Configure AWS billing correlation

Metering is a deprecated feature. Deprecated functionality is still included in OKD and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments.

For the most recent list of major functionality that has been deprecated or removed within OKD, refer to the Deprecated and removed features section of the OKD release notes.

Metering can correlate cluster usage information with AWS detailed billing information, attaching a dollar amount to resource usage. For clusters running in EC2, you can enable this by modifying the example aws-billing.yaml file below.

  1. apiVersion: metering.openshift.io/v1
  2. kind: MeteringConfig
  3. metadata:
  4. name: "operator-metering"
  5. spec:
  6. openshift-reporting:
  7. spec:
  8. awsBillingReportDataSource:
  9. enabled: true
  10. # Replace these with where your AWS billing reports are
  11. # stored in S3.
  12. bucket: "<your-aws-cost-report-bucket>" (1)
  13. prefix: "<path/to/report>"
  14. region: "<your-buckets-region>"
  15. reporting-operator:
  16. spec:
  17. config:
  18. aws:
  19. secretName: "<your-aws-secret>" (2)
  20. presto:
  21. spec:
  22. config:
  23. aws:
  24. secretName: "<your-aws-secret>" (2)
  25. hive:
  26. spec:
  27. config:
  28. aws:
  29. secretName: "<your-aws-secret>" (2)

To enable AWS billing correlation, first ensure the AWS Cost and Usage Reports are enabled. For more information, see Turning on the AWS Cost and Usage Report in the AWS documentation.

1Update the bucket, prefix, and region to the location of your AWS Detailed billing report.
2All secretName fields should be set to the name of a secret in the metering namespace containing AWS credentials in the data.aws-access-key-id and data.aws-secret-access-key fields. See the example secret file below for more details.
  1. apiVersion: v1
  2. kind: Secret
  3. metadata:
  4. name: <your-aws-secret>
  5. data:
  6. aws-access-key-id: "dGVzdAo="
  7. aws-secret-access-key: "c2VjcmV0Cg=="

To store data in S3, the aws-access-key-id and aws-secret-access-key credentials must have read and write access to the bucket. For an example of an IAM policy granting the required permissions, see the aws/read-write.json file below.

  1. {
  2. "Version": "2012-10-17",
  3. "Statement": [
  4. {
  5. "Sid": "1",
  6. "Effect": "Allow",
  7. "Action": [
  8. "s3:AbortMultipartUpload",
  9. "s3:DeleteObject",
  10. "s3:GetObject",
  11. "s3:HeadBucket",
  12. "s3:ListBucket",
  13. "s3:ListMultipartUploadParts",
  14. "s3:PutObject"
  15. ],
  16. "Resource": [
  17. "arn:aws:s3:::operator-metering-data/*", (1)
  18. "arn:aws:s3:::operator-metering-data" (1)
  19. ]
  20. }
  21. ]
  22. }
  23. {
  24. "Version": "2012-10-17",
  25. "Statement": [
  26. {
  27. "Sid": "1",
  28. "Effect": "Allow",
  29. "Action": [
  30. "s3:AbortMultipartUpload",
  31. "s3:DeleteObject",
  32. "s3:GetObject",
  33. "s3:HeadBucket",
  34. "s3:ListBucket",
  35. "s3:ListMultipartUploadParts",
  36. "s3:PutObject"
  37. ],
  38. "Resource": [
  39. "arn:aws:s3:::operator-metering-data/*", (1)
  40. "arn:aws:s3:::operator-metering-data" (1)
  41. ]
  42. }
  43. ]
  44. }
1Replace operator-metering-data with the name of your bucket.

This can be done either pre-installation or post-installation. Disabling it post-installation can cause errors in the Reporting Operator.