{"id":21605841,"url":"https://github.com/verticeone/terraform-aws-vertice-integration","last_synced_at":"2025-04-11T04:04:59.192Z","repository":{"id":193347680,"uuid":"688576581","full_name":"VerticeOne/terraform-aws-vertice-integration","owner":"VerticeOne","description":"Terraform module to provide Vertice Cloud Cost Optimization with access to your AWS accounts","archived":false,"fork":false,"pushed_at":"2025-04-04T08:18:55.000Z","size":643,"stargazers_count":3,"open_issues_count":1,"forks_count":3,"subscribers_count":15,"default_branch":"main","last_synced_at":"2025-04-11T04:04:52.886Z","etag":null,"topics":["aws","cco","cloud","cost","managed-by-terraform","optimization","public","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/VerticeOne.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-07T16:29:05.000Z","updated_at":"2025-04-04T08:18:58.000Z","dependencies_parsed_at":null,"dependency_job_id":"f069bb13-1e5d-49b1-abeb-4d7c88fef466","html_url":"https://github.com/VerticeOne/terraform-aws-vertice-integration","commit_stats":{"total_commits":15,"total_committers":3,"mean_commits":5.0,"dds":0.6,"last_synced_commit":"ac481fcf5ff7cb987f884d45b6be9b8c09244424"},"previous_names":["verticeone/terraform-aws-vertice-integration"],"tags_count":23,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VerticeOne%2Fterraform-aws-vertice-integration","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VerticeOne%2Fterraform-aws-vertice-integration/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VerticeOne%2Fterraform-aws-vertice-integration/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VerticeOne%2Fterraform-aws-vertice-integration/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/VerticeOne","download_url":"https://codeload.github.com/VerticeOne/terraform-aws-vertice-integration/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248339287,"owners_count":21087215,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cco","cloud","cost","managed-by-terraform","optimization","public","terraform"],"created_at":"2024-11-24T20:17:41.179Z","updated_at":"2025-04-11T04:04:59.179Z","avatar_url":"https://github.com/VerticeOne.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Terraform module to provide Vertice Cloud Cost Optimization service with access to your AWS accounts\n\nThis module handles creating a role to be used by Vertice Cloud Cost Optimization service to access your AWS account and access required services and data within it.\n\n## Usage\n\nIf the account is your AWS Management account you should configure a [Cost and Usage Reports (CUR)](https://docs.aws.amazon.com/cur/latest/userguide/what-is-cur.html) export, and then provide the `cur_bucket_name` variable to allow the role access to the CUR data within S3.\n\nYou can now configure a [Cost Optimization Recommendations Report (COR)](https://docs.aws.amazon.com/cur/latest/userguide/dataexports-create-standard.html) export, use existing bucket for [Cost and Usage Reports (CUR)](https://docs.aws.amazon.com/cur/latest/userguide/what-is-cur.html) `cur_bucket_name` and provide `cor_report_s3_prefix` variable.\n\n\u003e [!IMPORTANT]\n\u003e Before enabling an AWS Data Export report (COR format) through this template:\n\u003e * Enable **Cost Optimization Hub** in **Billing and Cost Management** in your **Billing AWS Account**:\n\u003e ![cost_optimization_hub.png](readme_resources/cost_optimization_hub.png)\n\u003e * Create the **AWSServiceRoleForBCMDataExports** service-linked role\n\u003e   * In the AWS Console, go to the **Billing and Cost Management** page\n\u003e   * On this page navigate to **Data Exports** -\u003e Click **Create** -\u003e Select **Standard data export** and **Cost optimization recommendations**\n\u003e   * Now you should see a warning table with the following title: **Exports of Cost Optimization Recommendations requires a Service Linked Role (SLR)**\n\u003e      * If you don't see the warning, you have already created the **AWSServiceRoleForBCMDataExports** service-linked role.\n\u003e   * In this warning table, click the **Create service-linked role** button, and it will create the necessary role for you.\n\u003e   * You can leave the page now, without finishing the creation of the Data export, or you can continue with the settings below\n\u003e ![cor_service_linked_role_creation.png](readme_resources/cor_service_linked_role_creation.png)\n\n## Configure access for your AWS Management Account with Cost and Usage Reports (CUR) and Cost Optimization Recommendations (COR) export configured\n\nThis is an example of creating a role in your [AWS Organizations management](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html) account (root/payer) where you host your CUR reports in a S3 bucket which will be accessed by the Vertice cross-account IAM role.\n\nConfiguring this module to create CUR S3 bucket and CUR report in your AWS Organizations management (root/payer) account is highly recommended. If you want to use the Cost Optimization Recommendations (AWS Data Exports) report, please configure this module to create the export in your AWS Organizations management (root/payer) account using the `data_export_enabled` variable.\n\nFor the governance IAM role to be created in your account, an ExternalId needs to be set in the `governance_role_external_id` parameter. You will receive this value from Vertice.\n\nPlease note that an `aws.us-east-1` provider alias needs to be defined, since Cost and Usage Reports are only supported by AWS in that region.\n\n```hcl\ndata \"aws_caller_identity\" \"current\" {}\n\nmodule \"vertice_cco_integration_role\" {\n  source        = \"git::https://github.com/VerticeOne/terraform-aws-vertice-integration.git?ref=\u003crelease-version\u003e\"\n\n  account_type = \"combined\"\n  cur_bucket_enabled = true\n  cur_report_enabled = true\n\n  billing_policy_addons = {\n    # allow managing EC2 Reserved Instances in billing policy\n    ec2_ri = true\n  }\n\n  cur_bucket_name = \"vertice-cur-reports-athena-${data.aws_caller_identity.current.account_id}\"\n\n  cur_report_name      = \"athena\"\n  cur_report_s3_prefix = \"cur\"\n  # If you want to enable Cost Optimization Recommendations report, you need to add lines below\n  # COR section start\n  cor_report_enabled         = true\n  cor_report_name            = \"vertice-cor-reports\"\n  # COR section end\n  governance_role_external_id = \"\u003cprovided ExternalId value\u003e\"\n\n  providers = {\n    aws = aws\n\n    aws.us-east-1 = aws.us-east-1\n  }\n}\n\nprovider \"aws\" {\n  region = \"us-west-2\" # Replace with desired region for the CUR S3 bucket\n}\n\n# Cost and Usage Report only exists in us-east-1\nprovider \"aws\" {\n  alias  = \"us-east-1\"\n  region = \"us-east-1\"\n}\n\nterraform {\n  required_version = \"\u003e= 1.3.0\"\n  required_providers {\n    aws = {\n      source  = \"hashicorp/aws\"\n      version = \"\u003e= 4.64.0\"\n\n      # A provider alias for us-east-1 region is needed because CUR is available only there.\n      configuration_aliases = [\n        aws,\n        aws.us-east-1\n      ]\n    }\n  }\n}\n```\n\n### Split Cost Allocation Data\n\nThe module supports the [Split Cost Allocation Data](https://aws.amazon.com/blogs/aws-cloud-financial-management/improve-cost-visibility-of-amazon-eks-with-aws-split-cost-allocation-data/) opt-in feature of the Cost and Usage Report, which provides more granular data for ECS/EKS usage. Please note that this feature may increase your costs slightly due to a larger volume of usage data generated.\n\nTo enable this feature:\n1. Opt in to Split Cost Allocation Data in the [Cost Management Preferences](https://us-east-1.console.aws.amazon.com/costmanagement/home?region=eu-west-1#/settings) page of the AWS Console (Step 1 of the guide above).\n2. Set the `cur_report_split_cost_data = true` variable on this module.\n\n\u003c!-- markdownlint-disable --\u003e\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.3.0 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 5.64.0, \u003c 6.0.0 |\n\n## Providers\n\nNo providers.\n\n## Inputs\n\n| Name | Description | Type | Required |\n|------|-------------|------|:--------:|\n| \u003ca name=\"input_account_type\"\u003e\u003c/a\u003e [account\\_type](#input\\_account\\_type) | The type of the AWS account. The possible values are `billing`, `member` and `combined`.\u003cbr\u003eUse `billing` if the target account is only for billing purposes (generating CUR report and exporting it to Vertice via S3 bucket).\u003cbr\u003eUse `member` if the account contains active workload and you want to allow `VerticeGovernance` role to perform spend optimization actions in the account on your behalf.\u003cbr\u003eUse `combined` for both of the above. | `string` | yes |\n| \u003ca name=\"input_billing_policy_addons\"\u003e\u003c/a\u003e [billing\\_policy\\_addons](#input\\_billing\\_policy\\_addons) | Enable optional add-ons for the `billing`/`combined` account IAM policy. | \u003cpre\u003eobject({\u003cbr\u003e    elasticache_ri = optional(bool, true),\u003cbr\u003e    ec2_ri         = optional(bool, true),\u003cbr\u003e    es_ri          = optional(bool, true),\u003cbr\u003e    rds_ri         = optional(bool, true),\u003cbr\u003e    redshift_ri    = optional(bool, true),\u003cbr\u003e    saving_plans   = optional(bool, true),\u003cbr\u003e})\u003c/pre\u003e | no |\n| \u003ca name=\"input_cur_bucket_enabled\"\u003e\u003c/a\u003e [cur\\_bucket\\_enabled](#input\\_cur\\_bucket\\_enabled) | Whether to enable the module that creates S3 bucket for Cost Usage Report data. | `bool` | no |\n| \u003ca name=\"input_cur_bucket_force_destroy\"\u003e\u003c/a\u003e [cur\\_bucket\\_force\\_destroy](#input\\_cur\\_bucket\\_force\\_destroy) | A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | no |\n| \u003ca name=\"input_cur_bucket_lifecycle_rules\"\u003e\u003c/a\u003e [cur\\_bucket\\_lifecycle\\_rules](#input\\_cur\\_bucket\\_lifecycle\\_rules) | List of maps containing configuration of object lifecycle management on the S3 bucket holding CUR data. | `any` | no |\n| \u003ca name=\"input_cur_bucket_name\"\u003e\u003c/a\u003e [cur\\_bucket\\_name](#input\\_cur\\_bucket\\_name) | The name of the bucket which will be used to store the CUR data for Vertice. | `string` | no |\n| \u003ca name=\"input_cur_bucket_versioning\"\u003e\u003c/a\u003e [cur\\_bucket\\_versioning](#input\\_cur\\_bucket\\_versioning) | Map containing versioning configuration on the S3 bucket holding CUR data. | `map(string)` | no |\n| \u003ca name=\"input_cur_report_enabled\"\u003e\u003c/a\u003e [cur\\_report\\_enabled](#input\\_cur\\_report\\_enabled) | Whether to enable the module that creates S3 bucket for Cost Usage Report data. | `bool` | no |\n| \u003ca name=\"input_cur_report_name\"\u003e\u003c/a\u003e [cur\\_report\\_name](#input\\_cur\\_report\\_name) | The name of the CUR report for Vertice. | `string` | no |\n| \u003ca name=\"input_cur_report_s3_prefix\"\u003e\u003c/a\u003e [cur\\_report\\_s3\\_prefix](#input\\_cur\\_report\\_s3\\_prefix) | The prefix for the S3 bucket path to where the CUR data will be saved. | `string` | no |\n| \u003ca name=\"input_cur_report_split_cost_data\"\u003e\u003c/a\u003e [cur\\_report\\_split\\_cost\\_data](#input\\_cur\\_report\\_split\\_cost\\_data) | Enable Split Cost Allocation Data inclusion in CUR. Note that manual opt-in is needed in AWS Console. | `bool` | no |\n| \u003ca name=\"input_data_export_columns\"\u003e\u003c/a\u003e [data\\_export\\_columns](#input\\_data\\_export\\_columns) | List of column names to select from the COST\\_OPTIMIZATION\\_RECOMMENDATIONS table. | `list(string)` | no |\n| \u003ca name=\"input_data_export_enabled\"\u003e\u003c/a\u003e [data\\_export\\_enabled](#input\\_data\\_export\\_enabled) | Enable AWS Data Export functionality. | `bool` | no |\n| \u003ca name=\"input_data_export_name\"\u003e\u003c/a\u003e [data\\_export\\_name](#input\\_data\\_export\\_name) | The name of the AWS Data Export created for Vertice. | `string` | no |\n| \u003ca name=\"input_data_export_s3_prefix\"\u003e\u003c/a\u003e [data\\_export\\_s3\\_prefix](#input\\_data\\_export\\_s3\\_prefix) | The prefix for the S3 bucket path where the AWS Data Export data will be saved. | `string` | no |\n| \u003ca name=\"input_data_export_table_config\"\u003e\u003c/a\u003e [data\\_export\\_table\\_config](#input\\_data\\_export\\_table\\_config) | COR table configurations; see https://docs.aws.amazon.com/cur/latest/userguide/table-dictionary-cor.html for details. | \u003cpre\u003eobject({\u003cbr\u003e    INCLUDE_ALL_RECOMMENDATIONS = string\u003cbr\u003e    FILTER                      = string\u003cbr\u003e  })\u003c/pre\u003e | no |\n| \u003ca name=\"input_governance_role_additional_policy_json\"\u003e\u003c/a\u003e [governance\\_role\\_additional\\_policy\\_json](#input\\_governance\\_role\\_additional\\_policy\\_json) | Custom additional policy in JSON format to attach to VerticeGovernance role. Default is null for no additional policy. | `string` | no |\n| \u003ca name=\"input_governance_role_assume_policy_json\"\u003e\u003c/a\u003e [governance\\_role\\_assume\\_policy\\_json](#input\\_governance\\_role\\_assume\\_policy\\_json) | Optional override for VerticeGovernanceRole assume policy. Default assume role policy is constructed if this is not provided. | `string` | no |\n| \u003ca name=\"input_governance_role_enabled\"\u003e\u003c/a\u003e [governance\\_role\\_enabled](#input\\_governance\\_role\\_enabled) | Whether to enable the module that creates VerticeGovernance role for the Cloud Cost Optimization. | `bool` | no |\n| \u003ca name=\"input_governance_role_external_id\"\u003e\u003c/a\u003e [governance\\_role\\_external\\_id](#input\\_governance\\_role\\_external\\_id) | STS external ID value to require for assuming the governance role. Required if the governance IAM role is to be created. You will receive this from Vertice. | `string` | no |\n| \u003ca name=\"input_vertice_account_ids\"\u003e\u003c/a\u003e [vertice\\_account\\_ids](#input\\_vertice\\_account\\_ids) | List of Account IDs, which are allowed to access the Vertice cross account role. | `list(string)` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_cur_report_name\"\u003e\u003c/a\u003e [cur\\_report\\_name](#output\\_cur\\_report\\_name) | Name of the CUR report created. |\n| \u003ca name=\"output_cur_report_s3_prefix\"\u003e\u003c/a\u003e [cur\\_report\\_s3\\_prefix](#output\\_cur\\_report\\_s3\\_prefix) | Name of the S3 prefix used by the CUR report. |\n| \u003ca name=\"output_data_export_name\"\u003e\u003c/a\u003e [data\\_export\\_name](#output\\_data\\_export\\_name) | Name of the COR report created. |\n| \u003ca name=\"output_data_export_s3_prefix\"\u003e\u003c/a\u003e [data\\_export\\_s3\\_prefix](#output\\_data\\_export\\_s3\\_prefix) | Name of the S3 prefix used by the COR report. |\n| \u003ca name=\"output_vertice_account_ids\"\u003e\u003c/a\u003e [vertice\\_account\\_ids](#output\\_vertice\\_account\\_ids) | Account IDs of Vertice allowed to access your AWS resources. |\n| \u003ca name=\"output_vertice_governance_role_arn\"\u003e\u003c/a\u003e [vertice\\_governance\\_role\\_arn](#output\\_vertice\\_governance\\_role\\_arn) | The ARN of VerticeGovernance role created. |\n| \u003ca name=\"output_vertice_governance_role_name\"\u003e\u003c/a\u003e [vertice\\_governance\\_role\\_name](#output\\_vertice\\_governance\\_role\\_name) | The name of VerticeGovernance role created. |\n\u003c!-- END_TF_DOCS --\u003e\n\u003c!-- markdownlint-enable --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fverticeone%2Fterraform-aws-vertice-integration","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fverticeone%2Fterraform-aws-vertice-integration","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fverticeone%2Fterraform-aws-vertice-integration/lists"}