Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

codecommit pricing question (multiple roles for each IAM User)

0

my client has around 400 repositories, there are 2 roles for each repository (so around 800 roles), the client has 700 users (so 700 IAM users) that access these repos, on average each user access around 7-8 repos, so each user reach these repos with around 15 different roles. it's unclear to me how the pricing apply.. is my client going to pay for 700 users, or is going to pay for 700 users * 15 average roles = 10,500 ??

thanks.

Themen
EntwicklertoolsCloud-Finanzmanagement
Tags
AWS CodeCommitPreisgestaltung
Sprache
English
profile pictureAWS
Antonio Aga Rossi
gefragt vor 2 Jahren305 Aufrufe
2 Antworten
0
Akzeptierte Antwort

Dear Corey, My client (I'm an AWS SA) went live and after a deep dive with the service team we clarified the cost.

The bottom line:

  • if they use IAM they pay for Users not by role
  • for federated users, If the customer is using these APIs to obtain credentials, then is one user per role:
    • assume-role
    • get-federation-token
  • If the customer is using any of these APIs to obtain credentials, then the number of users depends on attributes made within their API request.
    • assume-role-with-saml
    • assume-role-with-web-identity

in this case if the Saml data contains a subject which contains a name identifier (e.g., name.lastname@myclient.com). this means that the bill would be based on the number of unique SAML users who assume roles and use CodeCommit (not based on the number of roles they assume).

Bottom line, the last case is the most common one and my customer is paying for each user, despite the number of roles they assume.

Antonio

profile pictureAWS
Antonio Aga Rossi
beantwortet vor einem Jahr
0

The bad answer ($10,500), and it also gets worse: if other identities (EC2 instances via instance roles, other AWS services integrated with CodeCommit, etc) are making git / CLI / API requests to CodeCommit, they count as an active user for that month.

As per the pricing docs:

An active user is any unique AWS identity (IAM user/role, federated user, or root account) that accesses AWS CodeCommit repositories during the month, either through Git requests or by using the AWS Management Console, AWS CLI or AWS SDKs. AWS identities that are created through your use of other AWS Services, such as AWS CodeBuild and AWS CodePipeline, as well as servers accessing CodeCommit using a unique AWS identity, count as active users. There is no charge for a user if that user does not access AWS CodeCommit during the month. Storage includes the full space required to retain the repository data.

profile picture
QuinnyPig
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt