InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

AWS Billing Bucket & Cost and Usage

Connecting the AWS Billing Bucket & Cost and Usage Report to InsightCloudSec

Overview

InsightCloudSec allows you to view billing information for your AWS accounts through the AWS Cost and Usage Report. To enable this feature, you must configure a billing bucket within the AWS console and connect your InsightCloudSec platform to the target report path.

🚧

Legacy Detailed Billing Report

InsightCloudSec still provides access to the legacy Billing Bucket report; however, the AWS Detailed Billing Report feature is unavailable for new AWS customers as of 07/08/2019. Read details about AWS’ legacy detailed billing report here.

This page provides details on:

Prerequisites

Before you get started you will want to make sure you have the following:

  • A functioning InsightCloudSec platform Installation with the appropriate admin permissions
  • The appropriate permissions to access the AWS Billing details through the AWS Console

For more information on configuring for AWS billing, click here.

If you have questions or concerns, reach out to us at [email protected].

AWS Console Configuration

Cost & Usage Report Setup

1. Navigate to My Billing Dashboard (from your account profile, upper right), then select the "Cost & Usage Report" option from the main navigation.

  • Note: You will need the appropriate permissions to access the both the dashboard and the setup for this report.
AWS Console - Billing & Cost Management DashboardAWS Console - Billing & Cost Management Dashboard

AWS Console - Billing & Cost Management Dashboard

2. Click "Create Report" and complete the details as follows:

  • Provide a name for the report.

3. Click on "Configure" to complete the S3 bucket configuration by:

  • Entering an existing an existing S3 bucket name
  • Creating a new S3 bucket by providing a name and specifying the region
  • Note: InsightCloudSec only supports ZIP and GZIP as compression types.
Setting up the AWS Cost & Usage ReportSetting up the AWS Cost & Usage Report

Setting up the AWS Cost & Usage Report

4. Click "Next" to review the policy for your report. Select the "I have confirmed that this policy is correct" checkbox to finalize and click "Save" to finalize the report.

5. After your report is created it will appear on the AWS Cost and Usage Reports page. Click on the name of the report to open it and view the details.

  • This is where you will retrieve the report path to provide to InsightCloudSec when you set up the configuration for the Cost Usage Report.
Sample Report Path PrefixSample Report Path Prefix

Sample Report Path Prefix

Legacy Billing Bucket Setup

🚧

Legacy Billing Report Support

You must have established your AWS account before this feature was deprecated to have access to this capability.

1. Navigate to My Billing Dashboard (from your account profile, upper right), then select "Billing Preferences" from the Home navigation menu.

  • Note: You will need the appropriate permissions to access the Billing & Cost Management dashboard.

2. Under Cost Management Preferences/Detailed Billing Reports [Legacy], check the box for "Turn on the legacy detailed billing reports...".

3. Once you enable the legacy billing reports, make note of the bucket name.

Sample bucket nameSample bucket name

Sample bucket name

The policy should be automatically created on that bucket, but in case you’d like to verify, we're providing a copy (below) of our policy on our billing bucket with some values changed/scrubbed.

{
  "Version": "2008-10-17",
  "Id": "Policy1372092530063",
  "Statement": [
    {
      "Action": [
        "s3:GetBucketAcl",
        "s3:GetBucketPolicy"
      ],
      "Principal": {
        "AWS": "arn:aws:iam::XXXXXXXXX616:root"
      },
      "Resource": "arn:aws:s3:::divvy-billing-reports",
      "Effect": "Allow",
      "Sid": "StmtXXXXXXXXXXXXX"
    },
    {
      "Action": "s3:PutObject",
      "Principal": {
        "AWS": "arn:aws:iam::XXXXXXXXX616:root"
      },
      "Resource": "arn:aws:s3:::divvy-billing-reports/*",
      "Effect": "Allow",
      "Sid": "StmtXXXXXXXXXXXXX"
    }
  ]
}

InsightCloudSec Configuration

1. Navigate to "Cloud --> Clouds" from the main navigation. Click on the name to select the AWS Cloud account from the Listing page.

Select Cloud AccountSelect Cloud Account

Select Cloud Account

2. Click the "Settings" tab for the selected cloud account, and scroll to the bottom of the page to view the "Configure Billing Bucket" section of the page.

3. From here you can configure the "Cost and Usage Report", or for legacy customers the "Detailed Billing Report (Legacy)".

4-a. For the "Cost and Usage Report" provide:

  • The name of the S3 bucket
  • The report path prefix
  • The region

4-b. For the "Detailed Billing Report (Legacy)" provide:

  • The name of the S3 bucket
  • The region

5. Click "Submit" when you have completed the bucket details based on your preferences.

Sample Configuration for Billing Bucket - Cost and Usage ReportSample Configuration for Billing Bucket - Cost and Usage Report

Sample Configuration for Billing Bucket - Cost and Usage Report

Viewing Cloud Costs

If you are just setting up a new billing bucket, you may need to wait as long as 24 hours to see the results of collected billing info. If you have previously set up a billing bucket and have just connected it to InsightCloudSec, results should be visible in only a few minutes. You can view costs associated with your AWS cloud by:

1. From the Clouds Listing page ("Cloud --> Clouds") locate the AWS cloud with a configured billing bucket that you want to view details around.

2. Click on the "Resources" menu to the left of your selected Cloud to open a filtered Resources main page, specific to the cloud you have selected.

3. Select Identity Management as the resources category.

4. Select Cloud Service Cost as the resource type.

Cloud Service CoCloud Service Co

Cloud Service Co

5. Scrolling will display cost breakdown details for the selected cloud, including Current Month Spend, Projected Month Spend, and Previous Month Spend - each broken out by service.

  • Note: these details vary slightly depending on your selected report (legacy or the new Cost & Usage Report)
Cloud Cost DetailsCloud Cost Details

Cloud Cost Details

Updated about a month ago

AWS Billing Bucket & Cost and Usage


Connecting the AWS Billing Bucket & Cost and Usage Report to InsightCloudSec

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.