cool-master-cur

This is a Terraform module for creating resources in a COOL Master account in order to replicate AWS Cost and Usage Reports (CUR) to a designated S3 bucket.

Pre-requisites

• Terraform installed on your system.
• An accessible AWS S3 bucket to store Terraform state (specified in backend.tf).
• An accessible AWS DynamoDB database to store the Terraform state lock (specified in backend.tf).
• Access to all of the Terraform remote states specified in remote_states.tf.

Usage

For the purposes of these instructions, assume the environment is named "dev"; replace "dev" in the instructions below with your environment name if needed.

1. Create a backend configuration file named dev.tfconfig containing the name of the bucket where Terraform state is stored for that environment.

   bucket = "my-dev-terraform-state-bucket"

2. Initialize the Terraform backend for the "dev" environment using your backend configuration file:

   terraform init -upgrade -backend-config=dev.tfconfig

   [!NOTE] When performing this step for additional environments (i.e. not your first environment), use the -reconfigure flag:

   terraform init -upgrade -backend-config=other-env.tfconfig -reconfigure

3. Create a Terraform workspace (if you haven't already done so) by running terraform workspace new dev

4. Create a dev.tfvars file with all required variables and any optional variables that you wish to override (see Inputs below for details):

   data_export_bucket_name                   = "my-cur-export-bucket"
   data_export_completion_report_bucket_name = "my-cur-export-completion-report-bucket"
   destination_bucket_account_id             = "123456789012"
   destination_bucket_name                   = "destination-cur-bucket"
   
   tags = {
     Team        = "Your Team Name"
     Application = "COOL - Master CUR"
     Workspace   = "dev"
   }
   
   terraform_state_bucket = "my-terraform-state-bucket"

5. Run the command terraform apply -var-file=dev.tfvars.

Requirements

Name	Version
terraform	>= 1.1
aws	>= 4.9

Providers

Name	Version
aws	>= 4.9
aws.master	>= 4.9
terraform	n/a

Modules

No modules.

Resources

Name	Type
aws_iam_policy.replication_policy	resource
aws_iam_role.replication_role	resource
aws_iam_role_policy_attachment.replication_policy_attachment	resource
aws_s3_bucket.completion_report	resource
aws_s3_bucket.export	resource
aws_s3_bucket_ownership_controls.completion_report	resource
aws_s3_bucket_ownership_controls.export	resource
aws_s3_bucket_policy.export	resource
aws_s3_bucket_public_access_block.completion_report	resource
aws_s3_bucket_public_access_block.export	resource
aws_s3_bucket_replication_configuration.export	resource
aws_s3_bucket_server_side_encryption_configuration.completion_report	resource
aws_s3_bucket_server_side_encryption_configuration.export	resource
aws_s3_bucket_versioning.export	resource
aws_caller_identity.current	data source
aws_caller_identity.master	data source
aws_iam_policy_document.assume_role_doc	data source
aws_iam_policy_document.export_bucket_policy_doc	data source
aws_iam_policy_document.replication_doc	data source
terraform_remote_state.master	data source

Inputs

Name	Description	Type	Default	Required
aws_region	The AWS region to deploy into (e.g. us-east-1).	string	"us-east-1"	no
data_export_bucket_name	The name of the S3 bucket where cost and usage data exports will be stored.	string	n/a	yes
data_export_completion_report_bucket_name	The name of the S3 bucket where cost and usage data export completion reports will be stored.	string	n/a	yes
destination_bucket_account_id	The AWS account ID that owns the S3 bucket to which cost and usage reports will be replicated.	string	n/a	yes
destination_bucket_name	The name of the S3 bucket to which cost and usage reports will be replicated.	string	n/a	yes
replication_policy_description	The description of the IAM policy for S3 replication.	string	"IAM policy to enable replication of Cost and Usage Report data exports to the destination bucket."	no
replication_policy_name	The name of the IAM policy for S3 replication.	string	"cur-report-replication-policy"	no
replication_role_description	The description of the IAM role for S3 replication.	string	"IAM role that can perform replication of Cost and Usage Report data exports to the destination bucket."	no
replication_role_name	The name of the IAM role for S3 replication.	string	"cur-report-replication-role"	no
replication_rule_id	The ID to assign to the S3 replication rule for Cost and Usage Report data exports.	string	"cur-replication"	no
tags	Tags to apply to all AWS resources created.	map(string)	{}	no
terraform_state_bucket	The name of the S3 bucket where Terraform state is stored.	string	n/a	yes

Outputs

Name	Description
completion_report_bucket	The S3 bucket where cost and usage completion reports are stored.
data_export_bucket	The S3 bucket where cost and usage data exports are stored.
replication_role_arn	The ARN of the IAM role that can be assumed to perform replication of CUR data export reports.

Notes

Running pre-commit requires running terraform init in every directory that contains Terraform code. In this repository, this is just the main directory.

Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

License

This project is in the worldwide public domain.

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.