AWS Billing Bucket & Cost and Usage

This page has moved

For up-to-date information about AWS Configuration options, go to AWS Additional Configuration.

InsightCloudSec allows you to view billing information for your AWS accounts through the AWS Cost and Usage Report. To enable this feature, you must configure a billing bucket within the AWS console and connect your InsightCloudSec platform to the target report path.

Legacy Detailed Billing Report

InsightCloudSec still provides access to the legacy Billing Bucket report; however, the AWS Detailed Billing Report feature is unavailable for new AWS customers as of 07/08/2019. Read details about AWS’ legacy detailed billing report here.

Prerequisites

Before you get started you will want to make sure you have the following:

  • A functioning InsightCloudSec platform Installation with the appropriate admin permissions
  • The appropriate permissions to access the AWS Billing details through the AWS Console

For more information on configuring for AWS billing, read more on AWS.

AWS Console Configuration

Set up the Cost & Usage report

  1. Go to My Billing Dashboard (from your account profile, upper right), then select the "Cost & Usage Report" option from the main navigation. You will need the appropriate permissions to access the both the dashboard and the setup for this report.
  2. Click Create Report and complete the details.
  3. Click Configure to complete the S3 bucket configuration by doing the following. InsightCloudSec only supports ZIP and GZIP as compression types.
    • Entering an existing an existing S3 bucket name
    • Creating a new S3 bucket by providing a name and specifying the region
  4. Click Next to review the policy for your report.
  5. Select I have confirmed that this policy is correct, and click Save to finalize the report.
  6. On the AWS Cost and Usage Reports page, click the name of the new report to view the details. This is where you will retrieve the report path to provide to InsightCloudSec when you set up the configuration for the Cost Usage Report.
Setup for deprecated Billing Bucket

Legacy Billing Bucket Setup

Legacy Billing Report Support

You must have established your AWS account before this feature was deprecated to have access to this capability.

  1. Go to Account > My Billing Dashboard, then select Billing Preferences.
  2. Under Cost Management Preferences/Detailed Billing Reports (Legacy), check the box for Turn on the legacy detailed billing reports....
  3. Once you enable the legacy billing reports, make note of the bucket name.

The policy should be automatically created on that bucket, but in case you’d like to verify, we're providing a copy (below) of our policy on our billing bucket with some values changed/scrubbed.

json
1
{
2
"Version": "2008-10-17",
3
"Id": "Policy1372092530063",
4
"Statement": [
5
{
6
"Action": [
7
"s3:GetBucketAcl",
8
"s3:GetBucketPolicy"
9
],
10
"Principal": {
11
"AWS": "arn:aws:iam::XXXXXXXXX616:root"
12
},
13
"Resource": "arn:aws:s3:::divvy-billing-reports",
14
"Effect": "Allow",
15
"Sid": "StmtXXXXXXXXXXXXX"
16
},
17
{
18
"Action": "s3:PutObject",
19
"Principal": {
20
"AWS": "arn:aws:iam::XXXXXXXXX616:root"
21
},
22
"Resource": "arn:aws:s3:::divvy-billing-reports/*",
23
"Effect": "Allow",
24
"Sid": "StmtXXXXXXXXXXXXX"
25
}
26
]
27
}

InsightCloudSec Configuration

  1. Go to Cloud > Clouds and select the AWS Cloud account from the Listing page.
  2. On the Settings tab for the selected cloud account, and scroll to the bottom of the page to view the Configure Billing Bucket section of the page.
  3. From here you can configure the Cost and Usage Report, or for legacy customers the Detailed Billing Report (Legacy).
  4. For the Cost and Usage Report provide:
    • The name of the S3 bucket
    • The report path prefix
    • The region
  5. For the Detailed Billing Report (Legacy) provide:
    • The name of the S3 bucket
    • The region
  6. Click Submit when you have completed the bucket details based on your preferences.

Viewing cloud costs

If you are just setting up a new billing bucket, you may need to wait as long as 24 hours to see the results of collected billing info. If you have previously set up a billing bucket and have just connected it to InsightCloudSec, results should be visible in only a few minutes.

View cloud costs

  1. Go to Cloud > Clouds and locate the AWS cloud with a configured billing bucket that you want to view details around.
  2. Click on the Resources menu to the left of your selected Cloud to open a filtered Resources main page, specific to the cloud you have selected.
  3. Select Identity Management as the resources category.
  4. Select Cloud Service Cost as the resource type.
  5. Scrolling will display cost breakdown details for the selected cloud, including Current Month Spend, Projected Month Spend, and Previous Month Spend - each broken out by service.

The details vary slightly depending on your selected report (legacy or the new Cost & Usage Report).