All Collections
Onboarding
Clouds
AWS
AWS
Updated over a week ago

The Finout Console for AWS Configuration

To start using Finout to get cost observability into your cloud bill, we need access to your Amazon Cost and Usage Report (CUR).

Important note - if you have several Amazon accounts, please give access to the parent (or EDP) one.

Create a CUR in the AWS Console

(Skip this step if you already have it configured)

  1. Sign in to your AWS console, and create a new CUR.

  2. Name your report with an indicative name, such as “yourcompanyname-billing-reports”.

  3. Check these two checkboxes and click Next.

  4. On the next screen, choose Configure, and name it indicatively. For example; “finout-cur-reports”.

Important: Record the Bucket name as you will be required to enter it into the Finout console.

  1. Verify the policy by clicking Save.

  2. Give a path prefix and record this as you will be required to enter it into the Finout console.

  3. Configure it as shown below:

  4. Click Next and then click Review and Complete. The reports should be created after a few hours.

  5. Go to the cost allocation tags screen: https://console.aws.amazon.com/billing/home#/tags

  6. Verify that all the tags you want Finout to analyze in the present or future are active.

Important: If you do not activate a tag, then the data won’t be tagged in the CUR report; this cannot be added retroactively.

Grant Finout Access to Your CUR Bucket

After creating the CUR, you need to grant Finout access to your CUR Bucket by creating an IAM role using a CloudFormation or manually. We highly recommend using the CloudFormation method.

Grant Access Using CloudFormation (Recommended)

Create a CloudFormation Stack from a template by following the instructions on the AWS website.

Use the following Amazon S3 URL for your Stack template: https://finout-public-assets.s3.amazonaws.com/FinoutBillingAndMetricsReadOnlyRole.json

Complete the steps by filling in the “external-id” provided by the Finout console and the bucket name you created for your CUR.

Click Next and Submit until you get to the Stack details page. On this page, click Output and copy the value for the ARN IAM role. Paste this into the Finout console.

Grant Access Manually

  1. Copy your “external-id” from the Finout console.

  2. Click on creating a new cross-account role in IAM to create a role for Another AWS account.

  3. In the account ID, enter: 277411487094.

  4. Choose the option - Require external ID and enter the “external-id” you got from the Finout console.

  5. Click Next until the Review screen is displayed.

  6. Configure the review as shown below, with one exception: the role name should be: FinoutMetricsReadOnlyRole (unlike in the screenshot).

  7. Go to your newly created role.

  8. Copy the Role ARN and paste it into the Finout console.

  9. Click on Add permissions and choose Create inline policy.

  10. Select JSON, and paste this inside, while changing <CUR_BUCKET_NAME> to the bucket you created in the first section (or your existing CUR bucket).

    {
       "Version": "2012-10-17",
       "Statement": [
    {
    "Effect": "Allow",
    "Action": [
    "tag:GetTagKeys"
    ],
    "Resource": "*"
           },
           {
               "Effect": "Allow",
               "Action": [
                   "s3:Get*",
                   "s3:List*"
               ],
               "Resource": "arn:aws:s3:::<CUR_BUCKET_NAME>/*"
           },
           {
               "Effect": "Allow",
               "Action": [
                   "s3:Get*",
                   "s3:List*"
               ],
               "Resource": "arn:aws:s3:::<CUR_BUCKET_NAME>"
           },
           {
               "Effect": "Allow",
               "Action": [
                   "ec2:DescribeReservedInstances*",
                   "ec2:GetReservedInstances*"
               ],
               "Resource": "*"
           },
           {
               "Effect": "Allow",
               "Action": [
                   "savingsplans:DescribeSavingsPlan*"
               ],
               "Resource": "*"
           },
           {
                "Effect": "Allow",
                "Action": "organizations:ListAccounts",
                "Resource": "*"
            },
            {
                "Effect": "Allow",
                "Action": [
                    "ce:GetReservationUtilization",
                    "ce:GetSavingsPlansUtilization",
                    "ce:GetSavingsPlansUtilizationDetails",
                    "ce:GetCostAndUsage",
                    "ce:GetCostAndUsageWithResources"
                ],
                "Resource": "*"
            }
       ]
    }

  11. Click Next until the review screen, and name it finout-access-policy.

  12. Click Create policy to create your policy created for the IAM role.

Details in the Finout Console

  • Cost Center name - A custom name you can choose to name your AWS connection.

  • Role ARN - The Amazon Resource Name (ARN) specifies the role.

  • CUR bucket name - The S3 bucket name in which AWS stores your Cost and Usage Reports.

  • CUR folder name (Bucket prefix) - The folder in S3 in which the CUR files are located.

  • Region

For users using AWS, the CostOptimizer tool is available. This tool enables you to optimize costs and maximize the value of your AWS services through the buying and selling of Reserved Instances. For more detailed information on how to onboard to CostOptimizer, please refer to the relevant documentation.

Still need help? Please feel free to reach out to our team at [email protected].

Related Articles
Activating CostOptimizer
Did this answer your question?