search

hystax / optscale

FinOps and cloud cost optimization tool. Supports AWS, Azure, GCP, Alibaba Cloud and Kubernetes.
https://hystax.com
Apache License 2.0
1.11k stars 156 forks source link

In sandbox >> Cost Comparison from where credentials are being fetched to get cost data #322

Closed saileshsp closed 7 hours ago

saileshsp commented 2 weeks ago

Hi for me in Cost comparison tab not able to fetch data getting this below error in AWS Invalid credentials: AWS was not able to validate the provided access credentials andfor azure this Invalid credentials: Specified tenant identifier 'tenant' is neither a valid DNS name, nor a valid external domain

from where they are fetching this credentials wanted to know so that i can update , my data source connections are working fine only in cost comparision facing this issue

tm-hystax commented 2 weeks ago

Hi!

Cost Comparison uses service credentials that you specified in the file https://github.com/hystax/optscale/blob/integration/optscale-deploy/overlay/user_template.yml when deploying OptScale (service_credentials section).

These credentials are necessary to receive pricing information from clouds.

Your problems:

  1. AWS - most likely the user listed in service_credentials section does not have enough permissions to get priсing. As a start point you can use the following default policies combination - AmazonEC2ReadOnlyAccess and AWSPriceListServiceFullAccess. The policies can be added as follows:
    • Open AWS Cloud Console
    • Select IAM section
    • Select user whose keys you specified in fields access_key_id and secret_access_key 
      # service credentials for getting pricing information from the different clouds
# recommendations will not work without this
service_credentials:
  aws:
    access_key_id: accesskeyid
    secret_access_key: secretaccesskey
      • Add AmazonEC2ReadOnlyAccess and AWSPriceListServiceFullAccess policies for selected user
      • If you changed policies, then restart insider-api pod.
  2. Azure - service credentials for Azure contain an error in tenant field. You can see how to identify tenant into documentation > Data Source Connection > Connecting an Azure account to OptScale.

To change service credentials:

  1. Change service scredentials into your own user_template.yml file
  2. Execute command 
    ./runkube.py --with-elk  -o overlay/<new user_template.yml file> -- <deployment name> <your OptScale version>

    Alternatively you may change service credentials in etcd directly using:

    kubectl exec -it etcd-0 —etcd-walker