Taloflow

Welcome to Taloflow's documentation

Taloflow simplifies comparing, managing, and monitoring cloud products.

Full Integration Guide

Learn how to connect Tim to your AWS account. Tim connects to your AWS account through IAM Roles. You'll also need to turn on hourly AWS Expense Reports and forward CloudWatch events to Tim.

Granted Permissions

Taloflow's AWS account will talk to your account through IAM Roles that limit what Tim has access to. Here are some things you should know about the Roles we require:

  • Tim does not become a User within your AWS account.
  • The Role is not authorized to add or modify any code.
  • Tim's event listener is registered to yours so we can listen to specific events.
  • The Role itself is an identity that has the required permissions.
  • The Role is not authorized to read data or even the log files.
  • The Role is not authorized to perform actions.
  • The Cost Report Tim has access can be limited to a sub account's information by following these additional steps.

Prerequisites

You need an AWS Account, but if you happen to lack access to AWS Billing, please ask your AWS administrator to do this for you or ask them to change the permissions for your account before moving on:

1. Log into the IAM Console (https://console.aws.amazon.com/iam/home)
2. Go to **Users** in the left navigation panel,
3. Click on the individual's account
4. In the next screen, select the tab **Attach existing policies directly**
5. Search or filter for **Billing** permissions
6. Select and apply it to the individual's account

Instructions

Step 1: Create a new AWS Cost and Usage Report

🚧

Already have an S3 bucket with AWS Cost and Usage Report history that you want to use?

If you turned this on already, and your AWS Cost and Usage Report is already configured to include hourly reporting, Resource IDs, and GZIP, then you can skip Step 1 and Step 2. Go to Step 3B

  • Sign in to the AWS Management Console and open the Billing and Cost Management console.
  • In the navigation pane to the left, choose Cost & Usage Reports under Cost Management in the left panel, and click Create report.
  • Give your Cost Report a name. For example, general-cost-report.

👍

Please note down the Name of the Cost Report

  • Make sure that both Include resource IDs and Data refresh settings are checked, and click Next

Create report content

  • Under Delivery options, press Configure and create a new bucket and give it whatever name you like.

👍

Please note down the Name AND the Region of the S3 Bucket

  • If you get a prompt to add a Default Bucket Policy, accept it.

❗️

Please ensure you create a top level bucket

Please ensure that you create a new top level bucket for your Cost Reports and that you don't nest a Cost Reports Folder inside another existing folder in your S3 Bucket.

  • Create a Report Path Prefix, for example main.

👍

Please note down the Report Path Prefix

  • Please ensure that you've selected Hourly, GZIP and Create New Report Version in the options, then click Next, then click Review and Complete.

Delivery options page

Step 2: Delete the S3 Bucket Policy

  • Go to the S3 Console.
  • Click on the bucket with the Cost Report. (the one you created in Step 1)
  • Click Permissions, and then Bucket Policy, and click Delete Policy.

🚧

Recommended: Assign a Lifecycle Policy of 5 days to your S3 Bucket

By default, Taloflow stores your past reports so that less recent reports (more than 5 days old) do not increase your bill for S3.

Read more

Step 3A: Run CloudFormation Template (New Bucket)

🚧

Already have an S3 bucket with AWS Cost and Usage Report history that you want to use?

If you are using an existing S3 bucket with prior cost report history, then please follow Step 3B's instructions instead before moving onto Step 4. Go to Step 3B. Do NOT run two different CloudFormation templates.

❗️

Make sure that you are running the CloudFormation template in US East-1 (N. Virginia) or it will not run correctly.

  • In the console, keep both pre-selected options as Template is ready, and Amazon S3 URL, and leave the URL as is, then click Next
  • Recall the names of the S3 Bucket with the Cost Report, the AWS Region where the S3 Bucket is located, and the Report Name and Report Prefix for the Cost Report you just created.
  • For the External ID Field, you can use pretty much any External ID, (e.g.: tim-ext-id).

🚧

Use Prefix only in the Prefix field

Please make sure that you only use the Prefix in the Prefix field (e.g.: main). Not the Prefix + Report Name (e.g.: main/costreport)

🚧

The External ID cannot have the following characters: $, #

  • Click Next
  • On the following page scroll down and click Next again
  • On the following page scroll down, acknowledge that this template might create IAM resources by checking the box, then click Create Stack.
  • In the next page, you will have to wait 2-3 minutes for the stack to get created. You can click the refresh icon in the Console.
  • When all is green, you are ready to go save for one more optional step.

Step 3B: Run CloudFormation Template (Existing Bucket)

🚧

For existing S3 buckets only with cost report history

If you created a new S3 bucket with NO prior cost report history, then please follow Step 3A's instructions instead before moving onto Step 4. Go to Step 3A. Do NOT run two different CloudFormation templates.

❗️

Make sure that you are running the CloudFormation template in US East-1 (N. Virginia) or it will not run correctly.

  • In the console, keep both pre-selected options as Template is ready, and Amazon S3 URL, and leave the URL as is, then click Next
  • Recall the names of the S3 Bucket with the Cost Report, the AWS Region where the S3 Bucket is located, and the Report Name and Report Prefix for the Cost Report you just created.
  • For the External ID Field, you can use pretty much any External ID, (e.g.: tim-ext-id).

🚧

The External ID cannot have the following characters: $, #

  • Click Next
  • On the following page scroll down and click Next again
  • On the following page scroll down, acknowledge that this template might create IAM resources by checking the box, then click Create Stack.
  • In the next page, you will have to wait 2-3 minutes for the stack to get created. You can click the refresh icon in the Console.
  • When all is green, you are ready to go save for one more optional step.

Update Statements in S3 Bucket Policy for Pre-Existing Bucket

Please update the statements in your S3 Bucket Policy by adding the snippet below. This simple change will allow us to Get Object and List Object in the resources that are buckets.

  • Go to the S3 Console.
  • Click on the bucket with the Cost Report. (the one you created in Step 1)
  • Click Permissions, and then Bucket Policy, and update the Policy by adding the Statement
  • Please ensure that you replace the with your account ID, and the (occurs twice) with the name of this S3 Bucket.
{
      "Sid": "Stmt1540642168130",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::<ACCOUNT_ID>:role/taloflowInstructionProcessorRole"
      },
      "Action": [
        "s3:GetObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::<BUCKET_NAME>",
        "arn:aws:s3:::<BUCKET_NAME>/*"
      ]
    }

🚧

Ensure you add commas in between statements for your S3 bucket policy

Step 4: Add Sub Accounts

For every Sub Account that you have within the Master Account, please run the following CloudFormation Stack in each of them so that we can gather tags and other important telemetry from them: link to run the CloudFormation Template on your Sub Account(s) one at a time. Please note this is a different stack than mentioned in Step 3A/3B.

Step 5: Forward CloudWatch Events (Optional)

By default, the CloudFormation Script forwards Events to Tim for only the US-East-1 AWS Region. Forwarding CloudWatch Events for the other regions you use will produce a better Real-time Running Cost. If this is important to you, please repeat the steps below for each CloudWatch region you are in beyond US-East-1. If you have Sub Accounts that you want Real-time Running Cost for, you'll need to repeat these steps.

🚧

Too many Sub Accounts for this step to bother?

If you have a lot of Sub Accounts and regions (e.g.: 3-4 or more), feel free to contact us at [email protected] and we can provide a tailored script that will automate this step.

📘

The forwarded data are the EC2 events, including instance IDs and their state (i.e.: on/off)

  • Go to the CloudWatch Console
  • Click on Rules under Events in the left navigation pane and then click Create rule
  • Under Event Source, make sure that Event Pattern is the selected option.
  • Click Edit in the Event Pattern Preview text area and copy and paste the following snippet into the pop up text area and click Save.
{
  "source": [
    "aws.ec2"
  ],
  "detail-type": [
    "EC2 Instance State-change Notification"
  ]
}
  • To the right of the screen, click Add target
  • In the drop-down selector, scroll down and select Event bus in another AWS account
  • In the Account ID field, add Tim's AWS account ID: 845897643164
  • Just below, please select Use existing role
  • Under Use existing role search and select the taloflowInvokeEventBusRole.
  • Scroll down and click Configure details to move onto the next page.
  • Please give the Rule the name taloflowInvokeEventBusRule and click Create rule

Create Event Bus Rule

Updated 7 months ago


Full Integration Guide


Learn how to connect Tim to your AWS account. Tim connects to your AWS account through IAM Roles. You'll also need to turn on hourly AWS Expense Reports and forward CloudWatch events to Tim.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.