env0 will assume an AWS IAM Role in your account, in order to query AWS's billing API.
Read more about cross account role delegation.
To begin, log in to your AWS Console, and select the Identity and Access Management (IAM) service.
Create an AWS IAM Policy
- Click on Policies -> Create Policy
- Select the Cost Explorer Service
- Select the
GetCostAndUsageAction - Choose a name for your policy and save it.
Create an AWS IAM Role
- Click on Roles -> Create Role
- Under type of trusted entity select
Another AWS Account - Under Account ID enter
913128560467 - Select
**Require external ID** - Enter an External ID of your choosing - consider this like a password env0 will use in order to assume the role.
- Click Next:Permissions
- Select the policy you created in step 2.
- Click Next:Tags
- Add the Key
env0_environment_idand the Keyenv0_project_id. Values are not needed. - Click Next:Review
- Enter a name for the role, and click Create Role
- Click on the Role you just created - We will need the
Role ARNand theExternal IDin subsequent steps.
Enable User Defined Cost Allocation Tags
- Go to the "Billing" Service (Billing & Cost Management). You'll need to log into to the parent account, if you are using sub-accounts.
- Under the left side menu, click Cost allocation tags.
- Under the User-Defined Cost Allocation Tags section, check the checkboxes for the tag-keys
env0_environment_idandenv0_project_id. - Click Activate
- After this step, it can take up to 24 hours to see actual cost values in your environments.
Add Credentials to your Organization
- Under your Organization Settings, Select the Credentials tab
- Under Cost Credentials, click Add Credential
- Select the AWS Assumed Role type, and enter the
Role ARNandExternal IDfrom the previous step. - Click Add
Adding an AWS Cost Credential
Updated 3 months ago