Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How to attribute Textract API call costs (AnalyzeDocument / StartDocumentAnalysis) to different environments for chargeback in a centralized account?

0

We are using Amazon Textract Custom Adapters for document processing in a financial institution. We have a centralized AI Hub AWS account that hosts all Textract adapters. The AI services only exist in this Hub account they are not replicated in other environments.

Our other environments (Dev, QA, Staging, Production) are separate AWS accounts that do not host any Textract resources. Instead, they make cross-account calls to the Hub by assuming IAM roles in the Hub account to process documents using AnalyzeDocument and StartDocumentAnalysis with the Adapters parameter.

This means all Textract costs are incurred in the Hub account, not in the calling accounts.

Our goal is to attribute (chargeback) Textract costs to the correct environment and project, even though all usage happens in a single account.

The problem we found:

After reviewing the API documentation, we confirmed that AnalyzeDocument and StartDocumentAnalysis do not support a Tags parameter on individual API calls. The standard Tags (key-value) mechanism only applies at the resource level (the adapter ARN) during creation, not per request. This means we cannot use Cost Allocation Tags on individual Textract calls to separate costs in AWS Cost Explorer.

Our architecture:

  • One centralized AI Hub account hosts all Textract Custom Adapters
  • Different adapter versions exist for each environment (Dev, QA, Staging, Production)
  • Applications in each environment assume a cross-account IAM role in the Hub (e.g., role-dev, role-staging, role-prod) to call Textract
  • All costs appear on the Hub account's bill
  • We need to know which environment made each call and separate the costs accordingly

Our questions:

  1. Is there any mechanism (perhaps undocumented, through headers, or another approach) to pass Cost Allocation Tags on individual Textract API calls so they appear in Cost Explorer?

  2. When an external account (e.g., Dev) assumes a role in the Hub account and calls Textract, does the identity of the calling account appear as a dimension in the Cost & Usage Reports for the Hub account? Can we filter or group Textract costs in Cost Explorer by the external account that originated the call? Or is this only visible through CloudTrail?

  3. If native cost tools cannot distinguish by calling environment, what is the AWS recommended best practice for granular cost tracking by environment and project for Textract usage within a single centralized account?

  4. Does CloudTrail log the assumed role identity and adapter version for each AnalyzeDocument / StartDocumentAnalysis call? If so, can we use CloudTrail + Athena to build cost attribution externally?

  5. Is per-request tagging for Textract API calls on the AWS roadmap?

This is a critical requirement for our architecture decision. We need to confirm that cost segregation is achievable in a centralized account before committing to this approach.

Thank you.

Topics
Cloud Financial ManagementManagement & GovernanceMachine Learning & AISecurity, Identity, & Compliance
Tags
Amazon TextractAWS Cost ExplorerAWS Identity and Access ManagementAWS CloudTrail
Language
English
asked 2 months ago61 views
1 Answer
1

Based on AWS cost management best practices, here are answers to your questions about attributing Textract costs in a centralized account architecture:

1. Per-request Cost Allocation Tags for Textract API calls: Unfortunately, there is no mechanism to pass Cost Allocation Tags on individual Textract API calls. The tagging capability exists only at the resource level (adapter ARN) during creation, not per API request. This limitation means you cannot directly use tags in Cost Explorer to separate costs by individual API calls.

2. Cross-account identity in Cost & Usage Reports: When external accounts assume roles in your Hub account to call Textract, the calling account identity does not automatically appear as a cost dimension in the Cost and Usage Reports or Cost Explorer for the Hub account. The costs are attributed to the Hub account where the resources exist and where the API calls are executed, not to the originating account. This information would only be visible through CloudTrail logs, not in native cost reporting tools.

3. AWS recommended best practices for granular cost tracking: For your centralized account scenario, AWS recommends implementing a chargeback strategy using AWS Cost and Usage Reports combined with Amazon Athena. Since you have different adapter versions for each environment and separate IAM roles per environment (role-dev, role-staging, role-prod), you can:

  • Use CloudTrail to capture the assumed role identity and adapter ARN for each API call
  • Export this data to Amazon Athena for analysis
  • Correlate CloudTrail data with Cost and Usage Reports to build a custom chargeback model
  • Calculate and allocate costs based on the assumed role identity and adapter version used

This approach allows you to accurately calculate and allocate monthly charges across your different environments and track cost savings for each individual environment, even when all costs are incurred in a single centralized account.

4. CloudTrail logging for cost attribution: Yes, CloudTrail does log the assumed role identity and adapter version (via the Adapters parameter) for each AnalyzeDocument and StartDocumentAnalysis call. The CloudTrail events will show:

  • The assumed role ARN (userIdentity.sessionContext.sessionIssuer.arn)
  • The adapter ARN used in the request
  • Timestamp and request parameters

You can use CloudTrail combined with Athena to build an external cost attribution model by:

  • Querying CloudTrail logs to count API calls per assumed role and adapter
  • Joining this usage data with Cost and Usage Reports
  • Calculating proportional cost allocation based on usage patterns

5. Future roadmap for per-request tagging: Information about future AWS feature releases and roadmap items is not publicly disclosed. For the most current capabilities and any updates to Textract's tagging functionality, you should consult with your AWS account team or Technical Account Manager.

Recommended Implementation Approach: Given your architecture, the most effective solution is to implement a custom chargeback model using:

  • CloudTrail for capturing assumed role identity and adapter usage per API call
  • Cost and Usage Reports for actual Textract costs in the Hub account
  • Amazon Athena to query and correlate CloudTrail data with cost data
  • A proportional allocation method to distribute costs based on usage by each environment's assumed role

This approach provides accurate cost allocation and visibility into usage patterns across your different environments, even though all resources and costs exist in the centralized Hub account. AWS Support and Technical Account Managers can provide guidance on implementing this chargeback strategy effectively for your specific use case.
Sources
Implementing an effective chargeback strategy with Savings Plans | AWS re:Post
Improve Cost Visibility and Observability with AWS Cost Categories – Part 1: Fundamentals and Basic Grouping Techniques | AWS Cloud Financial Management
COST06-BP04 Consider using shared resources - AWS Well-Architected Framework

answered 2 months ago
EXPERT
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content