Archive
Highlighted

Splunk App for AWS - Billing by Account without corpkey

New Member

Hi , Is there a way to make Billing by Account dashboard to work without configuring the corpkey? I have configured a subaccount under the [Keys] section.

This is what my aws.conf in SPLUNK_HOME/etc/apps/SplunkAppforAWS/local looks like:

# all this three stanzas are required, in order to run AWS App.

[keys]

# At least one entry required for this stanza

# Format : 
# <accountno> = <company/group name without space> <aws-access-key> <aws-secret-key> <monthly spend limit for this account>

#1122334455 = mycomapny-name AAAAAAAAAAAAAAAAAAAA +++++BBBBBBBBBBBBBBBBBB/BBBB   10000
12_digit_Account_Number = my_company_name my_aws_access_key my_secret_key 10000

[regions]

# At least one entry required for this stanza

rgn1 = eu-west-1
rgn2 = sa-east-1
rgn3 = us-east-1
rgn4 = ap-northeast-1
rgn5 = us-west-2
rgn6 = us-west-1
rgn7 = ap-southeast-1
rgn8 = ap-southeast-2

[misc]

# Format :

# corpkey = <company name/corp account name without space> <aws-access-key> <aws-secret-key>
#corpkey = mycompany AAAAAAAAAA  BBBBBBBBBBBBBBBBBBBB

# acno is corp account number for AWS
acno = 12_digit_Account_Number
# s3bucket is bucket name where AWS bill csv files will be dropped
s3bucket = my_s3_bucket

index=aws-data
sourcetype=aws-data
source=aws-instances (for instances data)
source=aws-bill (for billing data)

With the above configuration, the "Instance Usage - by Account" dashboard is working but the "Billing - by Account" dashboard panels report: "No results found"
I dont want to expose the corporate account details in this file.
Please suggest any alternatives if available.

Tags (2)
0 Karma
Highlighted

Re: Splunk App for AWS - Billing by Account without corpkey

Explorer

In case this has not been resolved, I think what you need is (assuming you handle your own billing instead of rolling up the billing to a consolidated account):

  1. Enable AWS programmatic detailed billing. The service delivers detailed billing to a S3 bucket in your account
  2. Create an IAM user to give the S3 bucket read permission
  3. Use the IAM user's key and key secret in [misc] section, corpkey configuration line

If you use consolidated billing, then you need to do this in the payer's account - enable CSV file deliery and create IAM user to read the S3 bucket in that account.

Hope this helps,
Xueshan

0 Karma