AI Docs

Configuring AWS FOCUS Exports

3 min read

image-20251112-163818.png

Overview

For each management account and standalone account in scope of CerteroX FOCUS Reporting, you will:

  • Configure a Billing and Cost Management data export

  • Configure an S3 bucket to receive the exports

  • Grant Certero read-only access to the bucket

AWS management accounts were formerly referred to as master accounts.

Prerequisites

Certero will provide the following before you begin:

  • Preferred AWS region for the S3 bucket

  • An IAM Role ARN that requires read-only access to the bucket

FOCUS export

  1. In your AWS console, go to Billing and Cost Management.

  2. Click Data Exports in the left menu.

  3. Click Create.

  4. In Export details, select Standard data export.

  5. Set the export name (for example, "cxfocus").

  6. Set Data table content settings to FOCUS with AWS columns.

  7. Set Table content version to FOCUS 1.0.

  8. In Data export delivery options:

    • Set Compression type and file format to Parquet.

    • Set File versioning to Overwrite existing data export file.

S3 bucket

Still in the export creation dialog, configure the destination S3 bucket in the Data export storage section.

Click Configure, then Create a bucket.

S3 bucket names must be globally unique across all AWS accounts. If you are configuring exports for multiple AWS accounts, include an account-specific reference in the bucket name.

Your organization may have its own naming standards. We recommend including your organization name, the purpose of the bucket, and the AWS account. This helps Certero manage your connectivity, especially if you have multiple accounts and exports.

A good bucket name might resemble "acme-cxfocus-prod", where:

  • acme references the company

  • cxfocus references the bucket purpose

  • prod references the AWS account

Set the region to the preferred region provided by Certero. If you cannot use that region, choose one as geographically close to it as possible.

Click Create bucket to return to the export creation dialog.

Now set the S3 path prefix. This defines a subfolder in the bucket that contains the FOCUS data. We recommend a short string that represents the AWS account, for example "prod". If you used the account reference in the bucket name, use the same string as the prefix.

Click Create to finish.

S3 bucket permissions

  1. In your AWS console, go to Amazon S3.

  2. Click on the export bucket you created.

  3. Open the Permissions tab.

  4. Scroll to Bucket policy and click Edit.

Note the Bucket ARN at the top of the page. You will need it in the next step.

At the bottom of the existing policy, click Add new statement. A template statement will appear. Replace it with the following, which grants Certero read-only access to your bucket:

{
"Sid": "CerteroXFocusIngestion",
"Effect": "Allow",
"Principal": {
"AWS": "<ROLE-ARN>"
},
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"<BUCKET-ARN>",
"<BUCKET-ARN>/*"
]
}

Replace <ROLE-ARN> with the IAM Role ARN provided by Certero. Replace <BUCKET-ARN> with your bucket ARN shown at the top of the policy editor.

Click Save changes.

Provide details to Certero

Send your S3 bucket name to your Certero contact.