Cloud Cost Management (CCM) FAQs

Updated 2 weeks ago by Archana Singh

This article addresses some frequently asked questions about Harness Cloud Cost Management (CCM).

Connectors

This section addresses some frequently asked questions about connectors.

AWS

Do I need to create an AWS connector for all my linked accounts?

No. You can create an AWS connector in the master or linked account. CCM requires one connector per AWS account (master or linked).

It is recommended to create a CUR at the master account to avoid the CUR creation step for each linked account. For more information, see AWS Connector Requirements and Cost and Usage Reports (CUR) and CCM Requirements.

What kind of access does Harness CCM need to the cost and usage reports (CUR)?

If you have a consolidated billing process enabled, then CCM needs read-only access to the cost and usage reports (CUR) stored in the S3 bucket in the master or payer account. This gives access to the cost data for all the accounts (linked/member) in the organization.

If you don't have consolidated billing enabled at the organization level then you can create the CUR at a linked account level.

How does data flow from the source S3 bucket to the CCM?

Read through this article to understand the flow of data from the S3 bucket to CCM.

Do I need to create a CloudFormation stack?

Yes. You need to create a Cloudformation stack to provision IAM Roles and corresponding policies to grant access for the required features.

Do you import the data into your account?

The CUR reports are imported into our account. CCM stores them securely with read-only access.

How long does it take to show AWS billing data in CCM? Why?

AWS ingests data at source (S3 bucket) four times a day. CCM takes about two hours to make the data available for viewing and analysis once it is available at the source.

What AWS access permissions/policies are required for CCM?

See AWS Access Permissions for the details.

Can I delete CUR files from the source S3 bucket after they've been ingested in CCM to save on S3 storage costs?

Yes, the CUR files can be deleted; however, it is recommended that you store the last 6 months of data on the source side. CCM keeps a copy of the raw CUR files.

Do I require a Delegate in order to connect to AWS?

No. You need the Delegate only when connecting to a Kubernetes cluster, such as EKS. ECS Cluster costs are pulled via IAM Roles.

What types of access do you get to my accounts?

CCM gets read-only access to the cost data along with a list of all the member (or linked) accounts. CCM does not get access to any other privileges. However, for AutoStopping CCM requires additional privileged permissions to orchestrate the underlying infrastructure. See AWS Resource Optimization Using AutoStopping Rules.

Can CCM get historical data from the CUR?

Yes, CCM can sync the entire data if CUR files are available at the source. If a new CUR file is made available at source (even for previous months), CCM will sync and correct the data.

Azure

Can I create multiple Azure connectors for each Harness Account?

Yes, you can create multiple Azure connectors for each Harness Account.

  • You can create multiple Azure connectors per Azure Tenant with unique subscription IDs.
  • If you have separate billing exports for each of your subscriptions in your Azure account, set up separate connectors in Harness to view the cloud cost of all the subscriptions in CCM.
  • See Set Up Cloud Cost Management for Azure.
What types of access do you get to my accounts?

CCM gets only read permissions to the storage account in which the billing data export is available.

How long does it take to show Azure billing data in CCM? Why?

Azure ingests data at source (storage account) once a day. CCM takes about two hours to make the data available for viewing and analysis once it is available at the source.

How does data flow from the source storage account to the CCM?

Read through this article to understand the flow of data from the Azure storage account to CCM.

Do I require a Delegate in order to connect to Azure?

No. You need the Delegate only when connecting to a Kubernetes cluster, such as AKS.

Can I delete the billing export from the source storage account after they've been ingested in CCM to save on the storage costs?

Yes, the billing export can be deleted; however, it is recommended that you store the last 6 months of data on the source side. CCM keeps a copy of the raw billing export.

Can CCM get historical data from the CUR?

Yes, CCM can sync the entire data if CUR files are available at the source without any limits. If a new CUR file is made available at source (even for previous months), CCM will sync and correct the data.

Azure connector is failing in the validation step and says “Authorization permission mismatch”. What could be the reason?

Sometimes Azure takes time to propagate/refresh the access settings on the storage account. Wait for a few mins 3-5mins and click on the Test button again in Harness.

GCP

How does data flow from the source billing table (GCP) to the CCM?

Read through this article to understand the flow of data from GCP to CCM.

How long does it take to show GCP billing data in CCM? Why?

GCP ingests data at source (billing data) at less frequent intervals. CCM takes about two hours to make the data available for viewing and analysis once it is available at the source. For the Non-U.S. regions, it may take slightly longer to show up the data.

Do I require a Delegate in order to connect to GCP?

No. You need the Delegate only when connecting to a Kubernetes cluster, such as GKE.

Can CCM get historical data from the GCP billing data?

CCM pulls in data for the last 6 months, however, it can be increased further upon request. Contact Harness Support to do so.

Kubernetes

How long do I need to wait before data appears for Kubernetes? Why?

Once you enable CCM, for the first cluster the data is available within a few minutes for viewing and analysis. However, you will not see the idle cost because of the lack of utilization data. CCM generates the last 30 days of the cost data based on the events we collect of the initial cluster state at the time of connecting. From the second cluster onwards, it takes about 2–3 hours for the data to be available for viewing and analysis.

Do I need to add Kubernetes cloud provider connectors for each Kubernetes cluster?

Yes, you need to add a Kubernetes cloud provider for each Kubernetes cluster. One connector can access only one cluster.

Do I need to create a CCM connector for each cluster?

Yes, you need to create a CCM Kubernetes connector for each cluster.

Do I require a Delegate in order to connect to Kubernetes?

Yes, you need the Delegate to get started with Kubernetes clusters.

Do I need to ensure the metrics server is installed only for EKS?

Yes. For GKE and AKS it is installed by default.

General

Can I create a cloud cost connector at the Project level in Harness?

No. CCM connectors are available only at the Account level in Harness. Connectors have 3 features ( Visibility, Inventory, Auto Stopping )Selecting at least one feature is mandatory to create a connector.

Does CCM take AWS RI purchases into account?

Yes, the data from your CUR is read which is the source of truth on how you are billed monthly.

Does CCM take into account custom discounts, rewards, or credits?

Yes, if they are part of your billing.

I do not see hourly options when I set a date range beyond seven days?

Hourly granularity can be accessed only for the last 7 days.

I have an AWS connector as well as a K8S connector. My cluster data is still not available after a few hours of waiting?

In order to true up costs for K8S, we wait until CUR data is also available. If even after 24 hours data is not available, contact Harness Support.

Are connectors shared across FirstGen and NextGen?

No, you will have to create connectors separately for the FirstGen and NextGen.

I added a CCM connector in the FirstGen. Will I be able to see the data in NextGen and vice-versa?

Yes, you can view your cloud cost data across the FirstGen and NextGen.

What is the limit on connectors setup per account?

Currently, there is no limit to the number of connectors set up per account.

Can I have the same connector (AWS/GCP/Azure) in FirstGen and NextGen?

There is no restriction, but Harness recommends avoiding having the same connectors in FirstGen and NextGen.

How often do we ingest AWS EC2/EBS metrics?

All inventory metrics are pulled in every hour

What is the data retention policy in CCM?

CCM has a data retention policy per edition. After this period, the data is cleared out and no longer available.

Free

Team

Enterprise

1 month

5 Years

5 Years

The hourly granularity of cluster data is retained for 14 days, post that CCM retains daily granularity of the data.

On-Prem

Does CCM support On-Prem platform installations?

Currently, not. Harness is working on providing this functionality.

Efficiency Score

Is the efficiency score configurable? Why not?

Efficiency score is not configurable at the moment. The efficiency score objectively represents how well your cluster resources are utilized.

5% buffer of the total cost is allowed while computing the unallocated resources and 30% for idle resources. A baseline of 65% is defined for utilized resources. So your utilization need not be at the capacity to get a perfect score.

Does the efficiency score take into account overall cloud costs? How is it computed?

It takes only the cluster resources into account and not the overall cloud costs. Efficiency score is derived from the total and idle (and or unallocated) spend of your resources.

Workload Recommendations

How often do you generate recommendations?

New Recommendations are generated daily and existing recommendations are updated as per the latest utilization trends.

We only show recommendations that have been updated within the last 72 hours. What could be the reason for this?

Workloads that had not been updated in the last 72 hours were stopped/killed. As a result, no recommendations are generated.

How are recommendations calculated when the resource requests and limits are not configured?

The recommended resource is based purely on the utilization metrics pulled from the metrics server. Therefore, it doesn’t make a difference whether or not the resource requests and limits are configured.

Do recommendations take burst of CPU into consideration?

Yes, we collect metrics data every minute, and the data sent by the metrics server is the average of the last one-minute window for any container.

What if there are multiple containers inside the Pod?

We will get separate recommendations for these individual containers. The recommendations are computed at the container’s level and not at the Pod’s level.

Perspectives

What is the limit to the number of Perspectives that I can create in an account?

You can create up to 250 Perspectives in an account. See Create Cost Perspectives.

Will I be able to see tags in Perspectives?

CCM unifies tags in AWS/GCP/Azure as labels in Perspectives.

Can Perspectives be shared across FirstGen and NextGen?

Yes, you can view the data across the FirstGen and NextGen.

Budgets and Reports

When will I receive notifications for the alerts that I’ve configured in my budgets?

Notifications are sent out daily at 2.30 p.m. GMT. The budget alerts are sent out when the cost of your budget has crossed the configured threshold.

I created a budget and set the budget amount less than the spend of the current period. Why didn’t I get a notification immediately?

The budget alerts are sent out daily at 2.30 p.m. GMT.

What is the limit on a budget setup per Perspective?

No limit as of now.

AutoStopping Rules

This section addresses some frequently asked questions about Harness intelligent cloud AutoStopping Rules.

General

What are the supported cloud services that AutoStopping works with? 

We continuously update the list of services that work with AutoStopping. Here is the current list of supported services across the cloud. For more information, see Non-Cluster support and Cluster Support.

Cloud Provider

AutoStopping - Supported Services

AWS

EC2

AutoScaling Groups

Kubernetes Clusters (EKS)

ECS Service

RDS Instances

Azure

Virtual Machines (On-demand)

Kubernetes Clusters (AKS)

GCP

Google Compute Engine (GCE) VMs

Kubernetes Clusters (GKE)

How does AutoStopping add value to the Autoscaling that we already have in place?
  • AutoStopping operates on real-time traffic rather than just CPU/memory, which is not a good indicator of activity/usage. Certain applications, such as those written in Java, consume CPU and memory even when no user requests are being served. 
  • AutoStopping can scale down the entire task count to zero and start them when new requests come in. While auto-scaling can only scale down the entire active tasks to a minimum task count for that service (min count cannot be zero).
    • At scale, the cost of leaving even a single task running per service adds up.
    • In the case of the EKS/Kubernetes Cluster, for example, if AutoStopping reduces the number of pods running to zero, auto-scaling will remove that specific node from the cluster. Both can co-exist. 
  • AutoStopping allows you to define dependencies between services.
    • Dependant services or resources that do not directly receive traffic can also be completely scaled down to zero or shut down based on traffic received at any endpoint, significantly increasing overall cost savings; this is not possible with only native autoscaling. For example, ECS service with an RDS database in the same or different cluster.
How does AutoStopping work with on-demand load tests and off-shift/late-shift developers? How can they trigger load tests on a stopped resource?
  • AutoStopping will function with real-time requests for on-demand load tests as long as the traffic is HTTP-based; when new requests come, AutoStopping will warm up the necessary services in real-time.
  • There are two options for late-shift developers:
    • If you know the exact schedule ahead of time, you can use Fixed Schedules to keep the service running during that time.
    • If the exact duration is unknown:
      • You can use ECG/heartbeat agent to keep the services up as long as needed by detecting process liveliness or HTTP endpoints that can report the progress of the workers.
      • Alternatively, you can use our API support to notify of service activity/idleness.
Can I shut down entire clusters more easily than creating one rule per service?

Yes, you can use schedules to shut down the entire ECS cluster in fixed windows of time. See Fixed Schedules.

AWS

How do AutoStopping Rules access the AWS VMs?

The VMs can be accessed using any of the following methods:

  • DNS Link
  • SSH/RDP

For more information, see Setup Access Using DNS Link and Setup Access Using SSH/RDP.

Do AutoStopping Rules need a load balancer like Application Load Balancer (ALB) for non-prod workloads?

Yes, you need to create an Application Load Balancer (ALB) for AWS. See Create an Application Load Balancer for AWS.

Can I use Route 53 as my DNS provider?

You can use Amazon Route 53 as the DNS service for your domain, such as example.com. When Route 53 is your DNS service, it routes internet traffic to your website by translating friendly domain names (such as www.example.com) into the numeric IP addresses (such as 192.0.2.1) that computers use to connect to each other. See Configure DNS Using Route 53.

Can I use AutoStoping Rules to manage my resources hosted in the AWS GovCloud?

Currently, the resources hosted in the AWS GovCloud regions cannot be managed using AutoStopping Rules.

How AutoStopping Rules can help when I shut down my VMs during non-working hours?

You can run non-production workloads on fully-orchestrated spot instances and turn them off whenever idle, saving on cloud costs to the most granular extent possible. It’s a dynamic solution to a pressing customer problem or set of them. In particular, Cloud AutoStopping enables customers to solve the following use cases:

  • Automatically detect idle times and shut down (on-demand) or terminate (spot) resources.
  • Automatically restart resources whenever there is a traffic or usage request.
  • Stopped/terminated machines are always accessible using the same access patterns that the team is used to – DNS link, SSH, RDP, and background tasks.
  • Enable running workloads on fully-orchestrated spot instances without worrying about spot interruptions.

Together, this helps customers achieve savings that are 2-3x that of any static resource scheduler, with none of the access issues. It also significantly reduces the barrier to adoption across an organization.

How AutoStopping Rules can help when I am using Amazon EC2 Reserved Instances (RIs) for non-prod workloads?

Using AutoStopping with either on-demand instances or spot instances will result in 70%+ savings without any long-term commitments or upfront payments. With RIs, you can save up to ~ 60-65% (lower savings) and you have long-term (1-3yrs+) commitments and upfront payments (for highest savings). So it is beneficial to release RIs and use AutoStopping with on-demand or spot.

How spot instance interruptions are handled?

In the event of spot interruption, an alternate spot instance is provisioned. In case there is no alternate spot available we fall back to on-demand and continue to poll for spot capacity. Once a spot capacity is available, we do a reverse fall-back from on-demand to spot.

All this is automated, with no manual intervention. See Review: How Spot Orchestration Works?.

I do not use Application Load Balancer. Can I still create AutoStopping Rules? 

No. An Application Load Balancer is needed for AutoStopping to work on AWS. See Create an Application Load Balancer for AWS.

I have an application running on EC2 and it has a dependency on theRDS instance. Can AutoStopping work when such dependencies exist?

Yes. AutoStopping supports dependency rules to monitor for traffic and can automatically shut down and start both the resources/services.

Azure

How do AutoStopping Rules access the AWS VMs?

The VMs can be accessed using any of the following methods:

  • DNS Link
  • SSH/RDP
Do AutoStopping Rules need an Application Gateway or Azure Web Application Firewall (WAF) for non-prod workloads?

Yes, you need to create an Application Gateway for Azure. See Create an Application Gateway for Azure.

How AutoStopping Rules can help when I shut down my VMs during non-working hours?

You can run non-production workloads on fully-orchestrated spot instances and turn them off whenever idle, saving on cloud costs to the most granular extent possible. It’s a dynamic solution to a pressing customer problem or set of them. In particular, Cloud AutoStopping enables customers to solve the following use cases:

  • Automatically detect idle times and shut down (on-demand) or terminate (spot) resources.
  • Automatically restart resources whenever there is a traffic or usage request.
  • Stopped/terminated machines are always accessible using the same access patterns that the team is used to – DNS link, SSH, RDP, and background tasks.
  • Enable running workloads on fully-orchestrated spot instances without worrying about spot interruptions.

Together, this helps customers achieve savings that are 2-3x that of any static resource scheduler, with none of the access issues. It also significantly reduces the barrier to adoption across an organization.

Can I use a front door designer with backend pools as a load balancer? Will AutoStopping Rules work?

No. Currently, an Application Gateway is required for Azure AS to work. See Create an Application Gateway for Azure.

GCP

Can I use a native GCP HTTP(s) load balancer for AutoStopping in GCP?

No. Currently, only a custom load balancer is supported as the GCP load balancer is in Beta. It is also cost-effective to use a custom load balancer as it is not limited by the number of rules that can be configured.

Which custom load balancer is used in GCP?

Envoy is the custom load balancer that is preferred. See Create a Custom Load Balancer for GCP.


Please Provide Feedback