Amazon Web Services Configuration
OpenCost will automatically read node information
node.spec.providerID to determine the cloud service provider (CSP) in use. If it detects the CSP is Amazon Web Services (AWS), it will attempt to pull data for the following:
- AWS On-Demand pricing from the configured public API URL
- AWS Spot Instance Data Feed from the configured S3 bucket
- AWS cloud costs if configured (see below).
AWS On-Demand pricing configuration
OpenCost will request pricing data from the us-east-1 region using the template:
This URL can be overwritten using the environment variable
AWS Spot instance data feed configuration
- Set up Spot Instance Data Feed.
The data feed will provide specific pricing information about any Spot instances in your account on an hourly basis. After setting this up, the bucket information can be provided through options in the AWS provider configuration file.
awsSpotDataBucket- The name of the S3 bucket Spot Instance Data Feed is publishing to.
awsSpotDataRegion- The region configured for Spot Instance Data Feed
awsSpotDataPrefix- The prefix (if any) configured for Spot Instance Data Feed
projectID- The AWS Account ID
"description": "AWS Provider Configuration. Provides default values used if instance type or spot information is not found.",
Security for AWS integration
The recommeded setup is to leverage IAM roles for Service Accounts.
After creating the role and policy, attach the role as an annotation on the service account:
AWS Cloud Cost Configuration
The Cloud Costs feature is not in the current stable release yet. Please use the OpenCost image
gcr.io/kubecost1/opencost:cloudcost and the OpenCost UI image
gcr.io/kubecost1/opencost-ui:cloudcost to access this beta feature.
To configure OpenCost for your AWS account, create an Access Key for the OpenCost user who has access to the Cost and Usage Report (CUR). Navigate to the IAM Management Console dashboard, and select Access Management > Users. Find the OpenCost user and select Security Credentials > Create Access Key. Note the Access Key ID and Secret access key.
<ACCESS_KEY_ID>is the ID of the Access Key created in the previous step.
<ACCESS_KEY_SECRET>is the secret of the Access Key created in the
<ATHENA_BUCKET_NAME>is the S3 bucket storing Athena query results which OpenCost has permission to access. The name of the bucket should match
s3://aws-athena-query-results-*, so the IAM roles defined above will automatically allow access to it. The bucket can have a canned ACL set to Private or other permissions as needed.
<ATHENA_REGION>is the AWS region Athena is running in
<ATHENA_DATABASE>is the name of the database created by the Athena setup. The Athena database name is available as the value (physical id) of
AWSCURDatabasein the CloudFormation stack created above.
<ATHENA_TABLE>is the name of the table created by the Athena setup The table name is typically the database name with the leading
athenacurcfn_removed (but is not available as a CloudFormation stack resource).
<ATHENA_WORKGROUP>is the workgroup assigned to be used with Athena. Default value is
<ATHENA_PROJECT_ID>is the AWS AccountID where the Athena CUR is. For example:
<MASTER_PAYER_ARN>is an optional value which should be set if you are using a multi-account billing set-up and are not accessing Athena through the primary account. It should be set to the ARN of the role in the management (formerly master payer) account, for example:
Set these values into the AWS array in the