Amazon Web Services Configuration
This guide provides information on how to integrate an AWS environment with the Binadox multi-cloud cost management and optimization platform to plan, analyze and reduce infrastructure costs.
To successfully integrate Binadox with an AWS account, it is required to create a new IAM user with access to the AWS API, read-only access to billing data and certain AWS services for drill-down analysis, as well as to create an S3 bucket for AWS cost and usage reports.
1. Delegate Access to the AWS Billing and Cost Management Console
Before you add a new IAM user to represent Binadox, it is required to enable billing access on your AWS account and create an IAM policy that will allow Binadox to view billing data for cost optimization.
1.1 Enable Access to Billing Data
By default, IAM user access to the Billing and Cost Management Console is disabled. Enable it for an IAM billing policy to take effect.
1. Sign into the AWS Management Console with root account credentials.
1.2 Create an IAM Policy that Grants Permissions to Billing Data
After enabling billing access on your AWS account, you need to explicitly grant Binadox permission to view the Billing and Cost Management Console pages with a customer managed policy.
1. To adhere to IAM best practices, you may sign into the AWS Management Console with administrator credentials. Go to the IAM Console. It can be found by clicking on Services on the menu bar at the top. Type in “IAM” in the search bar or select it in the Security, Identity, & Compliance group.
6. In the Review policy view, indicate a policy name and description (optional). Click Create policy (see Clause 3 on how to attach this policy while creating a new IAM user).
2. Create an S3 Bucket
Create an Amazon S3 bucket in your AWS account to store the cost and usage report files.
1. Go to the Billing and Cost Management console. In the navigation pane on the left, click Cost and Usage Reports. Click the Create report button.
2. At Step 1. Report content, specify the following:
– Enter a name for the report (e.g. binadox-report) into the Report name – required field.
– In the Additional report details section, select the Include resource IDs checkbox.
– In the Data refresh settings section, select the Automatically refresh your Cost & Usage Report when charges are detected for previous months with closed bills checkbox.
4. In the Configure S3 Bucket dialogue box, enter a bucket name into the S3 bucket name field. Select the US East (N. Virginia) region in the Region drop-down list. Click Next.
The bucket name is one of the parameters required for integration of your AWS account with Binadox.
6. Continue to specify the Delivery options:
– Leave Report path prefix not selected.
– In the Time granularity section, select the Daily radio button.
– In Report versioning section, select the Overwrite existing report radio button.
– Leave Enable report data integration for not selected.
– Select the GZIP format in the Compression type drop-down list.
It can take up to 24 hours for AWS to start delivering reports to your Amazon S3 bucket. Binadox will recalculate data during the next scheduled data update.
3. Add a New IAM User
For Binadox usage monitoring and cost optimization, it is required to create a new IAM user and grant this user permissions to the AWS API, read-only access to billing data, an S3 bucket and certain AWS services for drill-down analysis.
1. To add a new IAM user in the AWS Management Console, go to the Identity and Access Management (IAM) Console.
3. Fill in user details and indicate an AWS access type:
– In the Set user details section, type in a user name in the User name field (e.g. Binadox).
– In the Select AWS access type section, select both the Programmatic access and AWS Management Console access checkboxes.
– In the Console password list, select either the Autogenerated or Custom password radio button.
– Leave the Require password reset checkbox not selected.
4. In the Set permissions section, click Attach existing policies directly.
– Select a newly created IAM policy that grants Binadox read-only access to billing data. To locate it, enter its name in the search box. Put a tick mark against the name. (see Clause 1 on how to create an IAM policy that grants permissions to billing data).
– Select the following AWS managed policies that specify permissions to required AWS services:
7. Copy security credentials. You will not be able to see them again. However, you can create new credentials for this user at any time, if necessary (see AWS Documentation on how to generate new security credentials). Click Close.
4. Locate an AWS Account ID
To integrate an AWS account with Binadox, it is required to specify an AWS account ID. Go to the IAM Console. An AWS account ID is located at the bottom of the navigation pane on the left. Copy it to the clipboard.
5. Create New Connection for AWS in Binadox
1. Log into your Binadox account.
4. Enter security credentials (an access key ID, a secret access key, a username and a console password) of a newly created user into the corresponding fields (see Clause 3 on how to create a new IAM user and grant him required permissions). Enter an AWS account ID (see Clause 4 on how to locate an account ID) and an S3 bucket name (see Clause 2 on how to create an S3 bucket and specify report details). Click Connect.