This exercise involved configuring AWS Accounts and preparing Cost Optimization work while leveraging S3 Buckets and AWS QuickSight. My core objectives were to implement an account structure, configure billing services, enable detailed cost & usage info, and create a cost optimization team.
The steps I took were:
- Configure IAM Access: This was a simple task in my account settings. I successfully activated IAM user/role access to billing information. Image 1 shows confirmation.
- Create an Account Structure: I then created a 2nd Gmail account, made an organization named “Primary Org 1”, invited the 2nd account to the organization, and accepted the invitation thus unifying the accounts under one org. You can see in Image 2 that both accounts now successfully reside in Primary Org 1. I also enabled service control and tags for both accounts.
- Configure Cost and Usage Reports: I first went to the billing service. Then I went to make a Cost & Usage Report (named masterCUR). There were a handful of minor approvals and configurations, and easily the report was created in a new S3 bucket named “mastercostusagereport” (Image 3). Thereafter I configured the S3 bucket’s permissions & policies, ie. I added the read policy in JSON to Bucket Policies, and Object Ownership was updated to Bucket Owner Preferred.
- Enable Single Sign On (SSO): I first went to the SSO service, enabled single sign on, and then went to Groups (instead of Users). I then went back to users, created them and added them to the group (Image 4). Their emails needed verification, and after completing that task I went to Permission Sets in AWS Accounts. I then assigned users to the Permission Sets.
- Configure Account Settings: This involved clarifying Alternative Account Details in My Account for Billing, Operations & Security. Straightforward.
- Setup Amazon QuickSight: I setup QuickSight & linked the appropriate S3 bucket (Not yet selected in Image 5) & Amazon Athena (Image 5). I then set up my QuickSight IAM policies in the IAM Dashboard to ensure QuickSight can access necessary the S3 Bucket.
- Enable AWS Cost Explorer: This was straightforward, but since this was my first visit on this account to AWS Cost Explorer, it did take about 24 hours for AWS to populate the spend data. Image 6 shows the Cost Explorer interface once data was populated.
- Enable AWS-generated Cost Allocation Tags: I went to Billing, then Cost Allocation Tags, then activated them. (Image 7)
At this point the exercise was complete. I proceeded to tear down the project & clean my environment for future use.
Credit: This exercise was inspired & guided by a lab at wellarchitectedlabs.com