SpendEffix supports the AWS Organizations service that allows linking several Data Sources in order to centrally manage data of multiple users while receiving all billing reports within a single invoice. The Root account (payer) will be the only one having access to collective data related to cloud spendings. When registering this type of profile in SpendEffix, the user is given an option for Data Exports to be created automatically.

Warning

When you connect the root account but do not connect the linked accounts, all expenses from the unconnected linked accounts will be ignored, even if they exist in the data export file. To retrieve expenses from both linked and root accounts, connect all AWS accounts (not just the root). SpendEffix ignores data from unconnected linked accounts.

To track a new AWS Data Source in your SpendEffix account, please select the AWS Root Account tab at the Data Source Connection step during the initial configuration.

Automated Billing bucket and Data Export creation with SpendEffix

Step 1. Create user policy for bucket and export creation access.

Go to Identity and Access Management (IAM) → Policies. Create a new policy for fully automatic configuration (both bucket and export are created) (<bucket_name> must be replaced in policy)

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ReportDefinition",
            "Effect": "Allow",
            "Action": [
                "cur:DescribeReportDefinitions",
                "cur:PutReportDefinition"
            ],
                "Resource": "*"
        },
        {
            "Sid": "CreateCurExportsInDataExports",
            "Effect": "Allow",
            "Action": [
                "bcm-data-exports:ListExports",
                "bcm-data-exports:GetExport",
                "bcm-data-exports:CreateExport"
            ],
            "Resource": "*"
        },
        {
            "Sid": "CreateBucket",
            "Effect": "Allow",
            "Action": [
                "s3:CreateBucket"
            ],
            "Resource": "*"
        },
        {
            "Sid": "GetObject",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::<bucket_name>/*"
        },
        {
            "Sid": "BucketOperations",
            "Effect": "Allow",
            "Action": [
                "s3:PutBucketPolicy",
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::<bucket_name>"
        }
    ]
}

Step 2. Create user and grant policies

Go to Identity and Access Management (IAM) → Users to create a new user.

Attach the created policy to the user:

Confirm creation of the user.

Create access key for user (Identity and Access Management (IAM) → Users → Created user → Create access key):

Download or copy Acess key and Secret access key. Use these credentials when connecting a Data Source in SpendEffix as the AWS Access Key ID and AWS Secret Access Key, respectively (at step 3):

Step 3. Create Data Source in SpendEffix:

1. Go to SpendEffix.
2. Register as a new user.
3. Log in as a registered user.
4. Create a Data Source.
5. Provide user credentials (see screenshot for more details):
6. AWS Access key ID
7. AWS Secret access key
8. Select Export type.
9. Select “Create new Data Export”.
10. Provide the parameters with which the bucket and Data Export will be created: “Export Name”, “Export S3 Bucket Name”(<new bucket name from user policy from step 1>) и “Export path prefix”.

Note

Specify the bucket in the “Export S3 Bucket Name” field if it already exists. SpendEffix will then create the report and store it in the bucket using the specified prefix.

After creating a Data Source, you will need to wait for AWS to generate the export and upload it to SpendEffix according to the schedule (approximately one day).

Warning

AWS updates or creates a new export file once a day. If the export file is not placed in the specified bucket under the specified prefix, the export will fail with an error.

Discover Resources

SpendEffix needs to have permissions configured in AWS for the user Data Source in order to correctly discover resources and display them under a respective section of the dashboard for the associated employee.

Make sure to include the following policy in order for SpendEffix to be able to parse EC2 resources data:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "SpendEffixOperations",
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketPublicAccessBlock",
                "s3:GetBucketPolicyStatus",
                "s3:GetBucketTagging",
                "iam:GetAccessKeyLastUsed",
                "cloudwatch:GetMetricStatistics",
                "s3:GetBucketAcl",
                "ec2:Describe*",
                "s3:ListAllMyBuckets",
                "iam:ListUsers",
                "s3:GetBucketLocation",
                "iam:GetLoginProfile",
                "cur:DescribeReportDefinitions",
                "iam:ListAccessKeys"
            ],
            "Resource": "*"
        }
    ]
}

Your AWS Data Source should now be ready for integration with SpendEffix! Please contact our Support Team at support@cloudlytics.com if you have any questions regarding the described configuration flow.

Create Data Export in AWS manually

Note

Creating a Data Export is only available for the Root cloud account (payer), while all its Linked accounts will be centrally managed and receive their billing data through the main account’s invoice.

In order to utilize automatic / manual billing data import in SpendEffix, first, you need to create a Data Export in AWS. Please refer to their official documentation to become acquainted with the guidelines for Data Exports.

1. Navigate to AWS Billing & Cost Management → Data Exports.
2. Create a new Data Export.

Standard data export settings

Step 1. Export type

Select Standard data export export type.

Step 2. Export name

Input export name.

Step 3. Data table content settings:

• Select “CUR 2.0”.
• Select “Include resource IDs” checkbox.
• Choose the time granularity for how you want the line items in the export to be aggregated.

Step 4. Data export delivery options:

• Pick “Overwrite existing data export file”.
• Select compression type.

Step 5. Data export storage setting:

• Create a new or use an existing bucket for the export.
• Enter the S3 path prefix that you want prepended to the name of your Data Export.

Step 6. Review

Confirm export creation. Data Export will be prepared by AWS during 24 hours.

Legacy CUR export settings

Step 1. Export type

Select Legacy CUR export (CUR) export type.

Step 2. Export name

Input export name.

Step 3. Export content

Select “Include resource IDs” and “Refresh automatically” checkboxes.

Step 4. Data export delivery options:

• Choose the time granularity for how you want the line items in the export to be aggregated.
• Pick “Overwrite existing report”.
• Select compression type.

Step 5: Data export storage setting:

• Create a new or use an existing bucket for the export.
• Enter the S3 path prefix that you want prepended to the name of your Data Export.

Step 6. Review

Confirm export creation. Data Export will be prepared by AWS during 24 hours.

When it’s done, follow the steps from the section Connecting an AWS Root account that has Data Export already configured.