Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How to track which environment (Dev/Staging/Prod) made a Textract Custom Adapter call and separate costs in a centralized AI Hub account?

0

We have a centralized AI Hub AWS account that hosts all our Amazon Textract Custom Adapters. The AI services only live in this Hub account they are not replicated in other environments.

Our other environments (Dev, Staging, Production) are separate AWS accounts that do not host any AI services. Instead, they make cross-account calls to the Textract service in the AI Hub to process documents using AnalyzeDocument and StartDocumentAnalysis with the Adapters parameter.

The AI Hub has different adapter versions, and each environment calls its assigned version:

  • Dev environment calls adapter version X in the Hub
  • Staging environment calls adapter version Y in the Hub
  • Production environment calls adapter version Z in the Hub

We need to:

  1. Know which environment (Dev, Staging, or Production) made each Textract call
  2. Know which adapter version was used in each call
  3. Separate the costs so that Dev usage is billed to Dev, Staging to Staging, and Production to Production even though all calls are processed in the same Hub account

Our questions:

  1. Can we pass custom tags (e.g., environment=production, project=doc-reader) with each AnalyzeDocument or StartDocumentAnalysis call so the costs appear separated by environment in AWS Cost Explorer?

  2. If per-request tagging is not supported, what is the recommended approach to achieve cost segregation by calling environment within a single Textract account?

  3. Can we use the IAM role that each environment assumes (via cross-account access) to differentiate costs? For example, if Dev uses role-dev and Prod uses role-prod, would costs be attributable to each role?

  4. Does CloudTrail log which cross-account role and adapter version was used in each call, so we can at least build our own cost attribution after the fact?

This is a key requirement for our architecture decision. Any guidance would be appreciated. Thanks!

Topics
Cloud Financial ManagementManagement & GovernanceMachine Learning & AISecurity, Identity, & Compliance
Tags
Amazon TextractAWS Cost ExplorerAWS Identity and Access ManagementAWS CloudTrail
Language
English
asked 2 months ago56 views
1 Answer
0

Based on the current capabilities of Amazon Textract, here's guidance for your centralized AI Hub architecture:

1. Per-Request Tagging for Cost Allocation

Unfortunately, Amazon Textract does not currently support passing custom cost allocation tags with individual API calls like AnalyzeDocument or StartDocumentAnalysis. Unlike some AWS services that support invocation-level tagging, Textract doesn't have this capability at the request level, so you cannot directly tag each call with environment or project identifiers for automatic cost segregation in AWS Cost Explorer.

2. Recommended Approaches for Cost Segregation

Since per-request tagging isn't available, here are alternative approaches:

  • CloudTrail-Based Cost Attribution: You can build a custom cost attribution system using CloudTrail logs. CloudTrail logs all Textract API calls including AnalyzeDocument, StartDocumentAnalysis, GetDocumentAnalysis, StartDocumentTextDetection, and GetDocumentTextDetection operations. These logs capture the requesting identity, timestamp, source IP address, and request parameters.

  • IAM Role-Based Tracking: The CloudTrail logs contain identity information that shows whether the request was made with root or user credentials, temporary security credentials for a role or federated user, and other identity details. This means you can identify which cross-account role (role-dev, role-staging, role-prod) made each request.

3. Using IAM Roles for Cost Differentiation

While AWS Cost Explorer won't automatically break down costs by the IAM role used in cross-account calls, you can leverage the role information from CloudTrail logs to build your own cost attribution model. The role assumption is logged, allowing you to correlate which environment made each call, but this requires post-processing rather than native cost allocation.

4. CloudTrail Logging Capabilities

Yes, CloudTrail does log the information you need:

  • The cross-account role used (captured in the identity information)
  • Request parameters, which would include the Adapters parameter specifying which adapter version was used
  • Timestamp and other request details

Note that for privacy reasons, certain request parameters like image bytes aren't logged, but the adapter version parameter should be captured.

Building a Custom Solution

To achieve your cost segregation goals, you'll need to:

  1. Enable CloudTrail logging for your AI Hub account
  2. Parse CloudTrail logs to extract: the IAM role/identity used, the adapter version from request parameters, and the operation type and timestamp
  3. Correlate this with AWS Cost and Usage Reports to calculate costs per environment
  4. Build custom dashboards or reports that attribute costs based on the calling role and adapter version

You can also use CloudWatch metrics to monitor request counts and patterns by operation type, which can supplement your cost analysis, though this won't directly provide cost allocation by environment.

This approach requires more manual effort than native tagging support, but it will give you the detailed cost attribution you need for your centralized AI Hub architecture.
Sources
Logging Amazon Textract API Calls with AWS CloudTrail - Amazon Textract
Monitoring Amazon Textract - Amazon Textract

answered 2 months ago
EXPERT
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content