Document version

<aside> 💡

Actions Summary

On your side
1. Enable the CUR generation files
2. Create an access for Sopht and apply the required rights
3. Send the required data to Sopht
On Sopht side
1. According to the chosen authentication option (step 2), creation of an IAM role
2. Configuration of the customer tenant </aside>

Introduction

This document describes the implementation of tools and necessary rights for Sopht to connect to a client's AWS cloud provider.

Basically, the Sopht’ AWS collector will gather CUR files on a S3 bucket, and push it to our Backbone.

This means that you will have to enable CUR generation files (if not already done), create a S3 bucket.

For Kubernetes, you will also have to activate Container insights, to get metrics data, also need for the calculation.

<aside> 💡

What kind of data is Collected ?

For AWS, we collect two kind of objects : the services usage through the CUR data, and the metrics data. The present documentation describes the access rights, and elements to gather the CUR data. The detailed documentation to gather the metrics is coming soon.

CUR data

Field list used by Sopht

Here you can find a synthesis of the used fields in AWS :

CUR Usage

graph LR
    subgraph sopht["🏢 Sopht Infrastructure"]
        collecteur["🔄 Collector<br/>(ETL Scheduler)"]
        nat["🌐 NAT Gateway<br/>(fixed IP)"]
    end

    subgraph aws["☁️ AWS Infrastructure"]
        subgraph org["AWS Organization"]
            subgraph mgmt["Account Management"]
                s3["🪣 Bucket S3<br/>(Web exposed)"]
                cur_gen["⚙️ CUR generation"]
                billing["💰 Billing data"]
            end

            subgraph compteA["Account A"]
                workloadA["Workloads"]
            end

            subgraph compteB["Account B"]
                workloadB["Workloads"]
            end

            subgraph compteC["Account C"]
                workloadC["Workloads"]
            end

            compteA ~~~ compteB ~~~ compteC
        end
    end

    collecteur -->|"Requests"| nat
    nat -->|"Fixed IP<br/>through Web"| s3
    s3 ---|"← generated CUR"| cur_gen
    cur_gen ---|"← Billing"| billing
    billing ---|"← Workload"| workloadA
    billing ---|"← Workload"| workloadB
    billing ---|"← Workload"| workloadC

    style sopht fill:#e8f5e9,stroke:#388e3c,stroke-width:2px
    style aws fill:#fff3e0,stroke:#f57c00,stroke-width:2px
    style org fill:#fce4ec,stroke:#c62828,stroke-width:1px
    style mgmt fill:#fff9c4,stroke:#f9a825,stroke-width:1px
    style compteA fill:#e3f2fd,stroke:#90a4ae,stroke-dasharray:5 5
    style compteB fill:#e3f2fd,stroke:#90a4ae,stroke-dasharray:5 5
    style compteC fill:#e3f2fd,stroke:#90a4ae,stroke-dasharray:5 5
    style collecteur fill:#c8e6c9,stroke:#2e7d32
    style nat fill:#a5d6a7,stroke:#2e7d32,stroke-width:2px
    style s3 fill:#ffe0b2,stroke:#e65100
    style billing fill:#fff59d,stroke:#f9a825
    style cur_gen fill:#fff59d,stroke:#f9a825
    style workloadA fill:#bbdefb,stroke:#90a4ae
    style workloadB fill:#bbdefb,stroke:#90a4ae
    style workloadC fill:#bbdefb,stroke:#90a4ae

Metrics data (coming soon) </aside>

Implementation steps

Step 0: prerequisites

For the following steps, you an admin account on the Billing and Cost Management.

You will have to create roles and give access rights.