search

vantage-sh / terraform-provider-vantage

Terraform Modules for integrating AWS with Vantage
https://registry.terraform.io/modules/vantage-sh/vantage-integration/aws/latest
MIT License
7 stars 4 forks source link

Saved filter doesn't support Cloudtrail #74

Open KatieGou opened 2 days ago

KatieGou commented 2 days ago

I want to add a statement to exclude Cloudtrail costs with costs.service != 'AWS CloudTrail', but it does changes to all the current filters. However, I was able to do it in the webpage by clicking.

The tf code: 

resource "vantage_saved_filter" "playgroundtech_saved_filter" {
  count           = var.enable_cost_reports ? 1 : 0
  title           = "Playground Tech - filter"
  filter          = <<EOF
  costs.provider = 'aws' AND costs.service != 'Vantage Cloud Cost Platform' AND costs.provider = 'aws'
  AND costs.service != 'Vantage Cloud Cost Platform - Enterprise' AND costs.provider = 'aws' AND tags.name = 'pgt'
  AND tags.value != 'playground-tech' AND costs.provider = 'aws'
  AND costs.service = 'AmazonCloudWatch' AND costs.resource_id != 'arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:playground-tech-mgmt-acc-cloudtrail-log-group:log-stream:'
  AND costs.resource_id != 'arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:playground-tech-mgmt-acc-cloudtrail-log-group'
  AND costs.resource_id != 'arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:playground-tech-org-cloudtrail-log-group:log-stream:'
  ${length(var.alternative_region) > 0 ? "AND costs.resource_id != 'arn:aws:logs:${var.alternative_region}:${data.aws_caller_identity.current.account_id}:log-group:playground-tech-org-cloudtrail-log-group:log-stream:'" : ""}
  AND costs.service != 'AWS CloudTrail'
  EOF
  workspace_token = var.vantage_workspace_token
}

Once AND costs.service != 'AWS CloudTrail' is added, it will change my filter from

image

to

image

It's an urgent issue since we are doing finops for our customers. Could you look into it as soon as possible?

brookemckim commented 2 days ago

@KatieGou you need to be using parentheses for the groupings.

Something similar to:

AND (costs.service = 'AmazonCloudWatch' AND costs.resource_id != 'arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:playground-tech-mgmt-acc-cloudtrail-log-group:log-stream:'
  AND costs.resource_id != 'arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:playground-tech-mgmt-acc-cloudtrail-log-group') AND costs.service != 'AWS Cloudtrail'
KatieGou commented 2 days ago

@brookemckim I updated the filter so it's like this

resource "vantage_saved_filter" "playgroundtech_saved_filter" {
  count           = var.enable_cost_reports ? 1 : 0
  title           = "Playground Tech - filter"
  filter          = <<EOF
  (costs.provider = 'aws' AND (tags.name = 'pgt' AND tags.value != 'playground-tech')) AND (costs.provider = 'aws' AND (costs.service = 'AmazonCloudWatch' AND costs.resource_id != 'arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:playground-tech-mgmt-acc-cloudtrail-log-group:log-stream:')) AND (costs.provider = 'aws' AND (costs.service = 'AmazonCloudWatch' AND costs.resource_id != 'arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:playground-tech-mgmt-acc-cloudtrail-log-group')) AND (costs.provider = 'aws' AND (costs.service = 'AmazonCloudWatch' AND costs.resource_id != 'arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:playground-tech-org-cloudtrail-log-group:log-stream:')) AND (costs.provider = 'aws' AND costs.service != 'AWS CloudTrail')
  EOF
  workspace_token = var.vantage_workspace_token
}

but it still results in

image
brookemckim commented 1 day ago

Thanks @KatieGou I am able to reproduce and have filed an issue with the team. I will keep you updated.