Amazon Web Services connector

Use the Amazon Web Services cloud connector to collect the resource utilization data of the services that are provisioned in the Amazon Web Services (AWS) cloud. You can use this connector to:

  • Collect the cost data of all the services
  • Collect the usage data of your virtual machines (EC2 instances) and relational database instances

BMC Helix Cloud Cost uses these data points to provide cost insights and forecasting estimations to optimize your cloud costs by providing recommendations. Recommendations are displayed if you have configured the connector to collect both cost and utilization data.

The connector supports data collection for the following AWS subscription types:

  • AWS default
  • AWS GovCloud (US)

All communication between BMC Helix Cloud Cost and Amazon Web Services is secure over HTTPS. The connector uses the following APIs to collect data from AWS:

The following video (8:24) provides information about configuring the Amazon Web Services connector in BMC Helix Cloud Cost.

icon-play.png https://youtu.be/3WyIdmviMiI

License utilization

A product license gets consumed when the connector is used to collect data from the following asset types:

  • Amazon Elastic Compute Cloud (EC2)
  • Amazon Relational Database Service (Amazon RDS)
  • Amazon DynamoDB
  • Amazon Neptune
  • Amazon Redshift
  • Amazon Elastic Container Service (Amazon ECS)
  • Amazon Elastic Kubernetes Service (Amazon EKS)
  • Amazon API Gateway
  • Amazon ElastiCache
  • Amazon Simple Queue Service (Amazon SQS)
  • Amazon Elasticsearch Service

Collecting data by using the AWS cloud connector

To collect data by using the AWS cloud connector, do the following tasks:

I. Complete the preconfiguration tasks.

II. Configure the connector.

III. Verify data collection.

Step I. Complete the preconfiguration tasks

Depending on the type of data you want to collect, select a tab and complete the steps.

The connector requires the following information to connect to AWS and collect data:

  • S3 bucket name
  • Name of the daily billing report and its prefix
  • Access key and secret key of the IAM account

Note

If you want to import cost data from multiple AWS accounts, perform the following steps on your parent AWS account.


Depending on your AWS account setup, select a tab and complete the steps:

In multiple AWS account setup, the owner of the parent AWS account must perform the preconfiguration tasks.

(optional) If you want to use the role-based authentication, do the following:

  1. Create an IAM role with the BMC AWS account as a trusted entity.

    Do the following:
    1. Log in to your AWS account.
    2. Under Security, click IAM. You are directed to the Identity and Access Management (IAM) dashboard.
    3. Click Roles > Create role.
    4. Select Another AWS account, and do the following:
      1. In the Account ID box, type the identifier of the BMC AWS account. 
      2. Select the Require external ID check box, and enter any alphanumeric string as a value for the external ID. This ID is used to grant access to collect the AWS resources data.
      3. Click Next.
    5. On the permissions page, select the appropriate option, and click Next.
    6. (optional) Create tags and click Next.
    7.  Click Create role. A confirmation message is displayed.

  2. Note down the role ARN and external ID.

    Do the following:
    1. Search for the role that you created and select it to view the details.
    2. From the Summary section, note down the role ARN value.
    3. Click the Trust relationships tab, and note down the external ID value.

Step II. Configure the connector

You must configure the connector to connect to Amazon Web Services for collecting the cost and usage data of AWS services.

To configure the connector:

  1. In the BMC Helix Cloud Cost dashboard, navigate to Connectors Add a Connector > and select AWS Cloud Connector from the cloud based connectors.

  2. On the Configure Connector page, configure the following properties:

    Property

    Description

    Connector name

    A unique name for the connector.

    AWS configuration

    Specify whether you want to import data from the AWS GovCloud (US) account. The default selection is a standard AWS account.

    • AWS (default)
    • AWS GovCloud (US)

    Select the type of data that you want to collect

    Depending on your AWS subscription, select the type of data that you want to collect:

    • AWS (default)

      • Select Security and Compliance to collect all resource meta information and evaluate them for compliance & security. For more information, see Amazon Web Services cloud connector in the BMC Helix Cloud Security documentation. This option is available only if you are licensed to use BMC Helix Cloud Security.

      • Select Manage & Monitor AWS Costs to monitor and receive cost and utilization data of your AWS account.
      • Select Monitor utilization of AWS Resources to monitor and receive utilization data of your AWS resources.
    • AWS GovCloud (US)

      • Select Security and Compliance to collect all resource meta information and evaluate them for compliance & security. For more information, see Amazon Web Services cloud connector in the BMC Helix Cloud Security documentation.

      • Select Monitor utilization of AWS Resources to monitor and receive utilization data of your AWS resources. You must have at least one connector that is collecting cost data to view utilization data in your account.

    Note: Recommendations are displayed if you have configured the connector to collect both cost and utilization data.

    Cost Data S3 Bucket

    Enter the name of the S3 bucket where you store the billing reports.

    Report Name

    Specify the billing report name.

    Report Prefix

    Specify the prefix that is attached to the report. (The prefix corresponds to the directory level in the S3 bucket hierarchy.)

    Credential Type

    Configure the authentication method to authenticate with your AWS account:

    • Key Based: This authentication uses your AWS keys.
      • AWS Account Access Key: Specify the access key ID of the IAM user that you have created. For example, a typical access key ID looks like: AMAZONACSKEYID007EXAMPLE.
        To get the access key:
        • Open the IAM console and sign in with your AWS account credentials: https://console.aws.amazon.com/iam/
        • Click Users > select your user name.
        • Click Security > Credentials tab > Access key section.
      • AWS Account Secret Key: Specify the secret access key that is associated with the access key ID. For example, a typical secret access key looks like: wSecRetAcsKeYY712/K9POTUS/BCZthIZIzprvtEXAMPLEKEY
  3. Collection Mode: By default, the data collection cycle is set to On Demand collection. You can select an appropriate unit of time (days, minutes, hours) to schedule the data collection frequency along with event driven collection cycle where the collection is triggered when an event is identified in the selected account.

  4. On the Select Policies page, select the policies that you want to import from the policy library. This option is available only if you are licensed to use BMC Helix Cloud Security. For more information, see Managing policies.

  5. Click Continue. A confirmation message about the request for data collection processing is displayed.
    The Manage Connectors page shows the details of the newly configured AWS Cloud Connector.

Step III. Verify data collection

Verify that the connector ran successfully and check whether the AWS data is refreshed on the Dashboard.

To verify whether the connector ran successfully:

  1. On the Manage Connectors page, the state of the newly configured connector is updated to Running.
    When you run the connector for the first time, the connector recovers data for the past 6 months. The data collection begins immediately but depending on the number of resources in your environment the data is displayed after some time in BMC Helix Cloud Cost.
  2. On the BMC Helix Cloud Cost dashboard, the AWS connector tab is displayed.
  3. Select the AWS tab from the Dashboard.
  4. In the Summary tab, verify that the total cost, historical cost, and total resources are displayed. Also, recommendations are displayed if you have configured the connector to collect both cost and utilization data; and you have efficiency issues in your infrastructure. Recommendations are not generated if all the resources are utilized efficiently.
  5. Resource pool information is not available by default. You must create a resource pool to view the resource pool details like name, resource count, budget, actual cost, and the projected cost. For details, see Resource Pools.
  6. In the Accounts tab, verify that the account details like name, actual cost, change in cost (in US dollars and percent), percent total cost, and number of resources are displayed for the accounts you own.
  7. In the Services tab, verify that the service details like name, actual cost, change in cost (in US dollars and percent), percent total cost, and number of resources are displayed.
  8. In the Explore Bill tab, verify that the resource name, actual cost, resource type, region, account name, and the service name are displayed.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*