Lab complete!
Now that you have completed this lab, make sure to update your Well-Architected review if you have implemented these changes in your workload.
Click here to access the Well-Architected Tool
Cost and Usage Reports provide the most detailed information on your usage and bills. They can be configured to deliver 1 line per resource, for every hour of the day. They must be configured to enable you to access and analyze your usage and billing information.
If you configure multiple Cost and Usage Reports (CURs), then it is recommended to have 1 CUR per bucket. If you must have multiple CURs in a single bucket, ensure you use a different report path prefix so it is clear they are different reports.
Log in to your management account as an IAM user with the required permissions, and go to the Billing console:
Select Cost & Usage Reports from the left menu:
Click on Create report:
Enter a Report name (it can be any name), ensure you have selected Include resource IDs and Data refresh settings, then click on Next:
Click on Configure:
Enter a unique bucket name, and ensure the region is correct, click Next:
Read and verify the policy, this will allow AWS to deliver billing reports to the bucket. Click on I have confirmed that this policy is correct, then click Save:
Verify the settings:
You have successfully configured a Cost and Usage Report to be delivered. It may take up to 24hrs for the first report to be delivered.
There will be S3 Costs incurred to store the CUR, however the CUR is compressed to minimize costs.
We will update the CUR bucket so that the Cost Optimization linked account can access the CURs.
Go to the S3 console, select the CUR Bucket, select Permissions:
Select Bucket Policy:
Add S3 read access to the Cost Optimization account by adding the following statements under the current bucket policy. Edit (Cost Optimization Member account ID) and (CUR bucket) and update the bucket policy:
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::(sub account ID):root"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::(CUR bucket)"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::(Cost Optimization Member account ID):root"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::(CUR bucket)/*"
}
Allow bucket owner object ownership for the CUR files. Cick on Object Ownership
Click Edit
Select Bucket owner preferred, click Save
When CUR files are delivered they will now automatically have permissions allowing the bucket owner full control. Re-write of the object ACLs is no longer necessary.
If there are existing CURs from other reports that need permissions to be updated, you can use the following CLI - which will copy the objects over themselves and update the permissions as it copies.
aws s3 cp --recursive s3://(CUR bucket) s3://(CUR bucket) --grants read=id=(sub account canonical ID) full=id=(management account canonical ID) --storage-class STANDARD
Congratulations - you will now have CURs delivered and accessible by your Cost Optimization account.
Now that you have completed this lab, make sure to update your Well-Architected review if you have implemented these changes in your workload.
Click here to access the Well-Architected Tool