Cost Insights uses the publicly available price listing by default to calculate your Kubernetes costs. Your Kubernetes costs, however, may differ depending on the pricing stipulated in your agreements with the cloud provider. For example, the pricing stipulated in the agreement with AWS is called the AWS Customer Agreement (AWS CA). 

To accurately calculate allocated and charge-back costs, Cost Insights recommends integrating your cloud provider's billing data with Cost Insights. 

When Should You Integrate Your Billing?

We recommend integrating your cloud provider billing with Cost Insights for accurate cost calculations. For enterprise customers, however, integrating your cloud provider billing with Cost Insights is even more critical because of the potential disparity between the publicly listed pricing and the potential discounts. For example, AWS has an Enterprise Discount Program (EDP) that can impact the costs.

Integration Requirements 

Select the cloud provider you want to integrate with Cost Insights to view the requirements.

To integrate AWS with Cost Insights, you need to be able to create a Cost and Usage Report (CUR).

You will require advanced access and have these policies at minimum to create the CUR:

  • AmazonS3FullAccess (or similar) - to create, read, list, and attach bucket policies.
  • Billing - to access the billing console and create a report.
  • AWSCloudFormationFullAccess - to create a stack that will get data from the bucket and put it into the Athena DB.
  • IAMFullAccess (or similar) - to create a user, create a policy, attach a policy, and get access keys.
  • EC2:DescribeInstances - to get information about available instance types.
  • EC2:DescribeVolumes - to get information about attached node disks.
  • Your account's billing credentials have "User Access Administrator" privileges.
  • Microsoft® Entra ID is available.
  • App Registrations are enabled.

Prepare the following from Azure to integrate with Cost Insights:

  • Subscription ID - ID of the subscription that contains the billing data.

  • Client ID - Microsoft identity platform application ID.

  • Client Secret - Microsoft identity platform application secret.

  • Tenant Domain - Domain for the Microsoft Entra tenant, usually in the format <domainname>.onmicrosoft.com.


Integrate Cloud Billing Data

After meeting the integration requirements, view the integration instructions for your cloud provider below.

  1. Follow the steps in Creating Cost and Usage Reports and specify the configurations:
    • Check Daily for the Time granularity.
    • Check Amazon Athena for Enable report data integration for.
    • Ensure the option Include resource IDs is selected under Report additional content.
    • Avoid slashes at the beginning or end of the name for the S3 prefix.

  2. Follow the steps in Setting up Athena using AWS CloudFormation templates to create a CloudFormation Stack.

    The CloudFormation Stack must be created in the same region as the Cost and Usage Report.

  3. Create a new AWS User that will query billing data.

  4. Grant the newly created user the following access roles:

    Make sure you replace the {BUCKET_NAME} with the actual name of the bucket in the VisualEditor4 block, and do not remove the trailing asterisk. 

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor1",
      "Effect": "Allow",
      "Action": [
        "athena:startQueryExecution",
        "athena:getQueryExecution",
        "cur:DescribeReportDefinitions",
        "glue:GetTable",
        "glue:GetPartitions",
        "glue:GetDatabase",
        "ec2:DescribeInstances",
        "ec2:DescribeVolumes"
      ],
      "Resource": "*"
    },
    {
      "Sid": "VisualEditor2",
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:ListBucketMultipartUploads",
        "s3:AbortMultipartUpload",
        "s3:CreateBucket",
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:ListMultipartUploadParts"
      ],
      "Resource": "arn:aws:s3:::aws-athena-query-results-*"
    },
    {
      "Sid": "VisualEditor4",
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:ListBucketMultipartUploads",
        "s3:AbortMultipartUpload",
        "s3:CreateBucket",
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:ListMultipartUploadParts"
      ],
      "Resource": "arn:aws:s3:::{BUCKET_NAME}*"
    }
  ]
}
    JSON

  5. Proceed to Configure Billing Integration and enter the required billing account credentials.

  1. Get the subscription ID containing the billing data information.
  2.  Ensure that Microsoft® Entra ID is available and App Registrations is enabled.
  3. Register an application with Microsoft Entra ID following Microsoft's Quickstart: Register an application with the Microsoft identity platform.
  4. Get the Application ID and create the auth key.
    1. Open the Microsoft Entra ID page.
    2. Click the App Registrations sidebar menu.
    3. Open the corresponding app.
    4. Copy the Application (client) ID.
    5. Click Certificates & secrets and create a client secret.
  5.  Grant permissions by adding a new role assignment for the chosen app:
    1. Go to subscriptions.
    2. Select the corresponding subscription.
    3. Click Access Control (IAM) in the sidebar.
    4. Click Add, then Add role assignment.
    5. From Role, select the role Cost Management Reader.
    6. From Members, assign access to Azure AD user, group, or service principal.
    7. Click Select members and choose the app.
    8. Click Review + assign to complete your changes.
  6. Proceed to Configure Billing Integration and enter the required billing account credentials.

Configure Billing Integration

To configure the billing integration, you create entries of billing credentials. The billing credentials enable Cost Insights to integrate with your cloud provider's billing data and thus calculate your Kubernetes cost.

Select the tab for the action that you would like to perform:

  1. Navigate to Configure > Billing Credentials.
  2. Click Create.
  3. Enter the name of the billing credential.
  4. Select your cloud provider.
  5. AWS:
    1. Enter the same report name you used to create the report with AWS. The report name has to be the same for Cost Insights to integrate with your cloud provider's billing.
    2. Enter the Access Key from AWS.
    3. Enter the Secret Access Key.
  6. Azure:
    1. Enter the Subscription ID of the subscription that contains the billing data.

    2. Enter the Application (client) ID of the Microsoft identity platform app registration.

    3. Enter the Client Secret created for the app registration.

    4. Enter the Tenant Domain for the Microsoft Entra tenant, usually of format <domainname>.onmicrosoft.com.

  7. Click Create.
  8. You'll be returned to the Billing Credential page, which lists the new and existing billing credentials. The new billing credentials will be PENDING until Cost Insights can fetch your billing data. The integration process generally takes x minutes.
Navigate to Configure > Billing Credentials to view your existing billing credentials, the cloud provider, and the integration status. 
  1. Navigate to Configure > Billing Credentials.
  2. Click the billing credential that you would like to edit.
  3. Make the changes to the billing credential.
  4. Click Save.
  1. Navigate to Configure > Billing Credentials.
  2. Click next to the billing credential you would like to delete.