How to deploy the aws-cost-explorer-report on AWS?

aws-samples / aws-cost-explorer-report

Python SAM Lambda module for generating an Excel cost report with graphs, including month on month cost changes. Uses the AWS Cost Explorer API for data.

MIT No Attribution

432 stars 166 forks source link

How to deploy the aws-cost-explorer-report on AWS? #19

Closed deadislove closed 3 years ago

deadislove commented 5 years ago

Description

I create the lambda function on the Python 3.6 platform and the IAM for the cost-explorer-report lambda functions. I also tag the services for cost-explorer-report lambda functions. I hope I can obtain all of regions cost explorer.

Deploying steps:

Create an IAM policy and role.
Create a lambda function and copy lambda.py source code on my lambda function.
Try to do a lambda function test.

Result: Step 3 shows the error messages that are "Can't find out the pandas."

Question part:

Q1. Did you import the pandas library of the python on lambda functions? Q2. Could you tell me the deploying cost-explorer-report lambda guide? (I hope it has more detail information. I don't want to use the cloudformation to build.)

IAM policy

IAM policy: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "sns:Publish", "aws-portal:ViewPaymentMethods", "aws-portal:ViewAccount", "aws-portal:ViewBilling", "aws-portal:ViewUsage" ], "Resource": "*" }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": "logs:*", "Resource": "arn:aws:logs:*:*:*" } ] }

davfaulk commented 5 years ago

Hi - I moved all the dependencies (as they are tricky) into a lambda layer. So in the console add the layer mentioned in the readme step:

Configure the dependency layer: arn:aws:lambda:us-east-1:749981256976:layer:aws-cost-explorer-report:1

You should be able to add the layer in the Lambda console. In the designer view at top, click layers, then add layer, and then add a layer by ARN "arn:aws:lambda:us-east-1:749981256976:layer:aws-cost-explorer-report:1"

davfaulk commented 5 years ago

Also - I think you will find that IAM policy doesnt give the rights the script needs. From the readme:

Create a lambda IAM execution role with ce:, ses:, s3:, organizations:ListAccounts

And you will need to create Lambda ENV VARS:	Variable	Description
S3_BUCKET	S3 Bucket to use
SES_SEND	Email list to send to (comma separated)
SES_FROM	SES Verified Sender Email
SES_REGION	SES Region
COST_TAGS	List Of Cost Tag Keys (comma separated)
CURRENT_MONTH	true / false for if report does current partial month
DAY_MONTH	When to schedule a run. 6, for the 6th by default
TAG_KEY	Provide tag key e.g. Name
TAG_VALUE_FILTER	Provide tag value to filter e.g. Prod*
LAST_MONTH_ONLY	Specify true if you wish to generate for only last month

The CloudFormation is a lot easier.......

davfaulk commented 5 years ago

For cloudformation, just use the cloudformation console to deploy https://github.com/aws-samples/aws-cost-explorer-report/blob/master/easy_deploy.yaml

You can also look in that file for the IAM policy details, and the ENVARS

davfaulk commented 5 years ago

Also - I only have the layer available in us-east-1 now... So run it there for it to work easy.... If that's not an option.. here is a download of the layer itself, create a layer in your account using this ZIP

https://aws-cost-explorer-report-bin.s3.amazonaws.com/layer.zip

I will add this to readme for those that want to deploy in other regions

deadislove commented 5 years ago

Hi - I moved all the dependencies (as they are tricky) into a lambda layer. So in the console add the layer mentioned in the readme step:

Configure the dependency layer: arn:aws:lambda:us-east-1:749981256976:layer:aws-cost-explorer-report:1

You should be able to add the layer in the Lambda console. In the designer view at top, click layers, then add layer, and then add a layer by ARN "arn:aws:lambda:us-east-1:749981256976:layer:aws-cost-explorer-report:1"

I can't use ARN methods. I only can choose the runtime compatible layers.

davfaulk commented 5 years ago

The radio button below "Select from list" And this will only work in us-east-1. Is that OK?

deadislove commented 5 years ago

Also - I think you will find that IAM policy doesnt give the rights the script needs. From the readme:

Create a lambda IAM execution role with ce:, ses:, s3:, organizations:ListAccounts

And you will need to create Lambda ENV VARS: Variable Description

S3_BUCKET S3 Bucket to use

SES_SEND Email list to send to (comma separated)

SES_FROM SES Verified Sender Email

SES_REGION SES Region

COST_TAGS List Of Cost Tag Keys (comma separated)

CURRENT_MONTH true / false for if report does current partial month

DAY_MONTH When to schedule a run. 6, for the 6th by default

TAG_KEY Provide tag key e.g. Name

TAG_VALUE_FILTER Provide tag value to filter e.g. Prod*

LAST_MONTH_ONLY Specify true if you wish to generate for only last month

The CloudFormation is a lot easier.......

And you will need to create Lambda ENV VARS:	Variable	Description
S3_BUCKET	S3 Bucket to use
SES_SEND	Email list to send to (comma separated)
SES_FROM	SES Verified Sender Email
SES_REGION	SES Region
COST_TAGS	List Of Cost Tag Keys (comma separated)
CURRENT_MONTH	true / false for if report does current partial month
DAY_MONTH	When to schedule a run. 6, for the 6th by default
TAG_KEY	Provide tag key e.g. Name
TAG_VALUE_FILTER	Provide tag value to filter e.g. Prod*
LAST_MONTH_ONLY	Specify true if you wish to generate for only last month

I understand you use the Lambda ENV VARS. What is " ce:, ses:, s3:, organizations:ListAccounts"?

davfaulk commented 5 years ago

Those are the services needed in the IAM policy

deadislove commented 5 years ago

The radio button below "Select from list" And this will only work in us-east-1. Is that OK?

It is my AWS console screen in us-east-1 region.

davfaulk commented 5 years ago

Yes - click the circle by "Provide a layer version ARN"

davfaulk commented 3 years ago

Updated deploy steps, easy deploy works again.