You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The primary goal is to enable daily cost and usage reporting as well as optimization recommendations by granting appropriate access across your infrastructure.
Prerequisites
Before proceeding, ensure you have the following:
Role Required
Administrator of the Master account
Steps to Deploy CloudFormation
1. Use the Provided Link
Click the following link to set up the AWS Cost Control:
You already have a bucket with a daily Cost and Usage Report.
You are a Crayon AWS customer.
Select "Yes" if:
You do not have a bucket with daily cost and usage reports.
BucketName
If "No" was selected for AutoCreateReportAndBucket, enter the name of your specific bucket.
If "Yes" was selected, append your Account ID to the default bucket name prefix (crayon-finops-XXXXXXXXXXXX).
DeployReadOnlyAccessViaStackSet
This is required to read through the resources in each member account and identify any that are not being used.
Select "No" if:
You do not want to deploy read-only access to member accounts.
Select "Yes" if:
You want to deploy read-only access across all member accounts.
Ensure that CloudFormation StackSets are enabled, as described below.
Click here if you selected "Yes" for DeployReadOnlyAccessViaStackSet.
Enable Trusted Access for StackSets (If DeployReadOnlyAccessViaStackSet is "Yes")
Follow the steps below to enable trusted access using AWS Console:
Sign in to AWS as the administrator fo the managment account.
Open the AWS CloudFormation console.
In the navigation pane, choose StackSets.
If trusted access is disabled, a banner displays the prompts to enable trusted access. click the Enable trusted access banner.
After successful enabling, a confirmation banner will appear.
OrganizationUnitId
If "No" was selected for DeployReadOnlyAccessViaStackSet, leave this field blank.
If "Yes" was selected, enter the unique identifier (ID) for the root organizational unit (e.g., r-XXXX). A root is a top-level parent node in the hierarchy of an organization that contain organizational units (OUs) and accounts.
Step to Find AWS Root Account Id
Find AWS Root Account ID
To locate the root account ID:
Navigate to the top search bar and enter AWS Organizations And select AWS Organizations from the search results.
Within Organizations, you will find the Root Account. The root serves as the highest-level parent node in the organizational hierarchy, encompassing organizational units (OUs) and accounts.
Directly beneath the root account, you'll find the unique identifier (ID) for the root, and it should follow the format r-XXXX as demonstrated. Use this value as OrganizationalUnitId in CloudFormation parameter.
Enable Rightsizing Recommendations
You must enable Rightsizing Recommendations from the Payer Account's Cost Management Explorer preferences, as shown below.
Final Steps
Once the setup is complete, please send the following information to Crayon FinOps Team:
Master Account Id
Bucket Name
Conclusion
You have successfully completed the onboarding process for AWS Cost Control!
Version Information
Version: 1.0
Authors: Suman Bhushal
Company: Crayon
Feel free to reach out to the authors or the Crayon FinOps Team team for any assistance or feedback related to this.
