Learn Harness' Key Concepts

Quickstarts

Supported Platforms and Technologies

How to Use Harness Docs

Harness FirstGen vs Harness NextGen

Harness On-Premise Overview

CI Pipeline Quickstart

Build and Push an Artifact

Build and Push to GCR

Upload Artifacts to JFrog

Set Up a Kubernetes Cluster Build Infrastructure

Define Kubernetes Cluster Build Infrastructure

Edit a CI Pipeline Codebase Configuration

Save Cache to S3

Restore Cache from S3

Save Cache to GCS

Restore Cache from GCS

Run a Script in a CI Stage

View Tests

Set up Test Intelligence

CI Stage Settings

Configure Service Dependency Step Settings

Run Step Settings

Plugin Step Settings

Build and Push to GCR Step Settings

Build and Push an Image to Docker Registry Step Settings

Build and Push to ECR Step Settings

Upload Artifacts to S3 Step Settings

Upload Artifacts to GCS Step Settings

Upload Artifacts to JFrog Artifactory Step Settings

Save Cache to GCS Step Settings

Save Cache to S3 Step Settings

Restore Cache from GCS Settings

Restore Cache from S3 Step Settings

Run Tests Step Settings

CI Cluster Requirement

CI Enterprise Concepts

Drone and Harness

Test Intelligence

Troubleshooting Continuous Integration (CI)

Continuous Integration (CI) FAQs

Kubernetes CD Quickstart

Helm CD Quickstart

Harness Argo CD GitOps Quickstart

Kustomize Quickstart

Add Kubernetes Manifests

Add Container Images as Artifacts for Kubernetes Deployments

Add and Override Values YAML Files

Pull an Image from a Private Registry for Kubernetes

Ignore a Manifest File During Deployment

Define Your Kubernetes Target Infrastructure

Create a Kubernetes Rolling Deployment

Create a Kubernetes Canary Deployment

Create a Kubernetes Blue Green Deployment

Deploy Manifests Separately using Apply Step

Scale Kubernetes Pods

Delete Kubernetes Resources

Add a Kubernetes Sidecar Container

Run Kubernetes Jobs

Deploy Helm Charts

Terraform How-tos

Provision Target Deployment Infra Dynamically with Terraform

Plan Terraform Provisioning with the Terraform Plan Step

Provision with the Terraform Apply Step

Remove Provisioned Infra with the Terraform Destroy Step

Rollback Provisioned Infra with the Terraform Rollback Step

Propagate and Override CD Services

Using Shell Scripts in CD Stages

Using Manual Harness Approval Steps in CD Stages

Create Jira Issues in CD Stages

Update Jira Issues in CD Stages

Using HTTP Requests in CD Pipelines

Add a Pipeline Notification Strategy

Synchronize Deployments using Barriers

Monitor Deployments and Services in CD Dashboards

Verify Deployments with the Verify Step

Verify Deployments with AppDynamics

Verify Deployment with Prometheus

Verify Deployments with Splunk

Verify Deployments with Google Cloud Operations

Verify Deployments with New Relic

Example Kubernetes Manifests using Go Templating

Kubernetes Releases and Versioning

Kubernetes Rollout Step

Canary Deployment Step

Canary Delete Step

What Can I Deploy in Kubernetes?

Kubernetes Rollback

Kubernetes Annotations and Labels

Kubernetes Apply Step

JSON and XML Functors

HTTP Step Reference

Run Steps in a Step Group

Shell Script Step Reference

Deployment Concepts and Strategies

Kubernetes Deployments Overview

Terraform Provisioning with Harness

Harness NextGen CD Video Summary

Getting Started with Feature Flags

Java Quickstart

Create a Feature Flag

Enable or Disable a Feature Flag

Edit and Delete a Feature Flag

Add Targets

Manage Target Groups

Manage Variations of the Feature Flag

Add Flag Prerequisites

Targeting Users with Flags

Add and Manage Access Control

View Activities of a Feature Flag

View Metrics

JavaScript SDK Reference

iOS SDK Reference

Android SDK Reference

Flutter SDK Reference

React Native SDK Reference

Java SDK Reference

Go SDK Reference

Node.js SDK Reference

.NET SDK Reference

Python SDK Reference

Communication Strategy Between SDKs and Harness Feature Flags

GDPR Compliance

Feature Flags Overview

Client-Side and Server-Side SDKs

SDK Version Policy

Harness Feature Flag FAQs

Set Up Cloud Cost Management for AWS

Set Up Cloud Cost Management for Azure

Set Up Cloud Cost Management for GCP

Set Up Cloud Cost Management for Kubernetes

Create an AWS Connector for AutoStopping Rules

Create an Azure Connector for AutoStopping Rules

Create a GCP Connector for AutoStopping Rules

Create a Kubernetes Connector for AutoStopping Rules

Create AutoStopping Rules for AWS

Create AutoStopping Rules for Azure

Create AutoStopping Rules for GCP

Create AutoStopping Rules for a Kubernetes Cluster

Create AutoStopping Rules for Terraform

Use AutoStopping Rules Dashboard

Create an Application Load Balancer for AWS

Create an Application Gateway for Azure

Analyze Cost for AWS Using Perspectives

Analyze Cost for Azure Using Perspectives

Analyze Cost for GCP Using Perspectives

Create Cost Perspectives

Optimize Kubernetes Costs with Workload Recommendations

Optimize Kubernetes Costs with Node Pool Recommendations

View AWS Cost Dashboard

View AWS Reservation Efficiency Dashboard

View Azure Cost Dashboard

View Cluster Cost Dashboard

View GCP Cost Dashboard

View Multi-cloud Cost Overview Dashboard

Orphaned EBS Volumes and Snapshots Dashboard

View AWS EC2 Instance Metrics Dashboard

View AWS EC2 Inventory Cost Dashboard

Manage Access Control for CCM Dashboards

Cloud Cost Management Overview

AutoStopping Rules Overview

Key Cloud Cost Concepts

Cloud Cost Management FAQs

AutoStopping Rules FAQs

Harness YAML Quickstart

Harness Git Experience Quickstart

API Quickstart

Create Organizations and Projects

Install a Kubernetes Delegate

Select Delegates with Tags

Run Scripts on Delegates using Delegate Configurations

Scope Harness Delegates to Environments

Configure Delegate Proxy Settings

Connect to a Cloud Provider

Add a Kubernetes Cluster Connector

Add an AWS Connector

Add a Google Cloud Platform (GCP) Connector

Connect to an Artifact Repo

Connect to a Git Repo

Use a GitHub App in a GitHub Connector

Connect to Jira

Connect to Monitoring and Logging Systems

Create a Connector using YAML

Add Text Secrets

Add File Secrets

Add a HashiCorp Vault Secrets Manager

Add an Azure Key Vault Secrets Manager

Add an AWS Secret Manager

Add a Secrets Manager

Add an AWS KMS Secrets Manager

Add SSH Keys

Add and Manage User Groups

Add and Manage Users

Add and Manage Roles

Add and Manage Resource Groups

Set Up RBAC for Pipelines

Set Up RBAC for Shared Secrets and Connectors

Add and Manage Service Account

Two-Factor Authentication

Single Sign-On (SSO) with SAML

Single Sign-On (SSO) with OAuth

Add and Manage API Keys

Add a Stage

Define a Failure Strategy on Stages and Steps

Run Pipelines using Input Sets and Overlays

Searching the Console View

Adding Jira Approval Stages and Steps

Using Manual Harness Approval Stages

Schedule Pipelines using Triggers

Trigger Pipelines using Git Events

Git Experience How-tos

Add Source Code Managers

Enable Git Experience in a Project

Manage Pipelines in Git Repos

Manage Project Resources in Git Repos

Manage Input Sets and Overlays in Git Repos

Add Folders to Existing Git Experience Repos

Create Dashboards

Schedule and Share Dashboards

Create Visualizations and Graphs

Download Dashboard Data

Use Dashboard Actions

Create Conditional Alerts

Send Notifications Using Slack

Send Notifications to Microsoft Teams

Harness Entity Reference

Entity Identifier Reference

Entity Retention Policy

Entity Deletion Reference

Tags Reference

Delegate Requirements and Limitations

Permissions and Ports for Harness Connections

Common Delegate Configuration Scripts

Step and Stage Failure Strategy References

Stage and Step Conditional Execution Settings

Triggers Reference

YAML Reference: Pipelines

Built-in Harness Variables Reference

GitLab Connector Settings Reference

Bitbucket Connector Settings Reference

AWS CodeCommit Connector Settings Reference

Git Connector Settings Reference

GitHub Connector Settings Reference

AWS Connector Settings Reference

Kubernetes Cluster Connector Settings Reference

Google Cloud Platform (GCP) Connector Settings Reference

HTTP Helm Repo Connector Settings Reference

Artifactory Connector Settings Reference

Nexus Connector Settings Reference

Docker Connector Settings Reference

Jira Connector Settings Reference

API Permissions Reference

Permissions Reference

Source Code Manager Settings

Projects and Organizations

Delegates Overview

Delegate Installation Overview

Harness Secrets Management Overview

Access Management (RBAC) Overview

Fixed Values, Runtime Inputs, and Expressions

Input Sets and Overlays

Authentication Overview

Harness Git Experience Overview

Harness NextGen Continuous Verification Coming Soon

Kubernetes Cluster On-Prem: Infrastructure Requirements

Kubernetes Cluster On-Prem: Kubernetes Cluster Setup

Harness On-Prem Support Policy for Kubernetes

Kubernetes Cluster On-Prem: Add Ingress Controller Service Annotations

Virtual Machine On-Prem: Infrastructure Requirements

Virtual Machine On-Prem: Installation Guide

Virtual Machine On-Prem: Backup and Recovery

Harness On-Prem Release Notes 2021

All Categories > Cloud Cost Management > CCM How-tos > Set Up Cloud Cost Management > Set Up Cloud Cost Management for AWS

Set Up Cloud Cost Management for AWS

Updated 2 weeks ago by Archana Singh

Before You Begin
Review: AWS Connector Requirements
Review: Cost and Usage Reports (CUR) and CCM Requirements
Review: AWS Access Permissions
Step: Connect CCM to AWS Cloud Provider
Next Steps

Harness Cloud Cost Management (CCM) monitors and provides visibility into the cloud costs of your Amazon Web Services (AWS) across your cloud infrastructure and AWS services, such as EC2, S3, RDS, Lambda, and so on. CCM also allows you to optimize your instances, auto-scaling groups (ASGs), and EKS clusters using intelligent cloud AutoStopping rules.

You can set up CCM for your AWS resources, in a simple two-step process:

Create a Cost and Usage Report (CUR). Harness CCM uses a secure, cross-account role with a restricted policy to access the cost and usage reports and resources for cost analysis.

Create a Cloudformation stack to provision IAM Roles and corresponding policies to grant access for the required features. CCM offers the following features:

Cost Visibility (Required)

This feature is available by default and requires access to the CUR report. Provides the following capabilities:

Insights into AWS costs by services, accounts, etc.
Root cost analysis using cost perspectives
Cost anomaly detection
Governance using budgets and forecasts
Alert users using Email and Slack notification

AWS ECS and Resource Inventory Management (Optional)

This feature provides visibility into your EC2, EBS volumes, and ECS costs. The insights provided by inventory management can be consumed by Finance teams to understand the resource utilization across the board.

Breakdown by ECS cluster cost, Service, Task, Launch Type (EC2, Fargate)
Insight into EC2 instances and their utilization
Access to AWS EC2 Inventory Cost and EBS Volumes and Snapshots inventory dashboards. For more information, see View AWS EC2 Inventory Cost Dashboard, Orphaned EBS Volumes and Snapshots Dashboard, and View AWS EC2 Instance Metrics Dashboard.

AWS resource optimization using AutoStopping rules (Optional)

This feature allows you to enable Intelligent Cloud AutoStopping for your AWS instances and auto-scaling groups. For more information, see Create AutoStopping Rules for AWS.

Orchestrate VMs and ASGs based on idleness
Run your workloads on fully orchestrated spot instances
Provides Granular savings visibility

Cloudformation template has policies corresponding to all the permissions (Visibility, Inventory, and Optimization). However, it is important to note that the permissions (policies) of the selected features will only be applied.

After enabling CCM, it takes about 24 hours for the data to be available for viewing and analysis.

In this topic:

Before You Begin

Review: AWS Connector Requirements

For CCM, AWS connectors are available only at the Account level in Harness.
You can create an AWS connector in the master or linked account. CCM requires one connector per AWS account (master or linked).

Review: Cost and Usage Reports (CUR) and CCM Requirements

If you have a consolidated billing process enabled, then CCM needs read-only access to the cost and usage reports (CUR) stored in the S3 bucket in the master or payer account. This gives access to the cost data for all the accounts (linked/member) in the organization.
If you don't have consolidated billing enabled at the organization level then you can create the CUR at a linked account level.
If you have provided CUR access to the master account then you do not need to provide billing details for each linked account. CCM requires one connector per AWS account (master or linked).

It is recommended to create a CUR at the master account to avoid the CUR creation step for each linked account.
If you do not have access to the master account, you can create an AWS connector in the linked account for which you have the required access.
If you have created a billing report for your AWS account ID once then you can use the same CUR again for the AWS connector. You do not need to create CUR again for the same account.

Review: AWS Access Permissions

CCM requires the following permissions:

Cost Visibility

The cost visibility policy performs the following actions:

List CUR reports and visibility into the organization Structure
Get objects from the S3 bucket configured in the CUR

Put objects into Harness S3 bucket

  HarnessBillingMonitoringPolicy:
    Type: 'AWS::IAM::ManagedPolicy'
    Condition: CreatingHarnessBillingMonitoringPolicy
    Properties:
      Description: Policy granting Harness Access to Collect Billing Data  
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Action:
              - 's3:GetBucketLocation'
              - 's3:ListBucket'
              - 's3:GetObject'
            Resource:
              - !Join
                - ''
                - - 'arn:aws:s3:::'
                  - !Ref BucketName
              - !Join 
                - /
                - - !Join
                    - ''
                    - - 'arn:aws:s3:::'
                      - !Ref BucketName
                  - '*'
          - Effect: Allow
            Action:
              - 's3:ListBucket'
              - 's3:PutObject'
              - 's3:PutObjectAcl'
            Resource:
              - 'arn:aws:s3:::ce-customer-billing-data-prod*'
              - 'arn:aws:s3:::ce-customer-billing-data-prod*/*'
          - Effect: Allow
            Action: 
              - 'cur:DescribeReportDefinitions'
              - 'organizations:Describe*'
              - 'organizations:List*'
            Resource: "*"
      Roles:
        - !Ref HarnessCloudFormationRole

AWS ECS and Resource Inventory Management

The inventory management policy performs the following actions:

ECS Visibility - For Granular Cluster Cost Breakdown

EC2, EBS Visibility - Inventory Management

HarnessEventsMonitoringPolicy:
    Type: 'AWS::IAM::ManagedPolicy'
    Condition: CreateHarnessEventsMonitoringPolicy
    Properties:
      Description: Policy granting Harness Access to Enable Event Collection
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Action:
                - 'ecs:ListClusters*'
                - 'ecs:ListServices'
                - 'ecs:DescribeServices'
                - 'ecs:DescribeContainerInstances'
                - 'ecs:ListTasks'
                - 'ecs:ListContainerInstances'
                - 'ecs:DescribeTasks'
                - 'ec2:DescribeInstances*'
                - 'ec2:DescribeRegions'
                - 'cloudwatch:GetMetricData'
                - 'ec2:DescribeVolumes'
                - 'ec2:DescribeSnapshots'              
            Resource: '*'
      Roles:
        - !Ref HarnessCloudFormationRole

AWS Resource Optimization Using AutoStopping Rules

The AutoStopping policy performs the following actions:

Create an IAM role for optimization

Permissions for creating AutoStopping Rules

 HarnessOptimizationLambdaExecutionRole:
    Type: 'AWS::IAM::Role'
    Condition: CreateHarnessOptimisationPolicy
    Properties:
      RoleName: !Ref LambdaExecutionRoleName
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service: "lambda.amazonaws.com"
            Action: 'sts:AssumeRole'
      Path: /ce-optimization-service-role/

HarnessOptimsationLambdaPolicy:
    Type: 'AWS::IAM::ManagedPolicy'
    Condition: CreateHarnessOptimisationPolicy
    Properties:
      Description: Policy granting Harness Access to Enable Cost Optimisation
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Action:
              - 'ec2:CreateNetworkInterface'
              - 'ec2:CreateNetworkInsightsPath'
              - 'ec2:CreateNetworkInterfacePermission'
              - 'ec2:CreateNetworkAcl'
              - 'ec2:*'
              - 'ec2:CreateNetworkAclEntry'
              - 'logs:CreateLogGroup'
              - 'logs:CreateLogStream'
              - 'logs:PutLogEvents'
            Resource: "*"
      Roles:
        - !Ref HarnessOptimizationLambdaExecutionRole

HarnessOptimisationPolicy:
    Type: 'AWS::IAM::ManagedPolicy'
    Condition: CreateHarnessOptimisationPolicy
    Properties:
      Description: Policy granting Harness Access to Enable Cost Optimisation
      PolicyDocument:
        Version: 2012-10-17
        Statement:
              - Effect: Allow
                Action:
                  - elasticloadbalancing:*
                  - ec2:StopInstances
                  - autoscaling:*
                  - ec2:Describe*
                  - iam:CreateServiceLinkedRole
                  - iam:ListInstanceProfiles
                  - iam:ListInstanceProfilesForRole
                  - iam:AddRoleToInstanceProfile
                  - iam:PassRole
                  - ec2:StartInstances
                  - ec2:*
                  - iam:GetUser
                  - ec2:ModifyInstanceAttribute
                  - iam:ListRoles
                  - acm:ListCertificates
                  - lambda:*
                  - cloudwatch:ListMetrics
                  - cloudwatch:GetMetricData
                  - route53:GetHostedZone
                  - route53:ListHostedZones
                  - route53:ListHostedZonesByName
                  - route53:ChangeResourceRecordSets
                  - route53:ListResourceRecordSets
                  - route53:GetHealthCheck
                  - route53:GetHealthCheckStatus
                  - cloudwatch:GetMetricStatistics
                Resource: "*"
      Roles:
        - !Ref HarnessCloudFormationRole

Step: Connect CCM to AWS Cloud Provider

To enable CCM for your AWS services (such as EC2, S3, RDS, Lambda, and so on), you simply need to connect Harness to your AWS accounts.

Perform the following steps to connect CCM to the AWS cloud provider.

Step 1: Overview

In Account Setup, in Account Resources, click Connectors.
In Connectors, click + Connector.
In Cloud Costs, click AWS.
In AWS Connector, in Overview, enter the Connector Name. The name will appear in CCM Perspectives to identify this cloud provider.
In Specify the AWS account ID, enter your AWS account ID and click Continue. To find your AWS account ID, see Finding your AWS account ID.

Step 2: Cost and Usage Report

Cost and Usage Report (CUR) provides detailed billing data across AWS accounts to help you analyze your spending. You need to enter the cost and usage report name and cost and usage S3 bucket name in Harness. To get these details, do the following:

In Cost and Usage Report, click Launch AWS console to log into your AWS account.
In AWS Cost and Usage Reports, click Create Report.
Enter the Report Name. This is the CUR name that you need to enter in Harness.
In Additional report details, select the checkbox Include resource IDs to include the IDs of each individual resource in the report.
In Data refresh settings, select the checkbox Automatically refresh your Cost & Usage Report when charges are detected for previous months with closed bills.
Click Next.

When you are done with the Report content step, it will look something like this:
In the S3 bucket, click Configure.
In Configure S3 Bucket, in Create a bucket, enter the S3 bucket name. This is the cost and usage S3 bucket name that you need to enter in Harness. For more information on S3 bucket naming requirements, see Amazon S3 Bucket Naming Requirements.
Select Region from the drop-down list and click Next. It is recommended to select US East (N. Virginia).
In Verify policy, select the checkbox I have confirmed that this policy is correct and click Save.
Enter the report path prefix that you want to be prepended to the name of your report.
Select Hourly in Time granularity.
Select Overwrite Existing Report in Report versioning.
Do not select any value in Enable report data integration for.
Select GZIP in the Compression type.
Click Next.

When you are done with the Delivery options step, it will look something like this:
Review your report details and click Review and Complete.
Your report is listed in AWS Cost and Usage Reports.
Enter the Cost and Usage Report Name (as entered in step 3) and Cost and Usage S3 Bucket Name (as entered in step 8) in Harness.

Step 3: Select Features

Select the Cloud Cost Management features that you would like to use on your AWS account. Based on your selection Harness requires specific permissions for the cross-account role. See Review: AWS Access Permissions.

CCM offers the following features:

Cost Visibility (Required)

This feature is available by default and requires access to the CUR report. Provides the following capabilities:

Insights into AWS costs by services, accounts, etc.
Root cost analysis using cost perspectives
Cost anomaly detection
Governance using budgets and forecasts
Alert users using Email and Slack notification

AWS ECS and Resource Inventory Management (Optional)

Breakdown by ECS cluster cost, Service, Task, Launch Type (EC2, Fargate)
Insight into EC2 instances and their utilization
Access to AWS EC2 Inventory Cost and EBS Volumes and Snapshots inventory dashboards. For more information, see View AWS EC2 Inventory Cost Dashboard, Orphaned EBS Volumes and Snapshots Dashboard, and View AWS EC2 Instance Metrics Dashboard.

AWS resource optimization using AutoStopping rules (Optional)

This feature allows you to enable Intelligent Cloud AutoStopping for your AWS instances and auto-scaling groups. For more information, see Create AutoStopping Rules for AWS.

Orchestrate VMs and ASGs based on idleness
Run your workloads on fully orchestrated spot instances
Granular savings visibility

Make your selection and click Continue.

Step 4: Create Cross-Account Role

Harness uses the secure cross-account role to access your AWS account. The role includes a restricted policy to access the cost and usage reports and resources for the sole purpose of cost analysis and cost optimization.

In Create Cross Account Role, click Launch Template in AWS console.
In Quick create stack, in Capabilities, select the acknowledgment, and click Create stack.
It is recommended that you do not modify any value in the Quick create stack page.

The value for BillingEnabled, EventsEnabled, and OptimizationEnabled varies depending on the features that you have selected in the Select Features step.
In the Stacks page, from the Outputs tab copy the Value of CrossAccountRoleArn Key.
In Role ARN, enter the Cross-Account Role ARN that you copied from the Outputs tab (previous step) in Harness.
The External ID is generated dynamically for your account. For example, harness:111111111111:lnFZRF6jQO6tQnB9xxXXXx .
Do not modify the value of External ID.
Click Save and Continue.

Step 5: Test Connection

The validation and verification happen in this step. Once the validation and verification are completed, click Finish.

Your connector is now listed in the Connectors.

Set Up Cloud Cost Management for AWS

Before You Begin

Review: AWS Connector Requirements

Review: Cost and Usage Reports (CUR) and CCM Requirements

Review: AWS Access Permissions

Cost Visibility

AWS ECS and Resource Inventory Management

AWS Resource Optimization Using AutoStopping Rules

Step: Connect CCM to AWS Cloud Provider

Step 1: Overview

Step 2: Cost and Usage Report

Step 3: Select Features

Step 4: Create Cross-Account Role

Step 5: Test Connection

Next Steps

Please Provide Feedback

People also searched for Set Up Cloud Cost Management for Azure Set Up Cloud Cost Management for GCP Set Up Cloud Cost Management for Kubernetes

Contact

People also searched for

Set Up Cloud Cost Management for Azure

Set Up Cloud Cost Management for GCP

Set Up Cloud Cost Management for Kubernetes