Good news if you are using both Azure and Amazon Web Services (AWS) to host your workloads in cloud services: you can now have both your Azure and AWS cost reporting in the Azure Cost Management blade.
You need to know this is free during the preview and then a 1% fee will incur at general availability.
Configure AWS for Azure connector
Create cost report
First create the required objects and reports in AWS:
- First you need to create a cost report (unless you already have set it up) by accessing the Billing and Cost Management console and then Cost and Usage Reports
- Create a new report and choose to Include resource IDs
- Configure the S3 bucket – you can either create new one or reuse an existing one, select an Hourly report and if you want a new report version or overwrite the existing one and finally choose GZIP as format. There is no need to enable additional integration
To create the required objects, connect to your AWS console (https://console.aws.amazon.com)
Create AWS Policy
- A policy need to be created to grant appropriate permission for Azure Cost Management to access AWS cost reports
- Search for IAM services and access the Policies section to create a new policy
- Click on Choose a service to select the Cost and Usage Report and complete the policy creation
- The next step is to allow Azure Cost Management to read the CUR report. Define the Access Level to . Set the permission to Read and then click the Add additional permissions link available bottom right to configure the access to the S3 bucket list
- Click on Choose a service to select the S3 and set the permission (Access Level) to List\ListBucket
- Then add the Read\GetObject permission. This will allow Azure Cost Management to download the billing files
- Then edit the Resources section to select bucket and Add ARN and enter the bucket name used to save the CUR files
- Then enable Any for the object option
- Add ARN to the bucket and set to any for object
- Click again on Add additional permissions and search for Cost Explorer Service
- Enable the All Cost Explorer Service actions option
- Click one more time on Add additional permissions and search for Organizations
- And set the Access Level to List\ListAccounts
- The policy configuration is now completed; click on Review Policy to name the policy and review the configuration and then Create Policy
- You are now back to the initial Policies page. A message should be shown to confirm the policy creation
NOTE you may have already created a policy for the Cost and Usage Report; in this case, just search for it in the Policy list instead of creating a new one
Create AWS role
- Then access the Roles section to create the appropriate role
- Then choose Another AWS account and fill the Account ID with the value 432263259397
It is recommended to enable the Require external ID option; this is a shared passphrase. The same value will be filled in the Azure Connector later on.
Do not enable MFA option, otherwise the Azure Connector will not be able to access AWS
- At the Permissions step, search for the policy create above and select it
- Click the Next: Tags button available at the bottom right to continue and add any Tag you need/want (this step is optional), then click Next: Review
- Name the new role and click Create role
Keep you AWS console open as you will have to get back to it to get some values.
Create the Azure Connector
Then you need to create a connector from Azure to AWS to gather the cost data; connect to https://aka.ms/costmgmt/connectors and create the connector.
You can also use the Cost Management & Billing\Cost Management\Cloud Connectors blade
- If you want to first evaluate the preview you do not need to check the “Automatically charge the 1%” check box. If you don’t check you will have to ensure later the connector is not expired
- Then fill the required fields:
- Role ARN: this is the role you have created in AWS for users to access the cost management and reporting. The format must be arn:aws:iam::<account_number>:role/<role_name>. You can get it by accessing the properties of the Role created above
- External ID: this is the ID of the role above. This is the value you set when enabling the Require external ID
- Report Name: name of the cost and usage report in AWS you create before the Policy and Role
- Then it may take few hours to complete the connector creation and configuration
- You can use the Refresh button to check when the AWS connector has doing the cost update
Once everything has been completed and the connector successfully created you will then be able to get in one place your Azure and AWS costs