I'm currently under an AWS Organisation Subscription. I want to export cost by CSV of my linked account into a S3 bucket.
I have rights on my account, I can use Cost Explorer, do Budgets, but I'm unable to do the Cost&Usage Report as shown in this screenshot :
The official doc doesn't talk about this case. My question is 'Does the organisation account can enable the billing feature 'Cost and Usage Reports'
for one linked account?' If not, is there a way to automate this export of CSV into a S3 bucket ?
The CUR (Cost and usage report) will be generated only in the billing account if you're under an organization. All you have to do is go to your billing account, and enable CUR from there. It's a simple process and the reports will be sent to the billing account S3. It is also best practice from security and isolation perspective.
Note that the link you sent is the DBR (Detailed billing report) and is considered legacy already.
https://docs.aws.amazon.com/cur/latest/userguide/what-is-cur.html
If you use the consolidated billing feature in AWS Organizations, the Amazon S3 bucket that you designate to receive the billing reports must be owned by the master account in your organization. You can't receive billing reports in a bucket that is owned by a member account. If you use consolidated billing, you can also have your costs broken down by member account.
Related
I run a small research group at a large university that manages hundreds of GCP accounts. The university acts as the Billing Administrator, and my research group was assigned a GCP "project" for all of our work. However, for privacy reasons, they cannot give me access to the Billing API because this would allow me to see the billing details for other labs.
Because we have trainees in our lab who WILL make mistakes, I would like to setup an automated system that monitors our current GCP bill, and (1) sends notifications or (2) terminates all VMs, when that bill reaches certain predefined limits. For example, if our monthly budget is $10k, then I would like to receive a notification at $5k, another notification at $10k, and I would like to terminate all VMs at $15k.
My problem is that in order to implement a system like this, I need access to the Billing API. I have already contacted my system administrator and they have said that this is impossible. Instead, they proposed that I write a script that lists all VMs and uses the Cost Calculator to estimate my monthly GCP bill.
However, this seems a little circuitous. When I am using the Google Cloud Console, I can see the total and forecasted costs for my project, so it seems that I should be able to access this information programmatically. However, I cannot find any information on how to do this, since all solutions require me to activate the Billing API. Any ideas?
There is no API to fetch the data you see in the Google Cloud Console. You will need to export the billing data and then process each row of data to generate reports.
There are two options that I can think of:
Option 1) Ask the admin to set up billing data export to BigQuery. Grant you permission to query the billing tables. You can then query BiGQuery to generate your own cost reports.
Set up Cloud Billing data export to BigQuery
Option 2) Create a separate billing account for your project and grant you permission. A GCP ORG can have multiple Billing Accounts tied to the same Payments Account. This option supports creating budget alerts.
I am attempting to use CloudWatch AWS/Billing metrics to consolidate cost information in a central aggregator.
All the guides I can find seem to just point to setting "Receive Billing Alerts" on the master payer account. After doing that the metrics appear on that 'root' account. But none of the other accounts or users can see them.
UPDATE: I can get the data if I make a new IAM user in the Root Account, but i felt that since my user could see the Billing dashboard, it should also be able to see the CloudWatch metrics
I am wondering if it is possible to see billing information through the Amazon SDK/APIs. Specifically, I want to see how much EC2 instances are costing the account. Is it feasible to have it break down by user if it is an IAM account, or breakdown by account if you are using consolidated billing?
I have seen ways of doing this by either creating an S3 bucket to have billing info dumped into, or using CloudWatch APIs which require the user to pay. Is there an easier way to get EC2 billing information through just API calls or the SDK?
Billing information can be provided as records in an Amazon S3 bucket. You can then analyze the content of those files to obtain the information you list.
It is not possible to obtain the billing records themselves via an API call.
See: Cost and Usage Report
(The older Detailed Billing Report is scheduled to be retired.)
In brief
We need to view AWS cost for resources created by a specific IAM user via aws:createdBy tag.
In full
My google search is not helpful - it gives me one idea to use Consolidated Billing for Organizations to have the view of cost-by-user billing but that requires to create separate AWS users, which again requires credit card.
Another solution I found is that we can view AWS cost by tag grouping via Cost Explorer report though we cannot find the mentioned tag createdBy as stated in that AWS guide?
The ideal solution should let us create as many IAM users as the number of projects may grow i.e. one IAM user per project; and then, give us the report of AWS cost for each of those users.
So, how can we get to it?
Costs are not incurred by IAM Users. The AWS Account owning the resource incurs the charge.
When an IAM User makes a request to AWS, their credentials are verified to ensure that they are the authorized person and their permissions are checked to confirm that they have permission to perform the operation. However, there is no further relationship between the person making the request and the resource that is created.
The closest connection is the audit log created by AWS CloudTrail that can show which user made each request. But this is not related to billing information.
If you wish to track costs, you should associate tags with resources. These tags could be based on department, cost center, person, etc. You can then configure your Detailed Billing Report to provide cost breakdowns by tag.
You could use a more concise solution systematically using your own tags by setting up Lambda, CloudWatch, CloudTrail, and SSM to achieve it.
Here are some references:
Automatically tag new AWS resources based on identity or role
GitHub - resource auto tag
I am searching for a solution to let the AWS IAM user only restricted information to the billing information, only that part they generated.
I think that is not a build-in feature, but is that possible to be implemented with services like cloudwatch ?
This is not a built-in feature indeed, and I don't think this can be achieved in cloudwatch.
A workaround is to split into multiple AWS accounts with one account been the billing account, using consolidating billing. That way, users can only see the billing from their "own" AWS account, but not the global billing from the billing account.
You could aslo do sth with the tags and use budgets on it, e.g setting a tag "owner" to your instances. You could thus get detailed billing.