Skip to content

wearetechnative/terraform-aws-quicksight-source

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.github/workflows
.github/workflows
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

Enabling AWS Cost and Usage Reports (CUR) with Terraform

This Terraform configuration enables AWS Cost and Usage Reports (CUR) by setting up an S3 bucket, necessary IAM roles and policies, and configuring the CUR report. The setup ensures that your CUR data is securely stored, replicated, and accessible for analysis.

Prerequisites

Before you begin, ensure you have the following:

  • Terraform installed on your local machine or server.
  • AWS CLI configured with credentials that have sufficient permissions to create S3 buckets, IAM roles, and CUR reports.
  • AWS Account with permissions to create resources such as S3 buckets, IAM roles, and CUR reports.
  • KMS Key: If you intend to use server-side encryption with AWS KMS, ensure you have the KMS key ID ready.

Files Included

This configuration includes the following Terraform files:

  • main.tf: Contains the primary resources for setting up the S3 bucket, IAM roles, and CUR report definition.
  • variables.tf: Defines the input variables required for the Terraform configuration.
  • outputs.tf: Specifies the outputs generated by the Terraform configuration.
  • versions.tf: Specifies the required Terraform and provider versions.
  • README.md: Documentation for the Terraform configuration.

Terraform Variables

This configuration uses several variables that you must define before applying the configuration. Below is a description of each variable:

  • resource_prefix: A prefix that will be used to name the resources, such as the S3 bucket.
  • kms_key_id: The KMS key ID used for server-side encryption (optional).
  • tags: Tags to apply to the created resources.
  • s3_access_logging: A map containing enabled, bucket, and prefix for S3 access logging configuration.
  • destination_bucket_arn: The ARN of the destination S3 bucket for replication.
  • cur_name_suffix: Suffix to append to the CUR report name.
  • enable_split_cost_allocation_data: Boolean to enable or disable split cost allocation data in the CUR report.

These variables can be defined in a terraform.tfvars file or passed directly via the command line when running Terraform.

Example terraform.tfvars

resource_prefix = "TechNative"
kms_key_id = "arn:aws:kms:us-east-1:123456789012:key/your-kms-key-id"
tags = {
  Environment = "Production"
  Owner       = "Finance"
}

s3_access_logging = {
  enabled = true
  bucket  = "my-logging-bucket"
  prefix  = "logs/"
}

destination_bucket_arn = "arn:aws:s3:::my-destination-bucket"
cur_name_suffix = "billing"
enable_split_cost_allocation_data = true

Usage

  1. Clone the Repository

    Clone this repository to your local machine using SSH:

    git clone git@github.com:wearetechnative/terraform-aws-quicksight-source.git
cd terraform-aws-quicksight-source

  2. Initialize Terraform

    Initialize the Terraform configuration by running:

    terraform init

  3. Plan the Terraform Deployment

    Generate an execution plan with the following command:

    terraform plan

    Review the plan to ensure that it matches your expectations.

  4. Apply the Terraform Deployment

    Apply the Terraform configuration to create the resources:

    terraform apply

    Confirm the prompt with yes to proceed with resource creation.

  5. Verify the Resources

    After Terraform completes, you can verify the creation of the S3 bucket, IAM roles, and other resources through the AWS Management Console or by using the AWS CLI.

    aws s3 ls
aws iam list-roles

  6. Check Cost and Usage Reports (CUR)

    Once the resources are in place, navigate to the AWS Billing Console to ensure that the CUR report is generated and saved in the S3 bucket as expected.

  7. Cleanup (Optional)

    If you ever need to remove the resources created by this Terraform configuration, you can run:

    terraform destroy

    Confirm the prompt with yes to remove the resources.

Example Configuration

Below is an example configuration for using this module with the necessary providers:

provider "aws" {
  profile = "data_collection"
  region  = "eu-central-1"
  alias   = "data_collection"
}

provider "aws" {
  region = "us-east-1"
  alias  = "useast1"
}

# Configure the sending account for CUR
module "cur_source_account" {
  source = "./source/"

  destination_bucket_arn       = "arn:aws:s3:::my-destination-bucket"

  providers = {
    aws.useast1 = aws.useast1
  }
}

Security Considerations

  • KMS Encryption: This configuration supports KMS encryption for the S3 bucket. Ensure that your KMS key has the appropriate permissions for the S3 bucket.
  • Bucket Policies: The S3 bucket policy restricts access to TLS 1.2 and HTTPS only, which is crucial for securing data in transit.
  • Access Logging: Enabling access logging on the S3 bucket is recommended to track and audit access to your bucket.

Outputs

After applying this Terraform configuration, the following outputs will be available:

  • s3_bucket_id: The ID of the S3 bucket created for CUR.
  • iam_role_arn: The ARN of the IAM role created for S3 replication.
  • cur_report_name: The name of the CUR report generated.

Troubleshooting

  • Access Denied Errors: Ensure that your AWS credentials have sufficient permissions to create and manage the resources defined in this Terraform configuration.
  • KMS Key Issues: If using KMS encryption, verify that the key exists and that your IAM roles have the correct permissions to use the key.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages