How to use the AWS CLI to collect Cost Explorer Forecasting data per account for all accounts in an AWS Organization

3분 분량
콘텐츠 수준: 기초
2

At the time of this writing, Cost Explorer forecasting does not support the “Group By” feature used to obtain data grouped in different dimensions. Manually obtaining the data per AWS Account on the AWS console requires using the Filter option to filter one account at a time. This article covers the AWS CLI commands and a simple bash script that can be used to gather that information.

This script was tested using AWS Cloud9 configured with an IAM Role that has sufficient permissions to list AWS Organization accounts and perform Cost Explorer actions. Please keep in mind that calls to the Cost Explorer API are paid as per https://aws.amazon.com/aws-cost-management/aws-cost-explorer/pricing/ .

AWS CLI commands used:

The script will:

  • Read all accounts in the AWS Organization into in-memory array.
  • Iterate through the account array.
    • Build and issue individual get-cost-forecast API calls.
  • Filter the JSON response to extract the USD Amount.
  • Output results to both console and file.

IAM Policy to attach to the IAM Identity used to run the script:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "GetOrgCEForecast",
            "Effect": "Allow",
            "Action": [
                "organizations:ListAccounts",
                "ce:GetCostForecast"
            ],
            "Resource": "*"
        }
    ]
}

Bash Script code:

#! /bin/bash
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy of
# this software and associated documentation files (the "Software"), to deal in
# the Software without restriction, including without limitation the rights to
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
# the Software, and to permit persons to whom the Software is furnished to do so.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

# Script Variables
_OUTPUT_FILE='forecast-per-account.tsv'
_TIME_PERIOD_CURR_MONTH="Start="$(date '+%Y-%m-%d')",End="$(date -d '+1 month' '+%Y-%m')"-01"
_TIME_PERIOD=${_TIME_PERIOD_CURR_MONTH}
# Uncomment the next line and change the month and year to obtain
# the forecast for a specific month. Note that the start date should 
# be the first day of the month (included) and the end data should be
# the first day of the following month (excluded)

#_TIME_PERIOD="Start=2023-07-01,End=2023-08-01" # manually set

echo "Date: "${_TIME_PERIOD} > ${_OUTPUT_FILE}; echo " " >> ${_OUTPUT_FILE}
echo "Date: "${_TIME_PERIOD}
echo -e "AWSAccountID\tForecast" >> ${_OUTPUT_FILE}
echo -e "AWSAccountID\tForecast"

IFS=$'\t' read -r -d '' -a _AWS_ACCOUNTS < <( aws organizations list-accounts --query 'Accounts[].Id' --output text );\
for _ACCOUNT_ID in ${_AWS_ACCOUNTS[*]} 
do
 _FILTER='{"Dimensions":{"Key":"LINKED_ACCOUNT","Values":["'${_ACCOUNT_ID}'"]}}'
 _FC_AMOUNT=$(aws ce get-cost-forecast \
    --granularity MONTHLY \
    --time-period "${_TIME_PERIOD}" \
    --metric "UNBLENDED_COST" \
    --filter "${_FILTER}" \
    --output text \
    --query 'Total.Amount')
  echo -e ${_ACCOUNT_ID}"\t"${_FC_AMOUNT}
  echo -e ${_ACCOUNT_ID}"\t"${_FC_AMOUNT} >> ${_OUTPUT_FILE}
done

Save the script on a Linux machine that has the AWS CLI installed. Configure your AWS CLI to use an IAM identity with the IAM policy provided. Use bash scriptname.sh to run the script.

profile pictureAWS
전문가
게시됨 일 년 전3546회 조회
댓글 없음

관련 콘텐츠