Deployment In China - Cloud Intelligence Dashboards on AWS
ArchitectureDeploymentDeploymentPost-Deployment StepsFAQ

Deployment In China

Note

For deployments in AWS China Regions, please note there are specific regional considerations and limitations. For all other AWS Regions, please follow the standard deployment guide

Architecture

There are 2 options how you can analyze your Cost and Usage. You can consolidate all your Cost and Usage data to Global Regions (for example using Data Transfer Hub) or you can deploy Cloud Intelligence Dashboards in China Regions. Here we will provide a specific guidance for deployment in China Regions.

We recommend deployment of the Dashboards in a dedicated Data Collection Account, other than your Management (Payer) Account. This guidance provides a CloudFormation template to copy Cost and Usage Report(CUR) data from your Management Account to the dedicated one. You can use it to aggregate data from multiple Management Accounts or multiple Linked Accounts.

If you do not have access to the Management/Payer Account, you can still collect the data across multiple Linked accounts using the same approach.

Foundational Architecture

  1. AWS Cost and Usage Report delivers daily the Cost & Usage data to an Amazon S3 Bucket in the Management Account.

  2. Amazon S3 replication rule copies CUR data to a dedicated Data Collection Account S3 bucket automatically.

  3. Amazon Athena allows querying data directly from the S3 bucket using an AWS Glue table schema definition.

  4. Amazon QuickSight creates datasets from Amazon Athena, refreshes daily and caches in SPICE(Super-fast, Parallel, In-memory Calculation Engine) for Amazon QuickSight

  5. User Teams (Executives, FinOps, Engineers) can access Cloud Intelligence Dashboards in Amazon QuickSight. Access is secured through AWS IAM, IIC (AWS IAM Identity Center, formerly SSO), and optional Row Level Security.

Deployment

Deployment Steps

Deployment process consists of 3 main steps:

  1. Deploy Amazon S3 Bucket and Athena Tables in the Data Collection Account

  2. Amazon S3 Bucket and a replication policy in Source Accounts (one or many)

  3. Deploy Cloud Intelligence Dashboards (CID) Stack in the Data Collection Account

Deployment

Before you start

  1. Choose Beijing Region (cn-north-1) for your deployment as QuickSight is only available in this region for AWS China.

  2. Define your Data Collection Account. Create or reuse an existing shared account. We do not recommend using the Management(Payer) Account for data collection.

  3. Make sure you have permissions for deploying CloudFormation Stacks.

  • In the Management/Payer Account you will need permission to access AWS CloudFormation, AWS Cost & Usage Reports, AWS IAM, AWS Lambda and Amazon S3.

  • In the Data Collection Account you will need permission to access Amazon Athena, AWS CloudFormation, AWS Directory Service, Amazon EventBridge, AWS Glue, AWS IAM, AWS Lambda, Amazon QuickSight, and Amazon S3 via both the console and the Command Line Tool.

  • For a CLI deployment, you will not require CloudFormation permissions.

  • You can use this CloudFormation template to provision an IAM role with minimal permissions required for dashboard deployment. It takes an IAM role name as a parameter and adds the required policies to the role.

Step 1. [Data Collection Account] Create Destination For CUR Aggregation

  1. Sign in to your Data Collection Account.

  2. Click the Launch Stack button below to open the pre-populated stack template in your CloudFormation console. This Stack will create bucket open for replication and Athena Tables.

    Launch Stack button

Step 2. [Source/Management Account] Create CUR and Configure Replication

  1. Sign in to your Source Account (Management/Payer Account).

  2. Click the Launch Stack button below to open the pre-populated stack template in your CloudFormation console.

    Launch Stack button

Step 3. [Data Collection Account] Deploy Dashboards

3.1 - Prepare Amazon QuickSight

Note

QuickSight is only available in cn-north-1 Beijing region for AWS China

  1. Sign in to your Data Collection Account and navigate to the AWS Management Console and search for QuickSight in the services menu.

  2. Select Sign up for QuickSight if this is your first time accessing the service.

  3. On the QuickSight setup page, you’ll need to choose an authentication method:

    • IAM Identity Center - Recommended for simplified user management and SSO capabilities

    • Active Directory - Suitable for enterprises with existing AD infrastructure

      You cannot change authentication method after the initial setup. You will need to re-create the Amazon QuickSight account.

  4. If selecting IAM Identity Center:

Note: Choose your authentication method based on your organization’s requirements and existing identity management infrastructure.

  1. At the bottom of the sign up page, there is an optional add-on for Pixel-Perfect Reports:

Note

Make sure to uncheck Pixel-Perfect Reports option unless specifically needed, as it incurs additional charges. This feature can be enabled later if needed.

QuickSight configuration page - uncheck Pixel-Perfect Reports option

  1. Complete the account creation:

    • Select the appropriate Authentication method

    • Enter a unique name for your QuickSight account

    • Enter an email address for notifications

    • (Optional) Click Select S3 buckets and choose all cid buckets (cid-*)

    • Click Finish and wait for the congratulations screen

3.2 - Deploy Foundational Dashboards

Note

To avoid cross-region data transfer costs, use the Beijing Region (cn-north-1) - the only region where QuickSight is available in China.

  1. Sign in to your Data Collection Account.

  2. Click the Launch Stack button below to open the pre-populated stack template in your CloudFormation console.

    Launch Stack button

  3. Configure stack parameters:

  • Enter a Stack name for your template such as Cloud-Intelligence-Dashboards

  • Review Common Parameters and confirm prerequisites before specifying the other parameters. You must answer "yes" to both prerequisites questions.

  • Copy and paste your QuicksightUserName into the parameter text box. To find your QuickSight username:

    • Open a new tab or window and navigate to the QuickSight console

    • Find your username from the person icon in the top right corner

      Quicksight page with username drop down in the top right highlighted

  • Select the Dashboards you want to install. We recommend deploying all three: Cost Intelligence Dashboard, CUDOS, and the KPI Dashboard.

  • Make sure Parameters CreateLocalAssetsBucket set to yes and CURVersion set to 1.0

  • The CurrencySymbol parameter is defaulted to JPY (Japanese Yen - ¥). Please select the appropriate symbol from the dropdown option to match your CUR settings.

  • Review the configuration, select the checkbox I acknowledge that Amazon CloudFormation might create IAM resources with custom names, and click Create stack.

  • You will see the stack will start in CREATE_IN_PROGRESS. This step can take ~20 minutes. Once complete, the stack will show CREATE_COMPLETE

Note

Dashboards will be empty initially. We recommend initiating a backfill via Support Cases

Step 4 (optional). Request Data Backfill

You can create a Support Case requesting a back-fill of your Cost And Usage Report with up to 36 months of historical data. Case must be created from each of your Source Accounts (typically Management/Payer Accounts).

Post-Deployment Steps

After successful deployment:

  1. Check stack outputs for dashboard URLs

  2. Verify QuickSight access

  3. Wait for data to populate (typically 24-48 hours for first data delivery)

  4. Consider requesting a backfill through AWS Support if you need historical data

FAQ

How can I see AWS Usage in China and other Partitions?

  • You can consolidate Cost and Usage report from China and Global regions in one account (can be in any partition of your choice). We recommend using Data Transfer Hub. Please consult with your legal team before moving data across AWS Partitions. If you aggregate data in different currencies you might need additionally a currency conversion.

Data Transfer Architecture

  1. Amazon S3 replicates AWS CUR data from a Management account in Global region to a Data Collection Account.

  2. Cloud Intelligence Dashboards leverage Amazon Athena and Amazon QuickSight for viualization.

  3. Data Transfer Hub moves data from China region to the Data collection account in Global Region.

  4. Additional solution can be used for pulling up to date exchange rate information from a 3rd party source.

What dashboards are available in China?

  • At the moment only Foundational Dashboards (CUDOS, CID, KPI) are available. We are working on other dashboard as well.

Other questions? Visit our FAQs.