Configuring AWS FOCUS Exports
Configuring Azure FOCUS Data Exports for CerteroX
Overview
For each management account and standalone account in scope of CerteroX FOCUS reporting, you will:
Configure a Billing and Cost Management data export
Configure an S3 bucket to receive the exports
Provide bucket access to Certero
AWS management accounts were formally referred to as master accounts
Prerequisites
Certero will provide the following information for the configuration:
Preferred AWS region for the FOCUS export S3 bucket
User ARN that requires read-only access to the S3 bucket
Role ARN that requires read-only access to the S3 bucket
FOCUS Export
In your AWS web console, go to Billing and Cost Management
Click Data Exports in the left-hand menu
Click Create, to open the export creation dialog
In Export details chose Standard data export
Set the export name, for example “cxfocus”
Set Data table content settings to FOCUS with AWS columns
Set Table content version to FOCUS 1.0
In Data export delivery options, ensure
Compression type and file format is set to Parquet
File versioning is set to Overwrite existing data export file
S3 Bucket
Still in the export creation dialog, we will configure the destination S3 bucket in the Data export storage section.
Click Configure, then Create a bucket
When choosing a bucket name, remember that bucket names need to be globally unique, because AWS customers share the same namespace. This means that if you are configuring exports for multiple AWS accounts, your S3 bucket names will likely be differentiated by including an account-specific reference in the bucket names.
Your organization may have its own bucket naming standards however we recommend including strings that represent your organization name, the purpose of the bucket, and the AWS account in which the export is configured.
Including these topics in the bucket name helps us manage your CerteroX connectivity, especially if you have multiple accounts and exports.
A good bucket name might resemble “cert-cxfocus-prod”, where:
cert references the company
cxfocus references the bucket purpose
prod references the AWS account
You now specify a region where the bucket will be hosted. For best performance, please set this to the preferred region provided by Certero. If you can't operate in that region, ideally choose one as geographically or logically close to our preference as possible.
Choose Create bucket, which returns you to the Create export dialog.
Now set the mandatory S3 path prefix. This defines a subfolder in the S3 bucket that contains the FOCUS data. Consider using a short string that represents the AWS account in which you are configuring the export. If you have referenced the account name in the bucket name, then we recommend using the same reference as the prefix.
Putting it all together, here’s our example S3 bucket name and prefix:
Create the export by scrolling down and clicking Create.
S3 Bucket Permissions
Now in your AWS console, go to Amazon S3
Identify and click on the new export bucket in the list of general purpose buckets
Open the Permissions tab, scroll down to the Bucket policy and click Edit
Take a note of the Bucket ARN at the top. You will use this shortly. You'll also provide it to Certero so that we can find your S3 bucket.
At the bottom of the policy code, click on Add new statement
A statement template will appear:
Replace that (above) with the statements below. These provide read-only access to a CerteroX user and role that we create specifically for your implementation.
We will provide the correct role and user ARNs for your implementation which replace the roleARN and userARN placeholders in the code below.
Also replace the bucketARN placeholders with your new FOCUS export S3 bucket ARN that you noted previously and will see further up in the default policy.
Scroll to the bottom of the screen and choose Save changes.
Finally
Provide these to Certero:
S3 bucket ARN
S3 bucket name