Skip to main content

image

Prerequisites

Opting in to AWS Compute Optimizer

To opt in to Compute Optimizer
  1. Open the Compute Optimizer console at https://console.aws.amazon.com/compute-optimizer/
    If this is your first time using the Compute Optimizer console, the Compute Optimizer landing page is displayed.
  2. Choose Get started.
  3. On the Account setup page, review the Getting started and Setting up your account sections.
  4. The following options are displayed if the account that you’re signed in to is the management account of your organization. Choose one before continuing to the next step.
  5. Only this account - Choose this option to opt in only the account that you’re currently signed in to. If you choose this option, Compute Optimizer analyzes resources that are in the individual account, and generates optimization recommendations for those resources.
  6. All accounts within this organization - Choose this option to opt in the account you’re currently signed in to, and all of its member accounts. If you choose this option, Compute Optimizer analyzes resources that are in all accounts in the organization, and generates optimization recommendations for those resources.
  7. Choose Opt in. By opting in, you indicate that you agree to and understand the requirements to opt in to Compute Optimizer.
  8. After you opt in, you’re redirected to the dashboard in the Compute Optimizer console. At the same time, the service immediately starts analyzing the configuration and utilization metrics of your AWS resources. For more information, see Metrics analyzed by AWS Compute Optimizer
If you add any new member accounts to your organization after you opt in, Compute Optimizer automatically opts in those accounts.
When you complete the opt in process, it can up to 24 hours for the opted-in accounts to appear in the Compute Optimizer console.

Enabling Resource Costs 

To enable Wiv to extract resource costs accurately, please enable resource-level data tracking at daily granularity by following these steps:
  1. Navigate to Cost Management Preferences
  2. Select the Cost Explorer Tab
  3. Enable the “Resource-level data at daily granularity” option
  4. Select “All Services” (Note: This feature is available at no additional cost)
  5. Click “Save Preferences” to apply your changes
image

Activate trusted access for stack sets with AWS Organizations

Sign in to AWS as an administrator of the management account and open the CloudFormation console at https://console.aws.amazon.com/cloudformation.
From the navigation pane, choose StackSets. If trusted access is deactivated, a banner displays that prompts you to activate trusted access.
Activate trusted access banner.
Choose Activate trusted access. Trusted access is successfully activated when the following banner displays.
Trusted access is successfully activated banner.

Wiv On Boarding Process - Payer

Description

Onboarding Process Overview

Welcome to the initial setup guide. This document outlines the necessary steps to integrate your AWS Account with our FinOps automation platform, thereby enhancing your financial operations through effective resource management.

Step 1: Establishing Connection with Org/Payer Account

To initiate, connect your Org/Payer account. This primary account holds exclusive information crucial for comprehensive cost and usage analysis. Our system leverages this data to facilitate robust financial optimization strategies.

Step 2: Configuration of Cost & Usage Report

We facilitate a detailed Cost & Usage Report (CUR) specific to your AWS environment. This report is pivotal in identifying unnecessary expenditures and uncovering potential savings. It includes:
S3 Bucket Creation: A dedicated Amazon S3 bucket is created to house the CUR, ensuring your data is securely stored and readily accessible.
Athena Table and Crawlers: We configure an Athena Table and deploy crawlers to replicate the CUR data to Athena. This setup enables you to execute tailored queries on your report via Wiv, providing insights into cost-saving opportunities.
Lambda Invocation: An automated Lambda function is designed to trigger these crawlers, ensuring your data is regularly updated and accurate. Our preliminary checks ensure these configurations are non-existent prior to setup and verify that they fall within the AWS Free Tier.

Step 3: Secure Access Configuration

For enhanced security, an IAM Role with an external ID is created at the payer level. This role is pivotal in establishing a secure connection to your AWS account, safeguarding your data and operations.

Step 4: Deployment of ‘WivAccessRole’

Upon successful connection with the payer account, deploy the ‘WivAccessRole’. This IAM role is instrumental in extending optimization capabilities to all linked accounts. The deployment is designed to be user-friendly and can be completed swiftly as per the instructions provided.

For fully automated onboarding process

open your AWS payer account in a new tab

from Wiv console go to Integrations->AWS->New aws integration 

add integration name and click “Connect via CloudFormation”

**
image
**this will open the CF stack in a new tab in your payer account
image
 no need to change anything just mark the 2 check box and click “Create stack” the stack will run and you will see this “Deployment in progress” until its done.
image
for adding aws linked accounts scroll down to “Adding AWS Organization Units/Linked Accounts to the Stackset”
For manual onboarding, please click on the ‘connect by entering your onboarding info manually’
image
 you can choose between 2 types of CUR ‘2.0’ or ‘Legacy’
image
click on ‘Connect AWS account’ will open the CF in a new tab  Leave all default values and check the box’s than click ‘Create Stack”
image
It will take approximately 5 minutes to complete the installation of all stacks at the account. Wait until you see that all is completed:
image
After the deployment was successfully you will need to provide
”Role ARN” and “External id” from the nested stack “WivOnBoarding-OrgRoleManagement-XXXXXXXXXXXX”
image
image

Adding AWS Organization Units/Linked Accounts to the Stackset

Go to “WivOrgStackSet” under “Actions” click on “Add stacks to Stackset
image
Under “Set deployment options” choose “Deploy to organization” to deploy the role for all organization Linked accounts. Or “Deploy to organizational units (OUs)” to target specific OUs (you will need to provide “AWS OU ID”) Under “Specify regions” choose “us-east-1” (this is not important as role is Global resource and not regional)
image
Leave all other options as default and run the stackset. You will see all your chosen Linked accounts under “Stack instances” tab
image
The end resolute should be “SUCCEEDED” message in “Operations” tab
image
All resources that can be tagged have the following tags:
Wiv: Wiv-infrastructure
Wiv:Original:ResourceId: -Stack The Following are Infrastructure Resources which are created during on-boarding process: IAM Roles:
WivAccessRole (in management and member accounts)
Various Lambda execution roles S3 Bucket:
For storing Cost and Usage Reports (CUR) Lambda Functions:
PreCheck Lambda
CUR Initializer Lambda
S3 CUR Notification Lambda
Cleanup Bucket Lambda Glue Resources:
Glue Crawler
Glue Database Athena Resources:
Athena Database
Athena Workgroup CloudFormation StackSet:
For deploying WivAccessRole to member accounts CloudWatch Log Groups:
For Lambda function logs EventBridge Rules:
For triggering Lambda functions based on S3 events
image