Prerequisites for CCI

preview

We're still working on this feature, but we'd love for you to try it out!

This feature is currently provided as part of a preview program pursuant to our pre-release policies.

Prepare your AWS environment for Cloud Cost Intelligence (CCI) integration by following these prerequisites, including setting up consolidated billing, enabling cost and usage reports, configuring IAM roles and policies for secure access, and activating necessary AWS regions. Ensure your setup supports effective cost analysis and management within the New Relic platform.

Prerequisites

AWS Cost and Usage Reports (CUR) will be stored in an S3 bucket. We recommend the S3 bucket to be created in the us-east-2 region. Follow these steps to create a dedicated bucket:

Sign in to the AWS Management Console.
Navigate to S3 service.
Click Create bucket.
Enter a unique bucket name (e.g <your-company-name>-billing).
Configure bucket settings:
- Enable versioning
- Disable public access (recommended)
- Enable default encryption (recommended)
Tags (Optional): Add any tags if needed for your organization's resource management.
Click Create bucket.
중요
Remember the bucket name as you'll need them in the following steps and installation steps on CCI.

Create a Cost and Usage Report to be delivered to your S3 bucket:

Sign in to the AWS Management Console.
Navigate to the Billing Dashboard.
In the left navigation pane, click Cost & Usage Analysis.
Click Data Exports and then Create.

Configure report settings:

Setting	Value	Description
Export Type	`Standard Data Export`	Provides detailed information about usage and costs, suitable for most billing and cost analysis use cases.
Export Name	`Name`	Export name that provides context to the CUR report. (`eg-<company name-billing-cci>`)>
Data Table	`CUR 2.0`	CUR 2.0 supports the latest FOCUS format table structure.
Include Resource IDs	`ON`	Enables detailed tracking of costs associated with individual AWS resources, aiding in fine-grained analysis and billing.
Split Cost Allocation Data	`OFF`	If not specifically needed, keeping this option off simplifies the data structure. It avoids separating data based on custom cost categories or splits. This might be left off unless detailed cost allocation splits are necessary for your analysis.
Time granularity	`Hourly`	Sets the time granularity to hourly. This setting is essential for enabling detailed cost and usage analysis, which supports the platform's functionality.
Compression type	`Parquet`	A columnar storage file format that enhances query performance and reduces storage space, beneficial for processing large data volumes efficiently.
File Versioning	`Create New Report Version`	Each update to the CUR creates a new version. This retains historical reports, which are useful for auditing and tracking cost changes over time.
Data Refresh Settings	`AUTOMATIC`	Ensures that CUR data is kept up-to-date with the latest usage and cost information without manual intervention.
Data Export Setting S3 Bucket	`Existing (Select the bucket created in Step 1)`	The CUR file created would be saved in the S3 bucket with a defined path described below. Agree to overwrite the policy (we would map the policy with a new one in next step)
S3 path prefix	`cost-and-usage-reports`	Ensures that your Cost and Usage Reports (CUR) are organized and stored correctly within the S3 bucket, facilitating efficient access and management.

Click Next and then Create report.
중요
Remember the export name as you'll need them in the integration step on CCI. Also, validate the S3 path prefix to be cost-and-usage-reports.
Note
The first CUR report will be delivered within 24 hours. Subsequent reports are delivered on a periodic basis.

Create an IAM policy that grants CCI the necessary permissions to access your CUR data:

Sign in to AWS Management Console.
Navigate to IAM service.
Click Policies in the left navigation pane.
Click Create policy.
Switch to the JSON editor and paste the following policy:
```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": ["s3:Get*", "s3:List*"],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::<bucket-name>/*",
        "arn:aws:s3:::<bucket-name>"
      ],
      "Sid": "AccessMasterPayerBillingBucket"
    },
    {
      "Effect": "Allow",
      "Action": [
        "pricing:DescribeServices",
        "pricing:GetAttributeValues",
        "pricing:GetProducts",
        "pricing:GetPriceListFileUrl",
        "pricing:ListPriceLists"
      ],
      "Resource": ["*"]
    }
  ]
}
```
중요
Replace bucket-name with the actual name of the S3 bucket you created in S3 bucket for Cost and Usage reports step.
Click Next.
Name the policy CCI-Access-Policy (or your preferred name).
Add a description.
Click Create policy.

Create an IAM role that CCI will assume to access your CUR data:

Sign in to AWS Management Console.
Navigate to IAM service.
Click Roles in the left navigation panel.
Click Create role.
Select Custom Trust Policy in the trusted entity type section.

Paste the following role definition in the editor:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::207192125115:user/cci_global_user"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "<externalID>"
        }
      }
    }
  ]
}

Note

The externalId is a dynamic unique identifier of CCI integration service, it’s generated once we move back to CCI to start the integration.

Click Next.
Attach the policy created in IAM policy for CCI access step.
Click Next.
Role name: CCI-Access-Role (or your preferred name).
Add a description (optional).
Click Create role.
After role creation, note the Role ARN (displayed on the role summary page).
중요
You'll need to provide the Role ARN to CCI during the integration process.

Prerequisites for real-time cost estimation

To enable real-time estimated cost viewing in CCI, ensure you meet the specific prerequisites associated with your instrumentation method:

Method	Description	When to choose	Prerequisites
Infrastructure agent and integrations	Uses the New Relic Infrastructure Agent for detailed monitoring.	Select for deep visibility/control, ideal for standalone EC2, EKS/EC2, or ECS/EC2 setups.	If you have standalone EC2, install the New Relic infrastructure agent. If you have EKS/EC2, install the Kubernetes integration. If you have ECS/EC2, install the ECS integration. This method is not supported for AWS Fargate.
Cloud integration (metrics)	Utilizes AWS CloudWatch metrics for near real-time monitoring.	Opt when real-time data is essential. Suitable for dynamic environments needing up-to-date insights.	Set up Amazon CloudWatch Metric Streams.
Cloud integration (polling) - legacy	Collects data by polling AWS services at intervals.	Suitable for environments tolerating less frequent updates. Legacy option used when metrics-based approach is less feasible.	Set up AWS polling integrations.

Prerequisites for Kubernetes cost allocation

Install the Kubernetes integration. AWS Fargate integration is not supported for this feature.
Beyond the standard Kubernetes labels (app.kubernetes.io/name, app.kubernetes.io/instance, app.kubernetes.io/component, and app.kubernetes.io/part-of), consider adding two custom labels such as environment and team to indicate the deployment environment and the responsible team. Also, consider adding two custom resource tags such as project and costCenter. These labels and resource tags will help you better segment and analyze your Kubernetes cost allocation data.

Recommendations

Configure cost allocation tags in your AWS account. Tagging facilitates detailed and meaningful cost categorization. Ensure that at least two custom resource tags are consistently applied across your AWS resources for effective cost filtering and grouping.
Use an S3 bucket located in the us-east-2 region for optimal performance and cost efficiency.

Access control advisory

All users with access to the designated New Relic account/organization can view your AWS cloud cost data within Cloud Cost Intelligence. We encourage you to carefully select the appropriate New Relic account/organization that aligns with your internal access control policies to ensure secure and compliant handling of cloud cost data.

중요

S3 bucket access

New Relic only requires read access to your S3 bucket, and this access is limited to a single IAM role from the New Relic side. Ensure that this access level is maintained to protect your data while facilitating necessary operations.

preview

Prerequisites

AWS account with appropriate permissions

S3 bucket for Cost and Usage reports

중요

AWS Cost and Usage Reports configuration

중요

Note

IAM policy for CCI access

중요

IAM role for CCI to assume

Note

중요

Prerequisites for real-time cost estimation

Prerequisites for Kubernetes cost allocation

Recommendations

Access control advisory

중요

Prerequisites for CCI

preview

Prerequisites.css-21sua1{background:none;border:none;width:0;padding:0;}

S3 bucket for Cost and Usage reports

AWS Cost and Usage Reports configuration

IAM policy for CCI access

IAM role for CCI to assume

Prerequisites for real-time cost estimation

Prerequisites for Kubernetes cost allocation

Recommendations

Access control advisory

중요

Prerequisites