How to get Grafana CloudWatch Cross-account / Cross-Region Metrics - amazon-web-services

I have 4 AWS accounts (DTAP) and I want to be able to create one dashboard in Grafana with the cost per service (for all accounts).
So far I can easily create one dashboard in Dev with the costs for all services (using this dashboard: https://grafana.com/grafana/dashboards/139)
I also enabled cross account cross region in AWS (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html) which works nice (in AWS CloudWatch).
Now the problem which I am having is that I can't specify an account selector in this Grafana dashboad 139, or modify the query in such way that I can get metric from different account than Dev:
REMOVE_EMPTY(SEARCH('Namespace="AWS/Billing" MetricName="EstimatedCharges"', 'Average', 3600))
Does anyone has any idea how to get this or which fields are the ones for account select in AWS? I need a programatic way of running "View data for" from the picture below and graph it in Grafana:
Also, I want to avoid creating multiple data sources for each account (due to other limitations)

Related

AWS Secrets Manager Pricing

I want to use an AWS RDS Proxy with RDS Postgres for which I have to create at least one secret using AWS Secrets manager. I understand that one secret would cost $0.40 per month. However, I was not able to understand about the pricing for the API calls made. How many API calls would be made for this minimal set up per month ? Is it according to each connections made ? And does it depend upon the RDS Plan - for me it is db.t3.micro

List of services used in AWS

Please how can get the list of all services I am using.
I have gone to Service Quotas at
https://ap-east-1.console.aws.amazon.com/servicequotas/home?region=ap-east-1
on the dashboard. I could see a list of Items e.g. EC2, VPC, RDS, Dynamo etc but I did not understand what is there.
As I did not request for some of the services I am seeing I even went into budget at
https://console.aws.amazon.com/billing/home?region=ap-east-1#/budgets
and also credits. Maybe I can get the services I have been given credits to use
https://console.aws.amazon.com/billing/home?region=ap-east-1#/budgets?
Also, how can I stop any service which I do not want?
The Billing service is not giving me tangible information also. I do not want the bill to pile up before I start taking needed steps.
Is there a location where I can see all services I am using or maybe there is a code I can enter somewhere which would produce such result?
You can use AWS Config Resource Inventory feature.
AWS Config will discover resources that exist in your account, record their current configuration, and capture any changes to these configurations. Config will also retain configuration details for resources that have been deleted. A comprehensive snapshot of all resources and their configuration attributes provides a complete inventory of resources in your account.
https://aws.amazon.com/config/
There is not an easy answer on this one, as there is not an AWS service that you can use to do this out of the box (yet).
There are some AWS services that you can use to get you close, like:
AWS Config (as suggested by #kepils)
Another option is to use Resource Groups and Tagging to list all resources within a region within account (as described in this answer).
In both cases however, the issue is that both Config and Resource Groups come with the same limitation - they can't see all AWS services on their own.
Another option would be to use a third party tool to do this, if your end goal is to find what do you currently have running in your account like aws-inventory or cloudmapper
On the second part of your question on how to stop any services which you don't want you can do the following:
Don't grant excessive permissions to your users. If someone needs to work on EC2 instances, then their IAM role and respective policy should allow only that instead of for example full access.
You can limit the scope and services permitted for use within account by creating Service Control Policies which are allowing only the specific resources you plan to use.
Set-up an AWS Budget Notifications and potentially AWS Budget Actions.

Missing services when filtering aws cost mangement by user defined tag

I have a couple of AWS services tagged with custom tag, after enabling user defined tags in AWS cost management it seems IoT rules, ECS not showing in my cost graph.
I verified that those services are correctly tagged with the right tag and I have been waiting more than 24 hours.
Any idea what I should do?
Just to confirm, have you activated the tags you've assigned to resources? Here are the instructions for how to do this: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/activating-tags.html

How to setup AWS sagemaker - Resource limit Error

I'm trying to set up my first SageMaker Studio so my team and myself can run some post processing scripts in a shared environment but I'm having issues.
I've followed the steps in this video(https://www.youtube.com/watch?v=wiDHCWVrjCU&ab_channel=AmazonWebServices) which are:
Select Standard setup
Select AWS Identity and Access Management (IAM)
Under permissions - Create and select new execution role
Under Network and storage - Select VPC, Subnet and Security group
Hit the submit button at the bottom of the page.
In the video, he clicks submit and is taken to the control panel where he starts the next phase of adding users, however I'm greeted with this error.
Resource limit Error
I've checked my Registered domains under route 53 and it says No domains to display, I've also checked my S2 and I have no instances so I have no idea where the 2 domains being utilized are.
My dashboard, image and Notebooks are all empty so as far as I know there's nothing setup on this Sage Maker account.
Could anyone tell me how to resolve this error?
AWS Sagemaker now supports multi-domain <announced in the Re-Invent 2022, Tested in US-EAST-1 >
enter image description here
You can have maximum 1 studio domain per region, by the default limits. Though, it seems like you have two domains already provisioned. Try to delete all the domains through the AWS cli and recreate with the AWS Management Console.
Unfortunately, AWS Management Console cannot visualize more than one Studio domain.

GCP Billing report does not contain resource id

I generated a billing report(export to csv) for GCP but not able to map billing entry to the resource as there is no resource id present. How am I supposed to know the cost for the individual resource
AWS gives to option to explicitly include the resource id.
Any Help is appreciated
You can use labels to do it. Have a look at the documentation Creating and managing labels:
A label is a key-value pair that helps you organize your Google Cloud
instances. You can attach a label to each resource, then filter the
resources based on their labels. Information about labels is forwarded
to the billing system, so you can break down your billing charges by
label.
You can create labels by using Resource Manager API, Cloud Console or gcloud command (here an example for GCE VM instances).
Services currently supporting labels:
BigQuery
Cloud Bigtable
Dataflow
Dataproc
Cloud Deployment Manager
Cloud Functions
Cloud Healthcare API
Cloud Key Management Service
Pub/Sub
Cloud Spanner
Cloud SQL
Cloud Storage
Compute Engine
Google Kubernetes Engine
Cloud Run (fully managed)
Networking
Resource Manager (projects only)
App Engine (both Flexible and Standard environments)
More information about using labels you can find at the documentation View your billing reports and cost trends, View and download the cost details of your invoice or statement and Export Cloud Billing data to BigQuery
Thank your Response.
I did try it with labels, but in CSV report there is a column for Project Labels only. I exported the same report in Big query and i was able to see columns for tree types of labels project labels, system labels, and labels. The labels which I was setting in VMs I could see them in the third column.
Not sure what are project labels