Configuring the Cloud Intelligence Dashboards
The Cloud Intelligence Dashboards are an open-source framework that provides customers with actionable insights and optimisation opportunities at scale within an organisation. These dashboards help organisations drive financial accountability, whilst helping them to optimise cost, track usage goals, and implement best-practices for governance.
The dashboards provided by this Solution have come from the GitHub Repository and provide a variety of Amazon QuickSight Dashboards to provide visibility over the spend in there AWS Accounts.
| Name | Description | Recommended Personas |
|---|---|---|
| Cost and Usage Dashboards Operation Solution (CUDOS) | Provides high level details and operational insights with the ability to drill down to resource level granularity. | Product Owners, Finance, FinOps, DevOps, Engineering |
| Cost Intelligence Dashboard | Provides the ability to help create the foundation for an organisation’s own cost management and optimisation (FinOps) tool. | Executives, Finance, Procurement |
| KPI and Modernisation Dashboard | Provides the ability to set and track modernisation and optimisation goals such as percent OnDemand, Spot adoption, and Graviton usage. | Product Owners, Finance, FinOps, DevOps, Engineering |
| Trusted Advisor Organisational Dashboard | Provides visibility for all cost optimisation opportunities and auto-identified idle resources together with highlighted by AWS Trusted Advisor risks and flagged resources across Security, Reliability and Performance pillars. | Product Owners, FinOps, DevOps, Engineering, SRE, Security |
| Compute Optimiser Dashboard | Provides the capability to visualise and trace right sizing recommendations from AWS Compute Optimizer and enabling customers identify cost savings opportunities for over provisioned resources and see the operational risk from under provisioned ones | Product Owners, FinOps, DevOps, Engineering |
| Cost Anomaly Dashboard | Provides the ability to track and visualise findings from AWS Cost Anomaly Detection. | Product Owners, FinOps, DevOps, Engineering |
| Trends Dashboard | Provides access to proactive trends, signals, insights, and anomalies to understand and analyse their AWS Cloud usage. | Executives, Finance, Procurement |
| Data Transfer Cost Analysis Dashboard | Provides insights into data transfer costs. | Product Owners, FinOps, DevOps, Engineering |
Architecture Overview
Pre-Requisites for the Solution
- Determine which AWS Account that you want to have the Amazon QuickSight Dashboards available within. Typically, I recommend using an account such as Shared-Services but this should not be the Management Account.
- In addition, when the Cloud Intelligence Dashboards are implemented into the Environment; Amazon QuickSight will be configured so that it is integrated directly with AWS IAM Identity Center and thereby enabling federation with the 3rd Party Identity Provider. As part of this integration, there is a dependency on 3 groups being established that exist in AWS IAM Identity Center. It’s recommended that these are provisioned in you Centralised Identity Provider and provisioned via SCIM into IAM Identity Center as follows:
- QuickSight-Admin: This will be used to provide group members with administrative access permissions to Amazon QuickSight and will provide the ability to manage all QuickSight resources like users, groups, data sources, datasets, analyses, dashboards etc.
- QuickSight-Author: This will be used to provide group members with the permissions to create, edit and view analyses and dashboards in Amazon QuickSight but will not allow administrative actions.
- QuickSight-Reader: This will be used to provide group members with limited read-only access to analyses and dashboards in Quicksight. This will allow the members to view and run existing analyses and dashboards but not create or modify any content.
Installation for the Solution
There are several steps that need to be carried out in order to get the Solution to deploy.
Create Cost and Usage Reports
- Deploy the following CloudFormation Template into the AWS Account that you have chosen in the Pre-Requisites Step 1. Update the Parameters below and leave all other values as they are:
| ParameterKey | Description | Value |
|---|---|---|
| Destination Account Id | The AWS Account Id where the Amazon QuickSight Dashboards will be deployed to. | The AWS Account Id where the Amazon QuickSight Dashboards will be deployed to. |
| CreateCUR | Whether you want the Cost & Usage Reports Deployed | False |
| Source Account Ids | A Comma Separated List of for Multiple Management Accounts | The AWS Account Id of the Management Account(s) you want aggregated in the Dashboards |
- Deploy the following CloudFormation Template into the Management Account. Update the Parameters below and leave all other values as they are:
| ParameterKey | Description | Value |
|---|---|---|
| Destination Account Id | The AWS Account Id where the Amazon QuickSight Dashboards will be deployed to. | The AWS Account Id where the Amazon QuickSight Dashboards will be deployed to. |
| CreateCUR | Whether you want the Cost & Usage Reports Deployed | True |
Once these 2 Templates have been deployed this will have deployed the an S3 Bucket in both of the Accounts. In the Management Account the S3 Bucket will be used for storing the AWS Cost and Usage Reports in and will also set up S3 Bucket Replication between the 2 AWS Accounts.
Note: Neither of the S3 Buckets will have an S3 Lifecycle Policy configured, but could be added easily enough based on the Clients needs.
We now need to wait at least 24 hours for the AWS Cost and Usage Reports to generate Data.
Grant Permissions for the Data Collection Resources
- Deploy the following CloudFormation Template into the Management Account. Update the Parameters below and leave all other values as they are:
| ParameterKey | Description | Value |
|---|---|---|
| CostAccountId | The AWS Account Id where the Amazon QuickSight Dashboards will be deployed to. | The AWS Account Id where the Amazon QuickSight Dashboards will be deployed to. |
- Deploy the following CloudFormation Template into the Management Account as a StackSet that Target the Root OU ID with the Deployment Region being set to the AWS Control Tower Home Region. Update the Parameters below and leave all other values as they are:
| ParameterKey | Description | Value |
|---|---|---|
| Cost Account Id | The AWS Account Id where the Amazon QuickSight Dashboards will be deployed to. | The AWS Account Id where the Amazon QuickSight Dashboards will be deployed to. |
| Include AWS Trusted Advisor Data Collection Module | This will deploy the required permissions for collecting AWS Trusted Advisor recommendations data | yes |
| Include Inventory Collector Module | This will deploy the required permissions for collecting data about AMIs, EBS volumes and snapshots | yes |
| Include ECS Chargeback Data Collection Module | This will deploy the required permissions for collecting data which shows costs associated with ECS Tasks leveraging EC2 instances within a Cluster | yes |
| Include RDS Utilisation Data Collection Module | This will deploy the required permissions for collecting RDS CloudWatch metrics from your accounts | yes |
| Include Budget Collection Module | This will deploy the required permissions for collecting budgets from your accounts | yes |
| Include Transit Gateway Module | This will deploy the required permissions for collecting Transit Gateway data from your accounts | yes |
Deploy the Data Collection Resources Required for all the Extra Dashboards Available
- Deploy the following CloudFormation Template into the AWS Account that you have chosen in the Pre-Requisites Step 1. Update the Parameters below and leave all other values as they are:
| ParameterKey | Description | Value |
|---|---|---|
| Comma Delimited list of Account IDs for all Management Account IDs | The AWS Account Id(s) of the Management Account(s) you want aggregated in the Dashboards | The AWS Account Id(s) of the Management Account(s) you want aggregated in the Dashboards |
| Include AWS Trusted Advisor Data Collection Module | This will deploy the required resources for collecting AWS Trusted Advisor recommendations data | yes |
| Include Rightsizing Recommendations Data Collection Module | This will deploy the required resources for collecting AWS Cost Explorer Rightsizing Recommendations | yes |
| Include Cost Anomalies Rightsizing Recommendations Data Collection Module | This will deploy the required resources for collecting AWS Cost Explorer Cost Anomalies Recommendations | yes |
| Include Inventory Collector Module | This will deploy the required resources for collecting data about AMIs, EBS volumes and snapshots | yes |
| Include AWS Compute Optimizer Data Collection Module | This will deploy the required resources for collecting AWS Compute Optimizer service recommendations | yes |
| Comma Delimited list of AWS regions where AWS Compute Optimizer data will be collected | Comma seperated list of AWS Regions for where data needs to be collected e.g., eu-west-1, us-east-1 | AWS Regions that are governed by AWS Control Tower or AWS Regions where resources have been deployed |
| Include ECS Chargeback Data Collection Module | This will deploy the required resources for collecting data which shows costs associated with ECS Tasks leveraging EC2 instances within a Cluster | yes |
| Include RDS Utilisation Data Collection Module | This will deploy the required resources for collecting RDS CloudWatch metrics from your accounts | yes |
| Include AWS Organization Data Collection Module | This will deploy the required resources for collecting AWS Organizations data such as account Id, account name, organization parent and specified tags | yes |
| Include Transit Gateway Module | This will deploy the required resources for collecting Transit Gateway data from your accounts | yes |
| Include Budget Collection Module | This will deploy the required resources for collecting budgets from your accounts | yes |
- In the Management Account, ensure that you have enable Cost Anomaly Detection and Rightsizing Recommendations within AWS Cost Management.
- In the Management Account, ensure that you have enabled AWS Compute Optimiser for integration with AWS Organizations.
Note: Following the enablement of Cost Anomaly Detection, Rightsizing Recommendations and Compute Optimiser, this will take at least 24 hours for data to be generated.
Deploy the Dashboards
-
In the AWS Account that you have chosen in the Pre-Requisites Step 1, log in to Amazon QuickSight.
- You will be asked to Sign up before you will be able to use it
- After pressing the Sign up button you will be presented with 2 options, ensure you select the Enterprise Edition during this step
- Select Continue and you will be presented with an option to add Paginated Reports. Choose No, Maybe Later.
- You’ll then need to fill in a series of options in order to finish creating your account. Please select the appropriate Authentication method
- Ensure you select the Region that is most appropriate based on where you plan to deploy the dashboards
- Enter a name for your QuickSight account. This must be unique across all QuickSight accounts.
- Enter an email address for notifications to be sent to. This email will be linked to your QuickSight user account so it can be your email.
- Click Select S3 buckets and choose your Cost & Usage Reports Bucket (e.g., cid-[AWS Account Id that you have chosen in the Pre-Requisites Step 1]-shared)
- Click Finish and wait for the congratulations screen to display
-
Deploy the following CloudFormation Template into the AWS Account that you have chosen in the Pre-Requisites Step 1. Update the Parameters below and leave all other values as they are:
| ParameterKey | Description | Value |
|---|---|---|
| I have enabled QuickSight Enterprise Edition AND I have a SPICE capacity in the current region | Confirmation that Amazon QuickSight has been enabled and configured within the AWS Account | yes |
| I understand that I need to manually give Permission to QuickSight to access CUR bucket and Query results bucket. Then manually refresh datasets after deploying this CFN | Confirmation that the Actions in Step 9 have been completed | yes |
| User name of QuickSight user (as displayed in QuickSight admin panel). Dashboards created by this template will be owned by this user | See here | A Valid Username within Amazon QuickSight |
| Path to Cost and Usage report | The S3 path to the bucket created by Step 1 | s3://cid-[AWS Account Id that you have chosen in the Pre-Requisites Step 1]-shared/cur/ |
| Deploy CUDOS Dashboard | Deploy CUDOS Dashboard | yes |
| Deploy CostIntelligenceDashboard | Deploy Cost Intelligence Dashboard | yes |
| Deploy KPI Dashboard | Deploy KPI Dashboard | yes |
| Deploy TAO Dashboard | Deploy Trusted Advisor Organizational Dashboard (TAO) | yes |
| Deploy Compute Optimizer Dashboard | Deploy Compute Optimizer Dashboard (COD) | yes |
The foundational Cloud Intelligence Dashboards have now been deployed, although there are some tweaks to configurations that need to be made.
Update the account_map Amazon Athena View
We need to update the account_map Amazon Athena view otherwise the Cloud Intelligence Dashboards only show the 12 Digit AWS Account Id of the Accounts as opposed to the Logical Account Names which can become overwhelming. Therefore we’ll update the view so that it pulls through the accurate account details that is collected via the Organization-Data-OptimizationDataCollectionStack Lambda Function.
- In the AWS Account that you have chosen in the Pre-Requisites Step 1, test the
Organization-Data-OptimizationDataCollectionStackLambda Function by going into AWS Lambda, navigating to the Function and running a Test Event.
Once the Lambda Function has successfully executed, a Glue Crawler is triggered to crawl the data that it’s retrieved from AWS Organizations and written to Amazon S3. This in turn writes the data to a Glue Table called organization_data that is in a Glue Database named optimization_data.
- In the AWS Account that you have chosen in the Pre-Requisites Step 1, execute the following SQL Query against the
cid_curdatabase in Amazon Athena:
CREATE OR REPLACE VIEW account_map AS
SELECT DISTINCT
"id" "account_id",
"name" "account_name",
"payer_id" "parent_account_id",
"email" "account_email_id"
FROM
"optimization_data"."organization_data"
Deploy the Cost Anomaly, Trends and Data Transfer Cost Analysis Dashboards
Cost Anomaly Dashboards
- In the AWS Account that you have chosen in the Pre-Requisites Step 1, open up AWS CloudShell and execute the following:
python3 -m ensurepip --upgrade
pip3 install --upgrade cid-cmd
cid-cmd deploy --resources https://raw.githubusercontent.com/aws-samples/aws-cudos-framework-deployment/main/dashboards/cost-anomalies/cost-anomalies.yaml --dashboard-id aws-cost-anomalies --athena-database optimization_data
Trends Dashboards
- In the AWS Account that you have chosen in the Pre-Requisites Step 1, open up AWS CloudShell and execute the following:
python3 -m ensurepip --upgrade
pip3 install --upgrade cid-cmd
cid-cmd deploy
- Select the Trends Dashboards
- Follow any instructions in the CLI
Data Transfer Cost Analysis Dashboards
- In the AWS Account that you have chosen in the Pre-Requisites Step 1, open up AWS CloudShell and execute the following:
python3 -m ensurepip --upgrade
pip3 install --upgrade cid-cmd
cid-cmd deploy --resources https://github.com/aws-samples/aws-cudos-framework-deployment/raw/main/dashboards/data-transfer/DataTransfer-Cost-Analysis-Dashboard.yaml