Skip to main content

Amazon Web Services China

Flexera One uses bill data to provide an accurate view of your costs across accounts and services. This data is consumed by the Flexera One platform and made available for pre-built and ad-hoc analyses. To gather the cost information, certain configuration steps must be performed with specific data and credentials being shared with Flexera One.

This topic outlines the configuration process for integrating Amazon Web Services (AWS) China IAM billing exports with Flexera One using billing reports stored in Amazon Simple Storage Service (Amazon S3) buckets.

Flexera One uses AWS billing data to offer detailed multi-cloud cost reporting and governance features. Customers must export data from AWS China to an S3 bucket and connect this source to Flexera One using the IAM user method.

note

Consider the following:

  • AWS cross-account is not supported.
  • This integration supports AWS China IAM User (Legacy) billing connections only.

The following steps must be completed to connect your AWS China billing data to Flexera One:

  • Prerequisites
  • Creating IAM User With Required Permissions
  • Generating and Configuring Cost and Usage Reports for AWS China
  • Connecting AWS China in Flexera One
  • Verifying Bill Connect
  • Viewing Import History to Verify Bill Status

Prerequisites

The following prerequisites are required to connect your AWS China billing data to Flexera One:

  • A valid AWS China billing account.
  • An IAM user with required permissions to access billing reports. For more information, see Create IAM User With Required Permissions.
  • An S3 bucket in AWS China configured to store billing data.
  • Billing data exported from AWS China to the configured bucket.
  • Credentials to connect AWS China billing data to Flexera One:
    • Access key ID
    • Secret access key
    • Billing S3 bucket name
    • Report prefix (for example, HourlyCostAndUsageReport)
    • Billing account ID

Creating IAM User With Required Permissions

To connect AWS China billing exports to Flexera One, you must create or use an existing IAM user (legacy) in AWS China with the following permissions:

  • AmazonS3ReadOnlyAccess—Allows read-only access to the S3 bucket containing Cost and Usage Report (CUR) data.

    note

    The Amazon S3 bucket is accessible from the IAM user credentials.

  • AWSBillingReadOnlyAccess—Allows read-only access to billing reports.

This topic includes the following sections:

IAM User Creation (Legacy) Instructions

Users who choose not to use the IAM role can instead create an IAM user with read-only access to the S3 bucket containing your Cost and Usage Report, as well as read-only access to metadata about the accounts referenced in your bill.

To create an IAM user (Legacy):

  1. Create a new IAM policy that allows read-only access to your S3 billing bucket and to metadata about the accounts referenced in your bill. For more information, see IAM Policy (IAM User) Creation Reference.
  2. Create a new IAM user and attach only the newly created policy to this user. For instructions on this process, see the AWS documentation topic, IAM tutorial: Create and attach your first customer managed policy .
  3. Capture the access key ID and secret access key for future use.

IAM Policy (IAM User) Creation Reference

To allow read-only access to your S3 billing bucket and metadata about the accounts referenced in your bill, create a new AWS IAM policy with the required Flexera One permissions. Using the following sample policy, simply replace the YOUR_BILLING_BUCKET_NAME_HERE with your bucket name. Take care not to delete the trailing /* in the s3:GetObject permission.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws-cn:s3:::YOUR_BILLING_BUCKET_NAME_HERE"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws-cn:s3:::YOUR_BILLING_BUCKET_NAME_HERE/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "organizations:Describe*",
                "organizations:List*"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ce:GetReservationPurchaseRecommendation",
                "ce:GetSavingsPlansPurchaseRecommendation",
                "ce:GetSavingsPlansUtilizationDetails",
                "ce:GetReservationUtilization"
            ],
            "Resource": "*"
        }
    ]
}

Generating and Configuring Cost and Usage Reports for AWS China

You must configure the AWS cost and usage reports to be exported to your Amazon S3 bucket. For information about creating reports, see the AWS documentation topic, Creating reports .

Connecting AWS China in Flexera One

note

The Manage organization role is required to connect AWS China in Flexera One. For complete descriptions of each role available in Flexera One, see Flexera One Roles.

Flexera One ingests billing data provided by major cloud providers and custom bills, enabling you to allocate costs, identify waste, and perform detailed analysis of your cloud spend.

To connect AWS China in Flexera One:

  1. Go to the Billing Configuration page (Administration > Cloud Settings > Billing Configuration).

  2. Click Add a Cloud Bill. The Connect Cloud - Choose your cloud dialog box opens.

  3. Choose Amazon Web Services and click Continue. The Connect Cloud - Amazon Web Services dialog box opens.

  4. Choose China - AWS IAM User (Legacy) and click Continue. The Connect Cloud - China - AWS IAM User (Legacy) dialog box opens.

  5. Enter the following required information:

    • Billing account ID (as seen in your AWS console)

    • Access Key ID

    • Secret access key

    • Billing S3 bucket (for example, sample-client-secret)

    • Report prefix (for example, HourlyCostAndUsageReport)

      note

      The report prefix must exactly match the report prefix you specified when configuring the AWS Cost and Usage report.

  6. Click Connect.

Verifying Bill Connect

After you create a bill connect, you must verify the connection.

To verify bill connect in Flexera One:

  1. Go to the Billing Processing Status page (Administration > Cloud Settings > Billing Processing Status).
  2. In the Bill Account column, locate your bill account and verify the connection.

Viewing Import History to Verify Bill Status

note

The Manage organization role is required to view the import history to verify the bill status. For complete descriptions of each role available in Flexera One, see Flexera One Roles.

After you verify the bill connect, you must verify the status of the bill.

To view import history in Flexera One:

  1. Go to the Billing Processing Status page (Administration > Cloud Settings > Billing Processing Status).
  2. In the Bill Account column, locate your bill account and click the View link. The Import History page appears.
  3. In the Status column, ensure that the status of the bill is either Processing or Complete.