Connecting AWS
Connecting AWS Accounts To CloudZero
To get started with AWS, you only need to connect your management / payer account(s) to CloudZero. This will pull in the cost for all the linked accounts that roll-up to the management account(s). While not required, to get the full value from the Platform you should also connect all the linked (aka “resource”) accounts to CloudZero.
| Data | Management / Payer Account Connection | Resource / Linked Account Connection |
|---|---|---|
| Cost Data For ALL Accounts | X | |
| Ability to Connect Kubernetes Clusters To CloudZero | The account(s) with K8s Clusters | The account(s) with K8s Clusters |
| Resource Details On The Resource Detail Page For The Individual Account Connected (Example = EC2 Image ID, RDS Engine Version, etc) | X | X |
| Trusted Advisor Cost Optimization Recommendations For The Individual Account Connected | X | X |
To connect any account, the easiest and quickest way to get started is to use CloudZero’s CloudFormation UI (CloudZero documentation). We recommend this for all payer / management accounts (at a minimum). If you’d like to deploy the roles / resources manually to any account you can follow the manual instructions here: management / payer accounts or linked / resource accounts.
- For manually connected management / payer accounts, please note that CloudZero requires an hourly Cost and Usage Report (CUR) with resource level detail exporting to CSV.
- For manually connecting linked / resource accounts, there is a way to configure your accounts to automatically connect to CloudZero if you have dozens or hundreds of accounts. If you’re interested in that behavior, please contact your FinOps Account Manager or e-mail CloudZero Support.
After connecting a management / payer account, you should always review your cost allocation tags to make sure you can access all your relevant resource level tags within CloudZero (CloudZero documentation).
Common Questions
Do I have to create a new CUR for my management / payer account connection?
- ANSWER - No. CloudZero always prefers to reuse a CUR if there’s one compatible. You can find CUR Requirements in Step 1 here. If you’re connecting with CloudZero’s automated CloudFormation script, it will attempt to reuse a CUR if possible.
How much data will CloudZero ingest?
- ANSWER - CloudZero will ingest however much information is in the CUR. If a new CUR is created as a part of connecting the management / payer account, AWS will normally populate the current month and possibly data for the prior month.
What if I have historical CUR data in an unsupported CUR format?
- CUR Requirements can be found in Step 1 here
- ANSWER - So long as the CUR is hourly and has resource level data, CloudZero can most likely ingest the historical data. Please reach out to your FinOps Account Manager or email CloudZero Support for more information.
What are the specific IAM permissions CloudZero needs?
- ANSWER - You can find the specific set of permissions if you go to the payer account manual connection page here. This lists both the managed policies attached to the role and the custom inline policy.
Does CloudZero support CUR 2.0?
- ANSWER - No. CUR 2.0 has issues consistently applying tagging to resources which makes it incompatible with common FinOps objectives. CloudZero is in the process of supporting CUR 2.0 for when AWS resolves the tag problems.
Updated about 2 months ago