Getting started with Application Cost Profiler - Application Cost Profiler

Getting started with Application Cost Profiler

AWS Application Cost Profiler helps you get cost information about your AWS resources by reporting resource usage by tenant, rather than for the resource as a whole. A tenant can be a user, a group of users, or a project. Make sure that you can identify your resource usage by the tenant you choose. To get cost reports about tenant usage, you configure a report and send usage data to Application Cost Profiler. This section discusses the prerequisites that you must complete before you use Application Cost Profiler.

Get an AWS account and your root user credentials

To access AWS, you must sign up for an AWS account.

To sign up for an AWS account

  1. Open https://portal.aws.amazon.com/billing/signup.

  2. Follow the online instructions.

    Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.

    When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to an administrative user, and use only the root user to perform tasks that require root user access.

AWS sends you a confirmation email after the sign-up process is complete. At any time, you can view your current account activity and manage your account by going to https://aws.amazon.com/ and choosing My Account.

Creating an IAM user

If your account already includes an AWS Identity and Access Management (IAM) user with full AWS administrative permissions, you can skip this section.

Note

For more information about using IAM with Application Cost Profiler, see Identity and access management for AWS Application Cost Profiler.

When you first create an AWS account, you begin with one sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account.

Important

We strongly recommend that you do not use the root user for your everyday tasks. Safeguard your root user credentials and use them to perform the tasks that only the root user can perform. For the complete list of tasks that require you to sign in as the root user, see Tasks that require root user credentials in the AWS General Reference.

To create an administrator user, choose one of the following options.

Choose one way to manage your administrator To By You can also
In IAM Identity Center

(Recommended)

Use short-term credentials to access AWS.

This aligns with the security best practices. For information about best practices, see Security best practices in IAM in the IAM User Guide.

Following the instructions in Getting started in the AWS IAM Identity Center (successor to AWS Single Sign-On) User Guide. Configure programmatic access by Configuring the AWS CLI to use AWS IAM Identity Center (successor to AWS Single Sign-On) in the AWS Command Line Interface User Guide.
In IAM

(Not recommended)

Use long-term credentials to access AWS. Following the instructions in Creating your first IAM admin user and user group in the IAM User Guide. Configure programmatic access by Managing access keys for IAM users in the IAM User Guide.

Signing in as an IAM user

Sign in to the IAM console by choosing IAM user and entering your AWS account ID or account alias. On the next page, enter your IAM user name and your password.

Note

For your convenience, the AWS sign-in page uses a browser cookie to remember your IAM user name and account information. If you previously signed in as a different user, choose the sign-in link beneath the button to return to the main sign-in page. From there, you can enter your AWS account ID or account alias to be redirected to the IAM user sign-in page for your account.

Creating IAM user access keys

Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests that you make to AWS. If you don't have access keys, you can create them from the AWS Management Console. As a best practice, do not use the AWS account root user access keys for any task where it's not required. Instead, create a new administrator IAM user with access keys for yourself.

The only time that you can view or download the secret access key is when you create the keys. You cannot recover them later. However, you can create new access keys at any time. You must also have permissions to perform the required IAM actions. For more information, see Permissions required to access IAM resources in the IAM User Guide.

To create access keys for an IAM user

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, choose Users.

  3. Choose the name of the user whose access keys you want to create, and then choose the Security credentials tab.

  4. In the Access keys section, choose Create access key.

  5. To view the new access key pair, choose Show. You will not have access to the secret access key again after this dialog box closes. Your credentials will look something like this:

    • Access key ID: AKIAIOSFODNN7EXAMPLE

    • Secret access key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

  6. To download the key pair, choose Download .csv file. Store the keys in a secure location. You will not have access to the secret access key again after this dialog box closes.

    Keep the keys confidential in order to protect your AWS account and never email them. Do not share them outside your organization, even if an inquiry appears to come from AWS or Amazon.com. No one who legitimately represents Amazon will ever ask you for your secret key.

  7. After you download the .csv file, choose Close. When you create an access key, the key pair is active by default, and you can use the pair right away.

Related topics

Application Cost Profiler specific prerequisites

Before you get started with Application Cost Profiler, you must complete the following prerequisites:

  • Enable Cost Explorer

    Enable AWS Cost Explorer for your AWS account. Setting up an account with Cost Explorer can take up to 24 hours. You must complete Cost Explorer setup before Application Cost Profiler can generate your daily and monthly reports.

    For more information, see Enabling Cost Explorer in the AWS Billing and Cost Management User Guide.

  • Create S3 buckets

    Create at least two Amazon Simple Storage Service (Amazon S3) buckets. Application Cost Profiler uses one S3 bucket to provide reports to you. You use the other S3 bucket to upload usage data to Application Cost Profiler. Typically, you only need one S3 bucket to upload usage data. However, you might want to have more than one S3 bucket so that you can keep usage for different services in separate S3 buckets with different permissions, if needed for your security. You must give Application Cost Profiler permissions to these S3 buckets.

    For more information about setting up the Amazon S3 buckets for Application Cost Profiler, see Setting up Amazon S3 buckets for Application Cost Profiler.

  • Enable tags

    To report usage by tag, rather than by resource, you must enable those tags in the AWS Billing and Cost Management console.

    For more information about activating AWS generated tags, see Activating the AWS-Generated Cost Allocation Tags in the AWS Billing and Cost Management User Guide. For more information about activating user-defined tags, see Activating User-Defined Cost Allocation Tags in the AWS Billing and Cost Management User Guide.

Next steps

After you complete these prerequisites, you can: