|
1 | | -## Cloud Intelligence Dashboard Framework |
2 | | -[Cloud Intelligence Dashboards](https://catalog.workshops.aws/awscid) is a project that provides AWS customers with a series of in-depth and customizable dashboards for the most comprehensive cost and usage details to help optimize cost, track usage goals, and achieve operational excellence. |
| 1 | +## CID Data Collection Framework |
3 | 2 |
|
4 | | -This repostory contains following elements: |
5 | | -* [data-collection](/data-collection) - a set of Cloud Formation Templates for collecting data from Management and Linked Accounts. |
6 | | -* [case-summarization](/case-summarization) - a Cloud Formation Template for deploying the AWS Support Case Summarization plugin that offers the capability to summarize cases through Generative AI powered by Amazon Bedrock. |
| 3 | +## Table of Contents |
| 4 | +1. [Overview](#Overview) |
| 5 | +1. [Architecture of Data Exports](#Architecture-of-Data-Exports) |
| 6 | +1. [Architecture of Data Collection](#Architecture-of-Data-Collection) |
| 7 | +1. [Cost](#Cost) |
| 8 | +1. [Prerequisites](#Prerequisites) |
| 9 | +1. [Regions](#Regions) |
| 10 | +1. [Deployment and Cleanup Steps](#Deployment-and-Cleanup-Steps) |
| 11 | +1. [Changelogs](#Changelogs) |
| 12 | +1. [Feedback](#Feedback) |
| 13 | +1. [Security](#Security) |
| 14 | +1. [License](#License) |
| 15 | +1. [Notices](#Notices) |
7 | 16 |
|
8 | | -## Support and Contribution |
| 17 | +## Overview |
| 18 | +This repository is a part of [Cloud Intelligence Dashboards](https://catalog.workshops.aws/awscid), a project that provides AWS customers with a series of in-depth and customizable dashboards for the most comprehensive cost and usage details to help optimize cost, track usage goals, and achieve operational excellence. |
9 | 19 |
|
| 20 | +This repository contains following elements: |
| 21 | +* [data-exports](/data-exports) - a Cloud Formation Templates for AWS Data Exports, such as Cost and Usage Report 2.0 and others. This allows a replication of Exports from your Management Account(s) to a Dedicated Data Collection Accounts as well as aggregation of multiple Exports from a set of Linked Accounts. |
| 22 | +* [data-collection](/data-collection) - a set of Cloud Formation Templates for collecting infrastructure operational data from Management and Linked Accounts. Such as data from AWS Trusted Advisor, AWS Compute Optimizer, Inventories, Pricing, AWS Health, AWS Support Cases etc. See more about types of data collected [here](/data-collection). |
| 23 | +* [case-summarization](/case-summarization) - an additional Cloud Formation Template for deploying the AWS Support Case Summarization plugin that offers the capability to summarize cases through Generative AI powered by Amazon Bedrock. |
| 24 | +* [rls](/rls) - a stack for managing Row Level Security for CID Dashboards. |
| 25 | +* [security-hub](/security-hub) - Collection of data from AWS Security Hub. |
| 26 | + |
| 27 | +All Data Collections can be used independently from Dashboards. Typically data collections store data on [Amazon S3 Bucket](https://aws.amazon.com/s3/) and provide [AWS Glue](https://aws.amazon.com/glue/) tables and [Amazon Athena](https://aws.amazon.com/athena/) Views to explore and use these data. |
| 28 | + |
| 29 | +### Other AWS Services |
| 30 | +* [Collection of AWS Config data](https://github.com/aws-samples/config-resource-compliance-dashboard) |
| 31 | + |
| 32 | +### Multi-cloud data |
| 33 | +* [Collection of Azure Cost Data](https://github.com/aws-samples/aws-data-pipelines-for-azure-storage/) |
| 34 | +* [Collection of GCP Cost Data](https://github.com/awslabs/cid-gcp-cost-dashboard/) |
| 35 | +* [Collection of OCI Cost Data](https://github.com/awslabs/cid-oci-cost-dashboard/) |
| 36 | + |
| 37 | +## Architecture of Data Exports |
| 38 | + |
| 39 | +1. [AWS Data Exports](https://aws.amazon.com/aws-cost-management/aws-data-exports/) delivers daily the Cost & Usage Report (CUR2) to an [Amazon S3 Bucket](https://aws.amazon.com/s3/) in the Management Account. |
| 40 | +2. [Amazon S3](https://aws.amazon.com/s3/) replication rule copies Export data to a dedicated Data Collection Account S3 bucket automatically. |
| 41 | +3. [Amazon Athena](https://aws.amazon.com/athena/) allows querying data directly from the S3 bucket using an [AWS Glue](https://aws.amazon.com/glue/) table schema definition. |
| 42 | +4. [Amazon QuickSight](https://aws.amazon.com/quicksight/) datasets can read from [Amazon Athena](https://aws.amazon.com/athena/). Check Cloud Intelligence Dashboards. |
| 43 | + |
| 44 | +See more in [data-exports](/data-exports). |
| 45 | + |
| 46 | + |
| 47 | + |
| 48 | +## Architecture of Data Collection |
| 49 | + |
| 50 | +1. The Advanced Data Collection can be deployed to enable advanced dashboards based on [AWS Trusted Advisor](https://aws.amazon.com/trustedadvisor/), [AWS Health Events](https://docs.aws.amazon.com/health/latest/ug/getting-started-phd.html) and other sources. Additional data is retrieved from [AWS Organization](https://aws.amazon.com/organizations/) or Linked Accounts. In this case [Amazon EventBridge](https://aws.amazon.com/eventbridge/) rule triggers an [AWS Step Functions](https://aws.amazon.com/step-functions/) for data collection modules on a configurable schedule. |
| 51 | + |
| 52 | +2. The "Account Collector" [AWS Lambda](https://aws.amazon.com/lambda/) in AWS Step Functions retrieves linked account details using [AWS Organizations API](https://docs.aws.amazon.com/organizations/latest/APIReference/Welcome.html). |
| 53 | + |
| 54 | +3. The "Data Collection" Lambda function in AWS Step Functions assumes role in each linked account to retrieve account-specific data via [AWS SDK](https://aws.amazon.com/sdk-for-python/). |
| 55 | + |
| 56 | +4. Retrieved data is stored in a centralized [Amazon S3 Bucket](https://aws.amazon.com/s3/). |
| 57 | + |
| 58 | +5. Advanced Cloud Intelligence Dashboards leverage [Amazon Athena](https://aws.amazon.com/athena/) and [Amazon QuickSight](https://aws.amazon.com/quicksight/) for comprehensive data analysis. |
| 59 | + |
| 60 | +See more in [data-collection](/data-collection). |
| 61 | + |
| 62 | + |
| 63 | + |
| 64 | + |
| 65 | +## Cost |
| 66 | +The following table provides a sample cost breakdown for deploying of Foundational Dashboards with the default parameters in the US East (N. Virginia) Region for one month. |
| 67 | + |
| 68 | +| AWS Service | Dimensions | Monthly Cost [USD] | |
| 69 | +|---------------------------------|-------------------------------|--------------------| |
| 70 | +| S3 | Monthly storage | $5-10* | |
| 71 | +| AWS Lambda | On the schedule 1/14 days | $<3* | |
| 72 | +| AWS Step Functions | On the schedule 1/14 days | $<3* | |
| 73 | +| AWS Glue Crawler | On schedule | $<3* | |
| 74 | +| AWS Athena | Data scanned monthly | $15* | |
| 75 | +| **Total Estimated Monthly Cost** | | **<$50** | |
| 76 | + |
| 77 | +\* Costs are relative to the size of collected data (number of workloads, modules activated, AWS Accounts, Regions etc) and configured data collection frequency. |
| 78 | + |
| 79 | +Pleas use AWS Pricing Calculator for precise estimation. |
| 80 | + |
| 81 | +## Prerequisites |
| 82 | +You need access to AWS Accounts. We recommend deployment of the Data Collection in a dedicated Data Collection Account, other than your Management (Payer) Account. You can use it to aggregate data from multiple Management (Payer) Accounts or multiple Linked Accounts. |
| 83 | + |
| 84 | +If you do not have access to the Management/Payer Account, you can still collect some types fo data across multiple Linked accounts. |
| 85 | + |
| 86 | +## Regions |
| 87 | +Make sure you are installing data collection in the same region where you are going to use the data to avoid cross region charges. |
| 88 | + |
| 89 | +| Region Name | Region Code | Available | |
| 90 | +|:------------ | :-------------| :-------------| |
| 91 | +| Africa (Cape Town) | af-south-1 | | |
| 92 | +| Asia Pacific (Tokyo) | ap-northeast-1 | :heavy_check_mark: | |
| 93 | +| Asia Pacific (Seoul) | ap-northeast-2 | :heavy_check_mark: | |
| 94 | +| Asia Pacific (Mumbai) | ap-south-1 | :heavy_check_mark: | |
| 95 | +| Asia Pacific (Singapore) | ap-southeast-1 | :heavy_check_mark: | |
| 96 | +| Asia Pacific (Sydney) | ap-southeast-2 | :heavy_check_mark: | |
| 97 | +| Asia Pacific (Jakarta) | ap-southeast-3 | | |
| 98 | +| Canada (Central) | ca-central-1 | :heavy_check_mark: | |
| 99 | +| China (Beijing) | cn-north-1 | | |
| 100 | +| Europe (Frankfurt) | eu-central-1 | :heavy_check_mark: | |
| 101 | +| Europe (Zurich) | eu-central-2 | | |
| 102 | +| Europe (Stockholm) | eu-north-1 | :heavy_check_mark: | |
| 103 | +| Europe (Milan) | eu-south-1 | | |
| 104 | +| Europe (Spain) | eu-south-2 | | |
| 105 | +| Europe (Ireland) | eu-west-1 | :heavy_check_mark: | |
| 106 | +| Europe (London) | eu-west-2 | :heavy_check_mark: | |
| 107 | +| Europe (Paris) | eu-west-3 | :heavy_check_mark: | |
| 108 | +| South America (São Paulo) | sa-east-1 | :heavy_check_mark: | |
| 109 | +| US East (N. Virginia) | us-east-1 | :heavy_check_mark: | |
| 110 | +| US East (Ohio) | us-east-2 | :heavy_check_mark: | |
| 111 | +| AWS GovCloud (US-East) | us-gov-east-1 | | |
| 112 | +| AWS GovCloud (US-West) | us-gov-west-1 | | |
| 113 | +| US West (Oregon) | us-west-2 | :heavy_check_mark: | |
| 114 | + |
| 115 | + |
| 116 | +## Deployment and Cleanup Steps |
| 117 | +Reference to folders. |
| 118 | +* [data-exports](/data-exports) |
| 119 | +* [data-collection](/data-collection) |
| 120 | +* [case-summarization](/case-summarization) |
| 121 | +* [rls](/rls) |
| 122 | +* [security-hub](/security-hub) |
| 123 | + |
| 124 | +## Changelogs |
| 125 | +Check [Releases](/../../releases) |
| 126 | + |
| 127 | +## Feedback |
| 128 | +Please reference to [this page](https://catalog.workshops.aws/awscid/en-US/feedback-support) |
| 129 | + |
| 130 | +## Contribution |
10 | 131 | See [CONTRIBUTING](CONTRIBUTING.md) for more information. |
11 | 132 |
|
12 | 133 | ## Security |
| 134 | +When you build systems on AWS infrastructure, security responsibilities are shared between you and AWS. This [shared responsibility |
| 135 | +model](https://aws.amazon.com/compliance/shared-responsibility-model/) reduces your operational burden because AWS operates, manages, and |
| 136 | +controls the components including the host operating system, the virtualization layer, and the physical security of the facilities in |
| 137 | +which the services operate. For more information about AWS security, visit [AWS Cloud Security](http://aws.amazon.com/security/). |
13 | 138 |
|
14 | 139 | See [SECURITY](SECURITY.md) for more information. |
15 | 140 |
|
16 | 141 | ## License |
| 142 | +This project is licensed under the Apache-2.0 License. See the [LICENSE](LICENSE) file. |
| 143 | + |
| 144 | +## Notices |
| 145 | +Dashboards and their content: (a) are for informational purposes only, (b) represents current AWS product offerings and practices, which are subject to change without notice, and (c) does not create any commitments or assurances from AWS and its affiliates, suppliers or licensors. AWS content, products or services are provided “as is” without warranties, representations, or conditions of any kind, whether express or implied. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers. |
17 | 146 |
|
18 | | -This project is licensed under the Apache-2.0 License. |
19 | 147 |
|
0 commit comments