Background

Optima uses bill data to provide an accurate view of your costs across accounts and services. This data is consumed by the Optima platform and made available for pre-built and ad-hoc analyses. In order to gather the cost information, certain configuration steps must be performed with specific data and credentials being shared with Optima.

This page describes the configuration and input information needed to connect AWS billing data to Optima.

For instructions on using Optima to add or update billing information, see the billing information guide. For instructions on connecting your cloud accounts to Policy Manager, see the policy users guide

If you have any questions and would like assistance, please join our community at community.flexera.com or email us at support@flexera.com.

Overview

This page will walk you through the steps to configure Amazon Web Services for cost reporting purposes in Optima.

The following steps must be completed in order for RightScale to provide insight on your AWS bill:

  1. Enable Cost and Usage Reporting on your AWS account
  2. Cost and Usage Report
    1. Use existing AWS Cost and Usage Report - Preferred
    2. Configure new AWS Cost and Usage Report
  3. Configure Access to AWS for Optima
    1. Create IAM Policy
    2. Create a cross-account IAM role that can read billing reports - Preferred
    3. Create an IAM user that can read billing reports
  4. Submit the information to Optima

Each of the steps above is explained in detail on this page.

Enable Cost and Usage Reporting on your AWS payer account

In order to obtain all of the detail required to accurately display your cost information, we require you to enable the AWS Cost and Usage report. If your account is part of a consolidated billing group, this action must be performed on the master payer account. This process is detailed in the AWS documentation referenced in the Cost and Usage Report subsection below.

Cost and Usage Report

Use Existing Cost and Usage Report

If you already have an AWS Cost and Usage report configured, we recommend using it provided it is configured with the following options:

  1. Include resource IDs enabled
  2. Data refresh settings enabled
  3. Time granularity set to Hourly
  4. Report versioning set to Create new report version
  5. Compression type set to GZIP

Once these settings are confirmed, take note of the S3 bucket the reports are being sent to as well as the value for Report Prefix and continue to the Configure Access to AWS for Optima section.

Configure New Cost and Usage Report

If you do not have an existing Cost and Usage Report, or your current one does not have the proper configuration, you will need to create a new one. The numbered instructions below refer to the steps described in the AWS documentation and will walk you through creating a Cost and Usage Report that is saved to S3.

create_billing_report.gif

  1. On the top-right of the console, hover over your name and select My Billing Dashboard.
  2. Select Cost & Usage Reports on the left-hand menu.
  3. Click Create report.
  4. Enter a Report Name of your choosing.
  5. Check the box for Include resource IDs.
  6. Ensure the checkbox for Data refresh settings is checked.
  7. Click Next.
  8. Select your existing S3 Bucket or create one and click Next.
    1. Take note of the S3 Bucket for later use.
  9. Check the box to confirm the bucket policy is correct and click Save.
  10. Enter a Report Prefix. Required: Can be a simple value like aws-billing-reports
    1. Take note of the Report Prefix for later use.
  11. Ensure Hourly is selected for Time granularity.
  12. Ensure Create new report version is selected for Report versioning.
  13. No boxes need to be checked under Enable report data integration for.
  14. Ensure GZIP is selected as the compression type.
  15. Click Next.
  16. Click Review and Complete.

Configure Access to AWS for Optima

In order to digest your bills, we require read access to the S3 bucket that you are exporting the bills to. This can be accomplished via a cross-account role (preferred), or an IAM user (legacy).

If you have elected to use a cross-account role, the following AWS Cloud Formation Template (CFT) automates the creation of the IAM role, IAM policy, and outputs the Role ARN required to submit the billing information to Optima.

  1. Apply CFT in master payer account
  2. Capture the value for RoleARN from the CFT Outputs
  3. Submit the information to Optima

Create IAM Policy (Cross-Account Role and IAM User)

To allow read-only access to your S3 billing bucket + metadata about the accounts referenced in your bill, create a new AWS IAM policy with the required Optima permissions. Simply replace the YOUR_BILLING_BUCKET_NAME_HERE with your bucket name. Please take care not to delete the trailing /* in the s3:GetObject permission.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BILLING_BUCKET_NAME_HERE"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BILLING_BUCKET_NAME_HERE/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "organizations:Describe*",
                "organizations:List*"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ce:GetReservationUtilization"
            ],
            "Resource": "*"
        }
    ]
}

Create a Cross-Account IAM Role (Preferred)

Use the following steps to create a cross-account role that with read access to the S3 bucket that contains your Cost and Usage Report + metadata about the accounts referenced in your bill:

AWS Reference

  1. In AWS IAM, select Role and then click Create role.
  2. Select Another AWS account
  3. For Account ID, enter 451234325714
  4. Check the box for Require external ID and enter your Optima organization id.
    1. Your CMOptimaP organization id can be found in the Optima url once you are logged in: https://analytics.rightscale.com/orgs/<ORG_ID>/dashboard
  5. Click Next.
  6. Select the Optima role you created previously, or create a new policy by selecting Create policy, selecting JSON and supplying the IAM policy referenced above.
  7. Click Next: Tags
  8. Provide any tags required by your company policies.
  9. Click Next: Review
  10. Provide a Role name and optionally a Role description
  11. Click Create role
  12. Find the newly created role and copy the ARN for the next step
  13. Submit the information to Optima

Create an IAM User (Legacy)

Use the following steps to create an IAM user with read access to the S3 bucket that contains your Cost and Usage Report + metadata about the accounts referenced in your bill:

  1. Create a new IAM policy (see example above) which will allow read-only access to your S3 billing bucket, and to metadata about the accounts referenced in your bill.
  2. Create a new IAM user which only has the newly created policy attached. AWS has a tutorial which documents this process.
  3. Capture the access key id and secret access key for the next step
  4. Submit the information to Optima

We have also provided an example of this procedure in the animation below: ca-add-iam.gif

Submit the Information

Follow the billing configuration guide to submit the above information to Optima.