Setup AWS Costs

env0 will assume an AWS IAM Role in your account, in order to query AWS's billing API.
Read more about cross account role delegation.

To begin, log in to your AWS Console, and select the Identity and Access Management (IAM) service.

Create an AWS IAM Policy

  1. Click on Policies -> Create Policy
  2. Select the Cost Explorer Service
  3. Select the GetCostAndUsage Action
  4. Choose a name for your policy and save it.

Create an AWS IAM Role

  1. Click on Roles -> Create Role
  2. Under type of trusted entity select Another AWS Account
  3. Under Account ID enter 913128560467
  4. Select **Require external ID**
  5. Enter an External ID. The value Must be equal to your organization ID.
  6. Click Next:Permissions
  7. Select the policy you created in step 2.
  8. Click Next:Tags
  9. Click Next:Review
  10. Enter a name for the role, and click Create Role
  11. Click on the Role you just created - We will need the Role ARN in subsequent steps.

Enable User Defined Cost Allocation Tags

  1. Add the Tags called env0_environment_id and env0_project_id to some resource in your AWS account - Make sure that you add those tags to a resource that has some cost to it, for example an EC2 instance.
  2. Go to the "Billing" Service (Billing & Cost Management). You'll need to log into to the parent account, if you are using sub-accounts.
  3. Under the left side menu, click Cost allocation tags.
  4. Under the User-Defined Cost Allocation Tags section, check the checkboxes for the tag-keys env0_environment_id and env0_project_id. Pay attention that those tags might be available in Cost Allocation Tags only after a few days, usually it's 24 hours but we've seen cases where it took a week for them to show up.
  5. Click Activate



After this step, it can take up to 24 hours to see actual cost values in your environments.

Enable Hourly and Resource Level Data

  1. Go to the "Billing" Service (Billing & Cost Management). You'll need to log into to the parent account, if you are using sub-accounts.
  2. Under the left side menu, click Cost Explorer.
  3. Click on the Launch Cost Explorer button.
  4. In the Cost Explorer page on the left side menu click on Preferences.
  5. Under the Hourly and Resource Level Data enable the Hourly and Resource Level Data checkbox and save the changes.

Add Credentials to your Organization

  1. Under your Organization Settings, Select the Credentials tab
  2. Under Cost Credentials, click Add Credential
  3. Select the AWS Assumed Role type, and enter the Role ARN from the previous step. The External ID cannot be edited.
  4. Click Add
  5. Re-run the environments to apply the necessary tags.


Drift after re-running environments

Note that enabling costing introduces drift as new tags will be injected into your resources

Enable cost monitoring

  1. Go to the Project Settings of the desired project.
  2. Select the Credentials tab.
  3. Check the appropriate cloud provider checkbox, and select the credential you created in the steps above.
  4. Click Save.


Data visibility

Please note that after the configuration of cost monitoring is complete, a redeploy to the environments is needed, and once redeployed it can take 24-48 hours for data to show, depending on the cloud providerโ€™s cost exploration capabilities.