Azure – You can now consolidate your cost management for AWS in Azure (preview)

Good news if you are using both Azure and Amazon Web Services (AWS) to host your workloads in cloud services: you can now have both your Azure and AWS cost reporting in the Azure Cost Management blade.

You need to know this is free during the preview and then a 1% fee will incur at general availability.

 

Configure AWS for Azure connector

Create cost report

First create the required objects and reports in AWS:

  • First you need to create a cost report (unless you already have set it up) by accessing the Billing and Cost Management console and then Cost and Usage Reports

imageimage

  • Create a new report and choose to Include resource IDs

image

  • Configure the S3 bucket – you can either create new one or reuse an existing one, select an Hourly report and if you want a new report version or overwrite the existing one and finally choose GZIP as format. There is no need to enable additional integration

image

To create the required objects, connect to your AWS console (https://console.aws.amazon.com)

Create AWS Policy

  • A policy need to be created to grant appropriate permission for Azure Cost Management to access AWS cost reports
  • Search for IAM services and access the Policies section to create a new policy

image  image

    • Click on Choose a service to select the Cost and Usage Report and complete the policy creation

    NOTE you may have already created a policy for the Cost and Usage Report; in this case, just search for it in the Policy list instead of creating a new one

    image  image

    • The next step is to allow Azure Cost Management to read the CUR report. Define the Access Level to . Set the permission to Read and then click the Add additional permissions link available bottom right to configure the access to the S3 bucket list

    image

    • Click on Choose a service to select the S3 and set the permission (Access Level) to List\ListBucket

    image

    • Then add the Read\GetObject permission. This will allow Azure Cost Management to download the billing files

    image

    • Then edit the Resources section to select bucket and Add ARN and enter the bucket name used to save the CUR files

    image  image

    • Then enable Any for the object option

    image

    • Add ARN to the bucket and set to any for object

    imageimage

    • Click again on Add additional permissions and search for Cost Explorer Service

    image

    • Enable the All Cost Explorer Service actions option

    image

    • Click one more time on Add additional permissions and search for Organizations

    image

    • And set the Access Level to List\ListAccounts

    image

    • The policy configuration is now completed; click on Review Policy to name the policy and review the configuration and then Create Policy

    image

    • You are now back to the initial Policies page. A message should be shown to confirm the policy creation

    image

 

Create AWS role

  • Then access the Roles section to create the appropriate role

image

  • Then choose Another AWS account and fill the Account ID with the value 432263259397

image

It is recommended to enable the Require external ID option; this is a shared passphrase. The same value will be filled in the Azure Connector later on.

Do not enable MFA option, otherwise the Azure Connector will not be able to access AWS

  • At the Permissions step, search for the policy create above and select it

image

  • Click the Next: Tags button available at the bottom right to continue and add any Tag you need/want (this step is optional), then click Next: Review
  • Name the new role and click Create role

image

Keep you AWS console open as you will have to get back to it to get some values.

 

Create the Azure Connector

Then you need to create a connector from Azure to AWS to gather the cost data; connect to https://aka.ms/costmgmt/connectors and create the connector.

You can also use the Cost Management & Billing\Cost Management\Cloud Connectors blade

image

  • If you want to first evaluate the preview you do not need to check the “Automatically charge the 1%” check box. If you don’t check you will have to ensure later the connector is not expired

image  image

  • Then fill the required fields:
    • Role ARN: this is the role you have created in AWS for users to access the cost management and reporting. The format must be arn:aws:iam::<account_number>:role/<role_name>. You can get it by accessing the properties of the Role created above
    • External ID: this is the ID of the role above. This is the value you set when enabling the Require external ID 
    • Report Name: name of the cost and usage report in AWS you create before the Policy and Role

image  image

  • Then it may take few hours to complete the connector creation and configuration

imageimage

  • You can use the Refresh button to check when the AWS connector has doing the cost update

Once everything has been completed and the connector successfully created you will then be able to get in one place your Azure and AWS costs

Leave a Comment

Your email address will not be published.