AWS FinOps Onboarding

Decisions to Make

Report Format

• Legacy CUR Export

• Focus 1.0 (Standard Data Export)

Report Source

• Existing Report

• New Report

IAM Role

• Use Existing IAM Role

• Create via CloudFormation

• Create Manually

Summary

Sedai’s AWS FinOps Onboarding swiftly ingests your AWS Cost & Usage Reports (CSV/gzip/zip), converting raw billing data into AI-driven spend insights and automated savings recommendations—just choose your report format and source to start optimizing

💡 Reports format: CSV

💡 Supported compression: gzip & zip

1. Prerequisites

Data Organization: Data for each month should be in the following structure: This structure aligns with how AWS currently dumps the data by default, helping us keep things organized.

• <path_prefix>/<export_name>/<month_range>/<<data_files>>, <<manifest>>

Ensure your IAM role includes the following permissions:

• Billing API permissions: savingplans:DescribeSavingsPlans ce:GetReservationCoverage ce:GetReservationPurchaseRecommendation ce:GetReservationUtilization ce:GetSavingsPlanPurchaseRecommendationDetails ce:GetSavingsPlansCoverage ce:GetSavingsPlansPurchaseRecommendation ce:GetSavingsPlansUtilization ce:GetSavingsPlansUtilizationDetails

• S3 permissions: s3:Get* s3:List*

• Invocation pattern: Periodic

2. Add FinOps Billing Account Integration

1. In Sedai console, go to

Settings → Integrations →

Add Integration →

Billing Account → AWS.

2. Select Report Format

• As of today, Sedai prefers Legacy CUR Export because it contains more data for calculating discounts.

• Focus 1.0 with AWS Columns standard is still evolving as it adds more columns related to calculating discounts for various services; it would be a viable option to choose this.

3. Choose between Existing or New report

💡 If you’re choosing an existing report please make sure that the above prerequisites constraints are satisfied.

❓ Finding a report in AWS Console

4. Add Policy

1. Use Existing IAM Role (💡Verify role meets all prerequisites)

2. Create New IAM Role

5. Enter Role ARN and S3 bucket info

After completion, copy and paste the Role ARN back into Sedai.

Enter the bucket name, region and report path prefix.

❓Finding a report path prefix

6. Test & Save

1. Update Account Nickname and Click Test Connection

2. On successful test, click Save Integration.

3. If errors, correct settings and retry.

🏁 Sedai will start collecting the data from the specified S3 and the API and after a few hours you should be able to see the data in the Cost Observability dashboard in Sedai console.

3. Quick Resource Guide

3.1 Create IAM Role

3.1.1 Create via CloudFormation

1. After clicking "No, Create a new IAM Role" during the Billing Account Integration Step 3 (Policy)

   • Click Next → Then Launch CloudFormation

💡In AWS, create the stack by giving relevant details. After creating the stack CloudFormation will automatically create the specified resources and give the role ARN as the output, in the output tab.

1. After completion, copy and paste the Role ARN back into Sedai.

3.1.2 Create Manually

1. Open AWS console and goto IAM Dashboard

2. Go to Roles in the left sidebar

3. Click on Create role

   
4. Select Trusted entity type as AWS account

5. In the section below choose Another AWS account

6. Enter Sedai’s AWS Account ID: 504216784688

Optional: If you want to add an external id, check Require external ID checkbox. Generate a random password and paste it there

1. Click Next, you will be directed to policy selection page

2. If you’ve already created the policy, add the policy to this role

3. Click Next, you will be directed to review and create page

4. Give a name to the role

5. Click Create role

3.2 Finding an existing report in AWS console

1. Go to Data exports in AWS Console

2. Find a report type as per your selection in Step 1:

   • For Legacy export: Export type will be Legacy CUR export

   • For Focus export: Export type will be Standard data export with data table as FOCUS 1.0 with AWS columns

3. Open the export and there you can see the S3 bucket in which the data will be dumped

3.3 How to find the report path prefix?

If you’ve created a new bucket the bucket path prefix should be visible in the Data export under Delivery and storage option, or while creating the data export you will specify the export prefix.

If you have an existing bucket the path prefix should be pointing to this directory, in this example the prefix is, costandusage/resource

3.4 Attaching policy to Role ARN

1. Open AWS console and goto IAM Dashboard

2. Goto Roles in the left sidebar

3. Find and open the role that you want to attach the policy

4. Click on Add permissions drop down and select Attach policies

5. Select the policy that was created in the above section and click on Add permissions

3.5 Backfill Request Template