Terraform module to set up a Cost and Usage Report in a source (payer) account for use in Cost Intelligence Dashboards. The module creates an S3 bucket with the necessary permissions and configuration to replicate CUR data to the destination/aggregation account. If you are deploying Cost Intelligence Cashboards for a multi-payer environment, you can one instance of this module for each payer account.
provider "aws" {
profile = "src"
region = "us-west-2"
alias = "src"
}
provider "aws" {
profile = "src"
region = "us-east-1"
alias = "src_useast1"
}
provider "aws" {
profile = "dst"
region = "us-west-2"
alias = "dst"
}
provider "aws" {
profile = "dst"
region = "us-east-1"
alias = "dst_useast1"
}
# Configure exactly one destination account
module "cur_destination" {
source = "github.com/aws-samples/aws-cudos-framework-deployment//terraform-modules/cur-setup-destination
source_account_ids = ["1234567890"]
create_cur = false # Set to true to create an additional CUR in the aggregation account
# Provider alias for us-east-1 must be passed explicitly (required for CUR setup)
# Optionally, you may pass the default aws provider explicitly as well
providers = {
aws = aws.dst
aws.useast1 = aws.dst_useast1
}
}
# Configure one or more source (payer) accounts
module "cur_source" {
source = "github.com/aws-samples/aws-cudos-framework-deployment//terraform-modules/cur-setup-source"
destination_bucket_arn = module.cur_destination.cur_bucket_arn
# Provider alias for us-east-1 must be passed explicitly (required for CUR setup)
# Optionally, you may pass the default aws provider explicitly as well
providers = {
aws = aws.src
aws.useast1 = aws.src_useast1
}
}
For production deployments, you should lock the version of this module to a release tag to better
control when and what updates are made. To specify the release tag to use, append ?ref=VERSION
to the module source. For example, the following source reference will use the Terraform module
and Cloudformation template from version 0.2.13 of this module:
source = "github.com/aws-samples/aws-cudos-framework-deployment//terraform-modules/cur-setup-source?ref=0.2.13"
For a complete list of release tags, visit https://github.com/aws-samples/aws-cudos-framework-deployment/tags.
Note: The same syntax can be used to use pre-release/beta versions by specifying a branch name instead of a tag name
The following requirements are needed by this module:
-
terraform (>= 1.0)
-
aws (>= 3.0)
The following providers are used by this module:
-
aws (>= 3.0)
-
aws.useast1 (>= 3.0)
The following resources are used by this module:
- aws_cur_report_definition.this (resource)
- aws_iam_role.replication (resource)
- aws_s3_bucket.this (resource)
- aws_s3_bucket_lifecycle_configuration.this (resource)
- aws_s3_bucket_logging.this (resource)
- aws_s3_bucket_ownership_controls.this (resource)
- aws_s3_bucket_policy.this (resource)
- aws_s3_bucket_public_access_block.this (resource)
- aws_s3_bucket_replication_configuration.replication (resource)
- aws_s3_bucket_server_side_encryption_configuration.this (resource)
- aws_s3_bucket_versioning.this (resource)
- aws_caller_identity.this (data source)
- aws_iam_policy_document.bucket_policy (data source)
- aws_iam_policy_document.replication (data source)
- aws_iam_policy_document.s3_assume_role (data source)
- aws_region.this (data source)
The following input variables are required:
Description: Destination Bucket ARN
Type: string
The following input variables are optional (have default values):
Description: Suffix used to name the CUR report
Type: string
Default: "cur"
Description: !!!WARNING!!! EXPERIMENTAL - Do not use unless you know what you are doing. The correct key policies and IAM permissions
on the S3 replication role must be configured external to this module.
- The "billingreports.amazonaws.com" service must have access to encrypt objects with the key ID provided
- See https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-config-for-kms-objects.html for information
on permissions required for replicating KMS-encrypted objects
Type: string
Default: null
Description: Prefix used for all named resources, including the S3 Bucket
Type: string
Default: "cid"
Description: S3 Access Logging configuration for the CUR bucket
Type:
object({
enabled = bool
bucket = string
prefix = string
})
Default:
{
"bucket": null,
"enabled": false,
"prefix": null
}
The following outputs are exported:
Description: ARN of the S3 Bucket where the Cost and Usage Report is delivered
Description: Name of the S3 Bucket where the Cost and Usage Report is delivered
Description: ARN of the Cost and Usage Report
Description: ARN of the IAM role created for S3 replication
Description: ARN of the IAM role created for S3 replication