Closed davidkelliott closed 2 weeks ago
dms1981
commented
4 months ago We think this is probably best handled through integrating the MOJ Master account (organizational root) with observability platform, but we have a lot of unknowns here along the way to a defined outcome.
sukeshreddyg
commented
3 months ago One approach is to:
However, there are a few questions regarding this implementation:
ASTRobinson
commented
3 months ago I have raised a question on the #ask-obervability-platform channel if this setup & configuration is feasible: https://aws.amazon.com/blogs/mt/visualize-and-gain-insights-into-your-aws-cost-and-usage-with-amazon-managed-grafana/
also I have imported two billing dashboards which can used with the current data sources (our core-accounts) to see costs across the different services in AWS.
https://g-9d213fbc19.grafana-workspace.eu-west-2.amazonaws.com/d/AWSBilling/aws-billing-1?orgId=1 https://g-9d213fbc19.grafana-workspace.eu-west-2.amazonaws.com/d/AWSBillin/aws-billing-2?orgId=1
ASTRobinson
commented
3 months ago threat started in the #ask-obervability-platform https://mojdt.slack.com/archives/C05QXHR697S/p1722330176200169 proposing setup and configuration of a billing dashboard using a AWS Cost and Usage Report (CUR) with Athena data source as detailed in this article (https://aws.amazon.com/blogs/mt/visualize-and-gain-insights-into-your-aws-cost-and-usage-with-amazon-managed-grafana/).
I believe Jacob might already be investigating a similar solution, not sure if this should be moved to blocked until obs-plat have investigated or could be placed back into to do as Sukesh might interested in this ticket? Otherwise, I can resume working upon my return from annual leave.
ASTRobinson
commented
2 months ago Meeting arranged with Jacob @ 14:00 on 22/08
ASTRobinson
commented
2 months ago following the meeting with Jacob & Gary we have come up with the following potential solution:
ASTRobinson
commented
2 months ago core-billing account has been created: https://github.com/ministryofjustice/modernisation-platform/pull/7763
Observability Platform tenant onboarding has been started: https://github.com/ministryofjustice/modernisation-platform/pull/7775
ASTRobinson
commented
2 months ago I have been working on a cross-account replication module that I hope to add to https://github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket but I haven't quite got there yet (working through some issues and figuring out testing). I have also spoken with the Observability platform team regarding the configuration of the Athena data source for use in our core-logging environment, I will be parking the replication module while I focus on this tomorrow and hopefully will be able to get something up in Grafana.
ASTRobinson
commented
2 months ago PR raised to create an S3 bucket and associated roles/polices https://github.com/ministryofjustice/modernisation-platform/pull/7914 in core-logging.
ASTRobinson
commented
1 month ago work in progress to add Athena data source in observability platform: https://github.com/ministryofjustice/modernisation-platform-environments/tree/obs-plat/athena-datasource
also in progress is an update to the tenant to switch on the Athena data: https://github.com/ministryofjustice/terraform-aws-observability-platform-tenant/pull/52
(FYI: issue also raised on analytical-platform to track athena request: https://github.com/ministryofjustice/analytical-platform/issues/5382)
ASTRobinson
commented
1 month ago Athena polices updated and moj cost usage reports bucketed created in core-logging https://github.com/ministryofjustice/modernisation-platform/pull/8121
ASTRobinson
commented
1 month ago updated diagram, work still in progress
ASTRobinson
commented
1 month ago PR raised in the root account to enable S3 cross-account replication - https://github.com/ministryofjustice/aws-root-account/pull/1010
ASTRobinson
commented
2 weeks ago The setup for querying the AWS Cost and Usage Report (CUR) from Grafana using Athena is complete.
S3 Bucket & Replication: A central S3 bucket hosts the CUR (moj master account), with replication enabled to the core-logging account, allowing Grafana to access and query the CUR data via Athena.
Athena Workgroup & IAM Policies: Athena workgroups were created, and IAM policies were configured to ensure secure, cross-account access between Grafana and Athena. This includes permissions for the glue.amazonaws.com, lambda.amazonaws.com, and logs.amazonaws.com services.
Data Refresh & Security: A Lambda function was deployed to trigger updates via AWS Glue Crawler, using KMS-encrypted CloudWatch logs and SSE-KMS for S3 and Glue resources.
Testing & Verification: Verified data retrieval by running sample CUR queries in Grafana via Athena, ensuring data consistency and appropriate permissions.
CUR Dashboard can be found here: https://g-9d213fbc19.grafana-workspace.eu-west-2.amazonaws.com/d/be1r6gxhztzi8d/athena-cost-and-usage-report/
ASTRobinson
commented
2 weeks ago User documentation page created as per feedback from stand up this morning: https://user-guide.modernisation-platform.service.justice.gov.uk/user-guide/cost-metrics.html#cost-metrics
moving across for review/closure
markgov
commented
2 weeks ago All aspects of the ticket have been complete
User Story
As an MP Product manager, service owner and MP user I want to view platform costs in total, broken down into sensible categories (TBC as part of issue) So that I can use the data to drive cost savings
Value / Purpose
Replace a manual process of cost metrics with automated dashboards which are easily accessible to mp PM and service owner to view their cost metrics.
Useful Contacts
No response
Additional Information
When doing this work it would be beneficial to do it at an AWS org level, so that we could also monitor total AWS spend, off platform AWS spend, platforms AWS spend, and application AWS spend in future issues.
Proposal / Unknowns
Not sure where this should be done - maybe in the MOJ Master Account?
Definition of Done