Klarity

Onboarding Billing Data

Page Sections

To add billing data, you must follow the process which applies to your CSP:

  • for Amazon Web Services (AWS), Google Cloud Platform (GCP), and Azure - Enterprise Agreement (EA), you must complete the in-app process that applies to your CSP. In stage 2 of the process, you must complete the in-app form with the information required for your CSP, as described below

  • for Azure-CSP, you follow a different process, as described below.

Adding Billing Data for Azure - CSP

You can onboard billing data for Azure - CSP on the condition that you are a Nordcloud Capacity Customer. To ensure that the relevant connection is made, please contact the Nordcloud Help Center.

Adding Billing Data for Azure EA

  1. To start onboarding billing data for Azure EA, in Klarity, in Accounts, click on Add Billing Data.

  2. In stage 1, select Azure EA, and then click on Next.

  3. In stage 2, be prepared to follow these steps:

Step 1. Log in to: https://ea.azure.com/

Step 2. In menu, select Management to view your enrollment number. Record this number for later use.

Step 3. In menu, select Reports. From the Download Usage tab, select API Access Key. Record this key for later use.

Step 4. From the above steps, add the following information to the in-app form:

  • Enrollment Number
  • Enrollment Access Key (NOTE: each key is valid for up to 6 months; after 6 months, you must generate and share the key again)
  1. To complete stage 2, after adding the required information, click on Next. Your billing data will be visible in Klarity in the next 48 hours.

Adding Billing Data for AWS

NOTE: When adding billing data for AWS, you must grant access to Nordcloud to:

  • BillingBucket (so that Nordcloud can access your billing data)
  • CostExplorer (so that Nordcloud can get and share cost-optimization recommendations)

Use the following Cloudformation template to set up access for Nordcloud: The following stack has to be deployed in US-EAST-1 region. The stack creates S3 bucket, builds trust relationship with Klarity’s AWS account, creates daily CUR and deploys a role for read-only access to the S3 bucket with CUR.

NOTE: US-EAST-1 is currently the only region where you can deploy CUR with CloudFormation

AWSTemplateFormatVersion: "2010-09-09"
Description: Grant access to an account for Nordcloud Capacity Services
Parameters:
  BillingBucket:
    Description: name of billing bucket (not arn)
    Type: String
    Default: ""
Resources:
  AccessToBucket:
    Type: AWS::IAM::Policy
    Properties:
      Roles:
        - !Ref NordcloudInsightRole
      PolicyName: BillingBucketAccess
      PolicyDocument:
        Statement:
          -
            Effect: Allow
            Action:
              - s3:ListBucket
              - s3:GetObject
            Resource:
              - Fn::Join:
                  - ""
                  -
                    - "arn:aws:s3:::"
                    - Ref: BillingBucket
              - Fn::Join:
                  - ""
                  -
                    - "arn:aws:s3:::"
                    - Ref: BillingBucket
                    - "/*"
          -
            Effect: Allow
            Action:
              - s3:GetBucketLocation
              - s3:ListAllMyBuckets
            Resource: "*"
  AccessToCostExplorer:
    Type: AWS::IAM::Policy
    Properties:
      Roles:
        - !Ref NordcloudInsightRole
      PolicyName: CostExplorerAccess
      PolicyDocument:
        Statement:
          -
            Effect: Allow
            Action: ce:*
            Resource: "*"
  NordcloudInsightRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          -
            Effect: Allow
            Principal:
              AWS: "arn:aws:iam::192799248640:root"
            Action: sts:AssumeRole
      RoleName: Nordcloud-Insight-Access
  NordcloudKlarityS3Bucket:
    Type: 'AWS::S3::Bucket'
    DeletionPolicy: Retain
    UpdateReplacePolicy: Retain
    Properties:
      BucketName: !Ref BillingBucket
      AccessControl: LogDeliveryWrite
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - BucketKeyEnabled: false # only SSE-S3 is allowed
            ServerSideEncryptionByDefault:
              SSEAlgorithm: 'AES256'
      VersioningConfiguration:
        Status: Suspended
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true
  NordcloudKlarityS3BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref 'NordcloudKlarityS3Bucket'
      PolicyDocument:
        Id: ElblogsBucketPolicy
        Statement:
          - Sid: AllowReadBilling
            Effect: Allow
            Principal:
              Service: billingreports.amazonaws.com
            Action:
            - s3:GetBucketAcl
            - s3:GetBucketPolicy
            Resource: !GetAtt NordcloudKlarityS3Bucket.Arn
            Condition:
              StringEquals:
                aws:SourceArn: !Sub 'arn:aws:cur:us-east-1:${AWS::AccountId}:definition/*'
                aws:SourceAccount: !Ref AWS::AccountId
          - Sid: AllowPutBilling
            Effect: Allow
            Principal:
              Service: billingreports.amazonaws.com
            Action: s3:PutObject
            Resource: !Sub 'arn:aws:s3:::${NordcloudKlarityS3Bucket}/*'
            Condition:
              StringEquals:
                aws:SourceArn: !Sub 'arn:aws:cur:us-east-1:${AWS::AccountId}:definition/*'
                aws:SourceAccount: !Ref AWS::AccountId
          - Sid: AllowSSLRequestsOnly
            Effect: Deny
            Principal: '*'
            Action:
              - s3:*
            Resource:
              - !Sub 'arn:${AWS::Partition}:s3:::${NordcloudKlarityS3Bucket}'
              - !Sub 'arn:${AWS::Partition}:s3:::${NordcloudKlarityS3Bucket}/*'
            Condition:
              Bool:
                "aws:SecureTransport": false
  NordcloudCurBucket:
    Type: AWS::CUR::ReportDefinition
    Properties:
      AdditionalArtifacts:
        - REDSHIFT
      AdditionalSchemaElements: ["RESOURCES"]
      Compression: GZIP
      Format: textORcsv
      RefreshClosedReports: true
      ReportName: CUR-Daily
      ReportVersioning: CREATE_NEW_REPORT
      S3Bucket: !Ref NordcloudKlarityS3Bucket
      S3Prefix: CUR
      S3Region: !Ref AWS::Region
      TimeUnit: DAILY
    DependsOn: NordcloudKlarityS3BucketPolicy

  1. Deploy CloudFormation stack mentioned above on your organisation's account. Stack has to be deployed in US-EAST-1 region.

  2. To start onboarding billing data for AWS, in Klarity, in Accounts, click on Add Billing Data.

  3. In stage 1, select AWS, and then click on Next.

  4. Fill in the required data

  • Master Account ID
  • Bucket Name (Input from CloudFormation Stack)

Disclaimer: Data to CUR report will be delivered after 24 hours from the report being created.

  1. After adding the required information, click on Next. Your billing data will be visible in Klarity in the next 48 hours.

Create Cost and Usage Report (CUR) Manually

Please select the option only if you have hard legal prerequisites about hosting your CUR reports in US-EAST-1 region.

Use the following Cloudformation template to set up access for Nordcloud. The stack creates S3 bucket , builds a trust relationship with Klarity’s AWS account and deploys a role for read-only access to the S3 bucket with CUR.

AWSTemplateFormatVersion: "2010-09-09"
Description: Grant access to an account for Nordcloud Capacity Services
Parameters:
  BillingBucket:
    Description: name of billing bucket (not arn)
    Type: String
    Default: ""
Resources:
  AccessToBucket:
    Type: AWS::IAM::Policy
    Properties:
      Roles:
        - !Ref NordcloudInsightRole
      PolicyName: BillingBucketAccess
      PolicyDocument:
        Statement:
          -
            Effect: Allow
            Action:
              - s3:*
            Resource:
              - Fn::Join:
                  - ""
                  -
                    - "arn:aws:s3:::"
                    - Ref: BillingBucket
              - Fn::Join:
                  - ""
                  -
                    - "arn:aws:s3:::"
                    - Ref: BillingBucket
                    - "/*"
          -
            Effect: Allow
            Action:
              - s3:GetBucketLocation
              - s3:ListAllMyBuckets
            Resource: "*"
  AccessToCostExplorer:
    Type: AWS::IAM::Policy
    Properties:
      Roles:
      - !Ref NordcloudInsightRole
      PolicyName: CostExplorerAccess
      PolicyDocument:
        Statement:
          -
            Effect: Allow
            Action: ce:*
            Resource: "*"
  NordcloudInsightRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          -
            Effect: Allow
            Principal:
              AWS: "arn:aws:iam::192799248640:root"
            Action: sts:AssumeRole
      RoleName: Nordcloud-Insight-Access

  1. Deploy CloudFormation stack mentioned above on your organisation's account in region you are using.

  2. Go to Cost and Usage Report (CUR) and follow the instructions: https://docs.aws.amazon.com/cur/latest/userguide/cur-create.html

While you are setting up your CUR, you must:

  • use the same bucket name as in the first step,
  • include Resource IDs in CUR settings,
  • set data refresh settings,
  • use daily granularity,
  • not set report versioning,
  • set path prefix to CUR (without a leading "/"),
  • enable data integration for Redshift with .gz compression.

Disclaimer: Data to CUR report will be delivered after 24 hours from the report being created.

  1. Go to Klarity and in Accounts section click on Add Billing Data.

  2. Select AWS, and click the Next button.

  3. Fill in the form with the following data:

  • Master Account ID
  • Bucket Name
  • Region
  • Path to CUR

note: Bucket Name - Bucket name you have created within CloudFormation stack in step 1. Note: Region - Region where the CUR has been created. Note: Path to CUR - Name of your report created in AWS Cost and Usage Reports along with Report path prefix. i.e. My-report/My-report-path

  1. After adding the required information, click on Next. Your billing data will be visible in Klarity in the next 48 hours.

Adding Billing Data for Google Cloud

  1. To start onboarding billing data for Google Cloud, in Klarity, in Accounts, click on Add Billing Data.

  2. In stage 1, select GCP, and then click on Next.

  3. In stage 2, be prepared to follow the following steps:

Step 1. Before exporting your Cloud Billing Data, you must set up a project to contain your BigQuery dataset.

Step 2. To export your Cloud billing data, follow these instructions: https://cloud.google.com/billing/docs/how-to/export-data-bigquery

Step 3. Create a Service Account, and set the following roles in that Service Account project:

  • BigQuery Data Viewer
  • BigQuery User

Step 4. From the above steps, add the following information to the in-app form:

  • Organization ID
  • Service Account Key (as a .json file)
  • Project Name
  • BigQuery DataSet Name
  • BigQuery Table name

You must ensure that the user has permission to use bigquery.jobs.create in the provided project.

  1. To complete stage 2, after adding the required information, click on Next. Your billing data will be visible in Klarity in the next 48 hours.
Edit this page on GitHub

Prev

~ Estates

Next

~ Kubernetes/OpenShift