provide insight on your AWS bill:

  1. Enable Cost and Usage Reporting on your AWS account
    1. Create and configure an S3 bucket
    2. Configure AWS billing reports
  2. Create an IAM user that can read billing reports

Each of the steps above is explained in detail on this page.

Enable Cost and Usage Reporting on your AWS payer account

In order to obtain all of the detail required in order to accurately display your cost information, we require you to enable the AWS Cost and Usage report. If your account is part of a consolidated billing group, this action must be performed on the payer account. This process is detailed in the AWS documentation referenced in the Configure billing reports subsection below.

Create and configure an S3 bucket

First you need to create an S3 bucket and grant AWS permission to write your billing details into this bucket (the animation below illustrates the process flow). A bucket with existing CUR reports will work as long as they are configured as specified in the following section.

s3-bucket-creation-for-billing-setup
s3-bucket-policy-for-billing-setup

  1. Create a new S3 bucket to hold your cloud bills if you have not done so already (save the bucket name for a future step).
  2. Grant AWS permission to write your bills into that bucket. (Please see the example policy below. Be sure to replace the two occurrences of YOUR_BILLING_BUCKET_NAME_HERE accordingly.)
{
       "Version": "2008-10-17",
       "Id": "Policy1335892530063",
       "Statement": [
           {
               "Sid": "Stmt1335892150622",
               "Effect": "Allow",
               "Principal": {
                   "AWS": "arn:aws:iam::386209384616:root"
               },
               "Action": [
                   "s3:GetBucketAcl",
                   "s3:GetBucketPolicy"
               ],
               "Resource": "arn:aws:s3:::YOUR_BILLING_BUCKET_NAME_HERE"
           },
           {
               "Sid": "Stmt1335892526596",
               "Effect": "Allow",
               "Principal": {
                   "AWS": "arn:aws:iam::386209384616:root"
               },
               "Action": [
                   "s3:PutObject"
               ],
               "Resource": "arn:aws:s3:::YOUR_BILLING_BUCKET_NAME_HERE/*"
           }
       ]
}

Configure billing reports

Configure AWS Billing to send bills to your S3 bucket with the required information in the proper format. The numbered instructions below refer to the steps described in the AWS documentation.

create_billing_report.gif

  1. On the top-right of the console, hover over your name and select My Billing Dashboard.
  2. Select Reports on the left-hand menu.
  3. Click Create report.
  4. Enter a Report Name of your choosing.
  5. Ensure Hourly is selected as the Time unit.
  6. Toggle the checkbox to include Resource IDs.
  7. Ensure the checkbox for 'Data refresh settings' is checked.
  8. Click Next.
  9. Enter your S3 Bucket Name from the previous step.
  10. Enter a Report Prefix. Required: Can be a simple value like aws-billing-reports
  11. Ensure GZIP is selected as the compression type.
  12. Click Next.
  13. Click Review and Complete.

Create an IAM user for RightScale

In order for RightScale to digest your bills, we require read access via an IAM user to the S3 bucket that you are exporting the bills to. This can be accomplished by performing the following steps:

  1. Create a new IAM policy (see example below) which will allow read-only access to your S3 billing bucket, and to metadata about the accounts referenced in your bill.
  2. Create a new IAM user which only has the newly created policy attached. AWS has a tutorial which documents this process.

The following template can be used for the policy, simply replace the YOUR_BILLING_BUCKET_NAME_HERE with your bucket name. Please take care not to delete the trailing /* in the s3:GetObject permission.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BILLING_BUCKET_NAME_HERE"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BILLING_BUCKET_NAME_HERE/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "organizations:Describe*",
                "organizations:List*"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ce:GetReservationUtilization"
            ],
            "Resource": "*"
        }       
    ]
}


We have also provided an example of this procedure in the animation below:

ca-add-iam.gif

Submit the information

Follow the billing configuration guide to submit the above information to Optima