stackoom
  简体   繁体   中英

AWS Grafana/CloudWatch - How to show Bill by accountId

 原文  2020-09-02 05:04:41       amazon-web-services/ grafana/ amazon-cloudwatch

Question

I am trying to create a dashboard for billing under our AWS. Our AWS set up is as such:

masterAccount //access to all sub AWS account's billing info
  subAccount1
  subAccount2 //this is where Grafana is running

I have the data source from the masterAccount, which is a cloudwatchReadOnly access and have set it up the the assumeRole works from subAccount2, where Grafana is running.

I get the data as below (sensitive data, so had to cover it out):

在此处输入图像描述

However, what I am looking for is to grab the billing data from this data source but then, split it by the AWS accountId.

I don't know how to go about this at all. Very new to Grafana. Thanks in advance!

3 answers

solution1
 1  2020-09-02 06:56:23

Create Grafana CloudWatch datasource for each sub account and then make query for each sub account/datasource.

solution2
 1  2020-11-27 17:32:34

In the query settings you can choose LinkedAccount=* as dimension. Than the graph shows the whole list of the linked accounts of the master account.

在此处输入图像描述

solution3
 0 ACCPTED  2020-09-04 03:58:55

As Jan Garaj said, the way to go about this is to create multiple datasources and then, use them for different widgets. Each datasource is an ARN for the role you created in the subAccounts.

The instance profile attached to the EC2 instance:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": [
                "arn:aws:iam::subAccount1:role/roleName",
                "arn:aws:iam::subAccount2:role/roleName",
                "arn:aws:iam::subAccount3:role/roleName"
            ]
        }
    ]
}

With Trust Relationship as:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Then, on the subAccounts (subAccount1 as an example)

//AWS Created Policy
CloudWatchReadOnlyAccess

//With Trust Relationship
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com",
        "AWS": "arn:aws:iam::accountWhereEC2InstanceIsRunning:role/nameOfInstanceProfile"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Hope this comes in handy for someone.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Local time in AWS CloudWatch AWS-CloudWatch: InvalidSequenceTokenException How to use the --profile option with "aws logs" command for the CloudWatch Logs Agent? localstack Aws cloudwatch logs How to submit the simple log with AWS CloudWatch Logs from frontend? AWS Managed Grafana w/SSO - How to stay logged in for kiosk? AWS cloudwatch alerting poll API How can I read cloudwatch logs using `aws-sdk`in nodejs AWS Cloudwatch Agent config for sysmin log AWS CloudWatch Insights query field with hyphen in name
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM