Terraform module to set up a Cost and Usage Report in a destination/aggregation account for use in Cost Intelligence Dashboards. The module creates an S3 bucket with the necessary permissions for replicating CUR data from one or more source accounts. If the aggregation account is part of a different payer and is not covered in the CUR from the source accounts, the module can create a new Cost and Usage Report local to the aggregation account.
Note
For complete usage documentation of using this module together with the cur-setup-source module, refer to the main Terraform Deployment Instructions.
provider "aws" {
region = "us-west-2"
}
provider "aws" {
region = "us-east-1"
alias = "useast1"
}
module "cur_destination" {
source = "github.com/aws-samples/aws-cudos-framework-deployment//terraform-modules/cur-setup-destination"
source_account_ids = ["1234567890"]
create_cur = false # Set to true to create an additional CUR in the aggregation account
# Provider alias for us-east-1 must be passed explicitly (required for CUR setup)
providers = {
aws.useast1 = aws.useast1
}
}
For production deployments, you should lock the version of this module to a release tag to better
control when and what updates are made. To specify the release tag to use, append ?ref=VERSION
to the module source. For example, the following source reference will use the Terraform module
and Cloudformation template from version 0.2.13 of this module:
source = "github.com/aws-samples/aws-cudos-framework-deployment//terraform-modules/cur-setup-destination?ref=0.2.13"
For a complete list of release tags, visit https://github.com/aws-samples/aws-cudos-framework-deployment/tags.
Note: The same syntax can be used to use pre-release/beta versions by specifying a branch name instead of a tag name
The following requirements are needed by this module:
-
terraform (>= 1.0)
-
aws (>= 3.0)
The following providers are used by this module:
-
aws (>= 3.0)
-
aws.useast1 (>= 3.0)
The following resources are used by this module:
- aws_cur_report_definition.this (resource)
- aws_s3_bucket.this (resource)
- aws_s3_bucket_lifecycle_configuration.this (resource)
- aws_s3_bucket_logging.this (resource)
- aws_s3_bucket_ownership_controls.this (resource)
- aws_s3_bucket_policy.this (resource)
- aws_s3_bucket_public_access_block.this (resource)
- aws_s3_bucket_server_side_encryption_configuration.this (resource)
- aws_s3_bucket_versioning.this (resource)
- aws_caller_identity.this (data source)
- aws_iam_policy_document.bucket_policy (data source)
- aws_partition.this (data source)
- aws_region.this (data source)
The following input variables are required:
Description: Whether to create a local CUR in the destination account or not. Set this to true if the destination account is NOT covered in the CUR of the source accounts
Type: bool
Description: List of all source accounts that will replicate CUR Data. Ex: [12345678912,98745612312,...] (fill only on Destination Account)
Type: list(string)
The following input variables are optional (have default values):
Description: Suffix used to name the local CUR report if create_cur is true
Type: string
Default: "cur"
Description: Enable split cost allocation data for ECS and EKS for this CUR report
Type: bool
Default: false
Description: !!!WARNING!!! EXPERIMENTAL - Do not use unless you know what you are doing. The correct key policies and IAM permissions
on the S3 replication role must be configured external to this module.
- If create_cur is true, the "billingreports.amazonaws.com" service must have access to encrypt S3 objects with the key ID provided
- See https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-config-for-kms-objects.html for information
on permissions required for replicating KMS-encrypted objects
Type: string
Default: null
Description: Prefix used for all named resources, including S3 Bucket
Type: string
Default: "cid"
Description: S3 Access Logging configuration for the CUR bucket
Type:
object({
enabled = bool
bucket = string
prefix = string
})
Default:
{
"bucket": null,
"enabled": false,
"prefix": null
}
Description: Map of tags to apply to module resources
Type: map(string)
Default: {}
The following outputs are exported:
Description: ARN of the S3 Bucket where the Cost and Usage Report is delivered
Description: Name of the S3 Bucket where the Cost and Usage Report is delivered
Description: ARN of the Cost and Usage Report