AWS Cost Admin Guide

The AWS Cost integration allows Metricly to analyze your billing data as well as your performance data. For more information about pricing, see our Pricing FAQ. Certain features of the Metricly product are enabled once this integration is setup, such as estimated cost reporting and enabling you to analyze utilization and estimated cost simultaneously at a given time range. To begin monitoring your estimated cost data, you must first set up an AWS Cost integration in Metricly.


Dependencies

Prerequisites

You can create multiple AWS Cost integrations if you wish. Here are a few potential scenarios you may encounter:

  • Create First Integration: continue with the Installation instructions below.
  • Edit Existing Integration: navigate to the Integrations page and click the Amazon Web Services | Cost card. Your most recently created integration’s information will be available in the fields; edit as necessary.
    • Click View Current Integrations on the AWS Cost integration setup page to choose another integration.
  • Add Another Integration: navigate to the Integrations page and click the Amazon Web Services | Cost card. Your most recently created integration’s information will be available in the fields. Click Add Integration; a blank AWS Cost integration setup page will appear.

Installation

Setting up an AWS Cost integration is a four step process. If you already have an S3 bucket receiving billing files from Amazon, then you do not need to complete steps 1 and 2. You can go directly to step 3 to provide Metricly access to the existing files. If you have already created an S3 bucket, you will not need to create a separate one. Just be sure to select the correct S3 bucket in step 2.


1. Create an S3 Bucket
  1. Log into AWS and navigate to the Services > S3.
  2. Click Create Bucket.
  3. Type a unique Bucket Name, select a region, and click Create.

2. Enable Detailed Billing Reports
  1. In AWS, Click your Username >  My Billing Dashboard. Then in the left-hand menu, click Preferences.
  2. Select the Receive Billing Reports checkbox.
  3. In the Save to S3 Bucket field, enter the bucket name of the bucket you created in Step 1 and click Sample Policy.
  4. Copy the generated policy.
  5. In a new, separate tab, navigate to the S3 bucket you created in Step 1 (Services > S3 > Bucket Name).
  6. Navigate to the Permissions tab and click Bucket Policy. 
  7.  Paste the following policy and click Save.

    {
      "Version": "2008-10-17",
      "Id": "Policy1335892530063",
      "Statement": [
        {
          "Sid": "Stmt1335892150622",
          "Effect": "Allow",
          "Principal": {
            "AWS": "arn:aws:iam::386209384616:root"
          },
          "Action": [
            "s3:GetBucketAcl",
            "s3:GetBucketPolicy"
          ],
          "Resource": "arn:aws:s3:::metricly-example"
        },
        {
          "Sid": "Stmt1335892526596",
          "Effect": "Allow",
          "Principal": {
            "AWS": "arn:aws:iam::386209384616:root"
          },
          "Action": [
            "s3:PutObject"
          ],
          "Resource": "arn:aws:s3:::metricly-example/*"
        }
      ]
    }
  8. Return to the previous tab (Preferences section in the Billing & Cost Management page), and click Verify next to the Save to S3 Bucket field. For Amazon to correctly verify the bucket, the bucket must exist (and match the name you typed in the field) and have appropriate permissions set (e.g., the sample policy you added in the previous step).
  9. Once your bucket is verified, select the check boxes within the Report section next to all of the reports, including Monthly report, Detailed billing report, Cost allocation report, and Detailed billing report with resources and tags.
  10. Optionally, click Manage report tags below the billing report options and enable all desired tags.
  11. Click Save Preferences. It can take up to 24 hours before files start arriving in the S3 bucket.


3. Create a Read-Only Metricly User

Creating a Read Only User (with minimal permissions)

If you want to use a limited read only access policy, you’ll need to create a custom policy first.

  1. Navigate to Services > IAM > Policies.
  2. Click Create policy.
  3. Select the JSON tab.
  4. Copy and paste the following code:
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": ["s3:ListBucket"],
          "Resource": ["arn:aws:s3:::BUCKETNAME"]
        },
        {
          "Effect": "Allow",
          "Action": ["s3:GetObject"],
          "Resource": ["arn:aws:s3:::BUCKETNAME/*"]
        }
      ]
    }

    …where BUCKETNAME is the name of the bucket you created in step 1.2.

  5. Click Review Policy.
  6. Provide a Name, Description, and review the Summary.
  7. Click Create Policy.
    The policy will now be available under Customer Managed Policies.
  8. Navigate to ServicesIAM > Users
  9. Click Add user.
    For a User Name, type Metricly. Select the Programmatic access checkbox in the Select AWS access type section.
  10. Click Attach existing policies directly.
  11. Select the policy you created.
  12. Click Next: Review.
  13. Review the details to ensure you’ve selected all the correct options for the user, and then click Create user.
  14. Download and/or copy the User Security Credentials.
    You will not be able to access the Secret Access Key again unless you download the credentials.
  15. Click Close.
Creating a Read Only User (with standard permissions)
  1. Log in to your AWS Identity & Access Management (IAM) Console.
  2. Navigate to Services > IAMUsers.
  3. Click Add user.
    For a User Name, type Metricly. Select the Programmatic access checkbox in the Select AWS access type section.
  4. Click Attach existing policies directly.
  5. Search for  read only, then select ReadOnlyAccess. You may need to change the Filter type to have the correct policy show.
  6. Click Next: Review.
  7. Review the details to ensure you’ve selected all the correct options for the user, and then click Create user.
  8. Download and/or copy the User Security Credentials.
    You will not be able to access the Secret Access Key again unless you download the credentials.
  9. Click Close.

4. Create a New Integration
  1. From the top navigation menu, select Integrations.
  2. Click the Amazon Web Services | Cost card.
  3. Type a name for the new AWS Cost integration. Ensure that the Enabled check box is selected.
  4. Copy and paste the Access Key ID and Secret Access Key for the read-only user you created in step 3 into the appropriate fields.
  5. Type the S3 bucket name into the corresponding field.
    The bucket name is case sensitive and must exactly match the bucket created in Step 1.
  6. Click Save.