The AWS Services Cost report displays data across all of the AWS services and accounts presented in your AWS billing file. Services that are not currently monitored by Metricly are also included to provide an overall view of AWS costs.

See the user guide for UI functionality.

This report helps you:

  • Identify outliers
  • Find unexpected cost changes
  • Analyze trends


There are two ways to install: the CloudFormation Script, and manually setting up an IAM role. The Access Key Method is no longer recommended; AWS recommends always using IAM Roles. Check out AWS’s Security Best Practices for more information.

Customers Set Up Before 05/01/2018:  We’ve got special instructions for you to manually edit your existing IAM Role.  Optionally, you can run the CloudFormation Script to create a new IAM role with the new permissions automatically added. After running the script, update the IAM Role ARN in Metricly using the new role.

Automatic CloudFormation Method
This installation method leverages a CloudFormation script found in step 1.4. After you make a new AWS integration in Metricly, the script creates an IAM role with read-only access in your AWS account. This role is then linked using the integration’s Account ID and External ID for added security. Once created, it may take a few minutes for the role to activate. A Status of CREATED_COMPLETE means your role is active.


1. Create an AWS Integration in Metricly
  1. Open Metricly and navigate to Integrations > AWS.
  2. Create a new AWS integration. Ensure that Data Collection (squared in green) is enabled.
  3. Toggle Cost Explorer (squared in blue). If Cost Explorer is not already enabled on your account, refer to the final section in this guide, Enable Cost Explorer in AWS.
  4. For AWS Authentication, select IAM Role (squared in red).
  5. Click the CloudFormation template link (squared in green). This opens a new tab in AWS.
  6. For this step, you may be prompted to log into your AWS account. After logging in, check I acknowledge that AWS CloudFormation might create IAM resources (squared in green).
  7. Click Create Role (squared in blue).
  8. It may take a few minutes to create the role. A status of CREATED_COMPLETE indicates your new role is active.

2. Add Role ARN to the New AWS Integration
  1. In the AWS console, navigate to Services > IAMRoles.
  2. Find the role created in the previous section using the search bar.
  3. Expand Outputs (squared in green) and copy the Role ARN (squared in blue).

    • Do not copy the Stack ID. The Role ARN looks like: arn:aws:iam::<account-number>:role/<Metricly-Role-Name>
  4. Return to the Metricly tab.
  5. Input the Role ARN into IAM Role ARN (squared in green).
  6. Click Save.

3. Enable Cost Explorer in AWS

If Cost Explorer has already been enabled, skip this section. Cost Explorer must be enabled from the master billing account, even if set up on a sub-account. IAM Roles set up with the master billing account allow Metricly to present reports spanning all of your accounts; IAM Roles set up with a sub-account only reports cost for that one account.

  1. Log in to your AWS master billing account.
  2. Navigate to Cost Explorer.
  3. Click Enable Cost Explorer (squared in green).
  4. AWS Cost Explorer and the Cost Explorer API are now enabled for you to use. Initially, no data is visible; within the first few hours of setup, AWS populates the most recent data from your account. Up to a year of historical data can be made available.
Manual IAM Role Setup Method

Step 1: Create a new AWS integration
  1. Open Metricly and navigate to Integrations > AWS.
  2. Create a new AWS integration. Ensure that Data Collection (squared in green) is enabled.
  3. Enable Cost Explorer (squared in blue).
  4. For AWS Authentication, select IAM Role (squared in red).
  5. In a separate, new tab, open your AWS console.

Step 2: Create Read Only Role
  1. Log in to your AWS Identity & Access Management (IAM) Console.
  2. Navigate to IAMRoles.
  3. Click Create New Role.
  4. Choose Another AWS Account for Select Type of Trusted Entity.
  5. Fill in the Account ID (squared in green) and External ID (squared in blue) referencing your Metricly AWS integration created in the beginning.
  6. Click Next: Permissions.
  7. Click Create Policy. This opens a new tab.
  8. In the JSON tab, input the following code to create your Cost Explorer API Access policy:
        "Version": "2012-10-17",
        "Statement": [
                "Action": "ce:*",
                "Resource": "*",
                "Effect": "Allow"
  9. Click Review Policy.
  10. Name and describe your policy (e.g., CostExplorerAPIAccess).
  11. Click Create Policy.
  12. Return to your previous role creation tab and click Refresh.
  13. Change Filter to All.
  14. Search for your created policy, CostExplorerAPIAccess and select it.
  15. Search for ReadOnlyAccess and select it.
  16. Click Next: Review. Both Policies should be listed on the page.
  17. Provide a Role Name and Role Description.
  18. Click Create Role.
  19. Open the created role and copy the Role ARN.

Step 3: Complete Setup in Metricly
  1. Paste the Role ARN into IAM Role ARN (squared in green).
  2. Include or exclude as many AWS element types as you want. ASG, EC2, EBS, ELB, RDS, and SQS are enabled by default; everything else is disabled by default.
  3. Click Save.
This integration’s package (computed metrics, dashboards, and policies that will give you important events and alerts) is be automatically enabled and provisioned to your account as soon as Metricly receives data from the integration.


  • AWS Custom Metrics: each category you create in Cloudwatch creates a matching element in Metricly. All the metrics under each category will be included in the corresponding element; this means, if you want the metrics divided amongst your dimensions (e.g., App1 errors, App2 errors, App3 errors), you’ll need to create separate categories for each element.
  • Agents: If you install our Linux agent or Windows agent on an EC2 server, the EC2’s power state (displays as hostRunning with a value of true or false) and tags are copied over to the corresponding Linux SERVER element / Windows WINSRV element. You can then use this information to create policies.
  • Filtering: You can filter elements or change the display name of your AWS instances.
  • Response Limitations: The AWS SQS API limits responses to 1000 queues. Thus if your environment has 1000 or more queues, Metricly won’t gather queues that match your regex filter but exceed the 1000 queue limit.

Optional Configuration

Activate User-Defined Cost Allocation Tags

Amazon has an official guide on how to activate user-defined cost allocation tags. These steps must be completed to use tags on your billing reports.


Ready to get started with Metricly?

Sign up for free, and join DevOps who rate us 5-stars on Capterra!

21-day free trial No credit card required