Enable Continuous Efficiency for Amazon Web Services (AWS)

Updated 1 week ago by Archana Singh

Harness Continuous Efficiency (CE) monitors cloud costs using your Amazon Web Services (AWS). Connect your AWS account to Harness to get insights into your expenses across your cloud infrastructure and AWS services, such as EC2, S3, RDS, Lambda, and so on. Harness uses a secure, cross-account role with a restricted policy to access the cost and usage reports and resources for cost analysis.

In this topic:

Before You Begin

After enabling CE, it takes about 24 hours for the data to be available for viewing and analysis.

Step: Connect to Your AWS Account

To enable CE for your AWS services (such as EC2, S3, RDS, Lambda, and so on), you simply need to connect Harness to your AWS accounts.

  1. In Continuous Efficiency, click Settings and then click Cloud Accounts.
  2. In Cloud Accounts, click Connect to your AWS account.
  3. Connect to your AWS Master Account. This involves the following steps:

Step 1: Enable Cost and Usage Report (CUR) via AWS console

CUR provides detailed billing data across AWS accounts to help you analyze your spend.

You need to enter the cost and usage report name and cost and usage S3 bucket name in Harness. To get these details, do the following:

  1. Log into your AWS Master Account via AWS console. To launch the AWS console, click How to create a Cost and Usage Report (CUR) using Harness required specifications? and click Launch AWS Console.
  2. In AWS Cost and Usage Reports, click Create Report.
  3. Enter the Report Name. This is the CUR name that you need to enter in Harness.
  4. In Additional report details, select the checkbox Include resource IDs to include the IDs of each individual resource in the report.
  5. In Data refresh settings, select the checkbox Automatically refresh your Cost & Usage Report when charges are detected for previous months with closed bills.
  6. Click Next.

    When you are done with the Report content step, it will look something like this:
  7. In the S3 bucket, click Configure.
  8. In Configure S3 Bucket, in Create a bucket, enter S3 bucket name. This is the cost and usage S3 bucket name that you need to enter in Harness. For more information on S3 bucket naming requirements, see Amazon S3 Bucket Naming Requirements.
  9. Select Region from the drop-down list and click Next. It is recommended to select US East (N. Virginia).
  10. In Verify policy, select the checkbox I have confirmed that this policy is correct and click Save.
  11. Do not enter any value in the Report path prefix field. Ensure that this field is empty.
  12. Select Hourly in Time granularity.
  13. Select Overwrite Existing Report in Report versioning.
  14. Do not select any value in Enable report data integration for.
  15. Select GZIP in the Compression type.
  16. Click Next.

    When you are done with the Delivery options step, it will look something like this:
  17. Review your report details and click Review and Complete.
  18. Enter the Cost and Usage Report Name (as entered in step 3) and Cost and Usage S3 Bucket Name (as entered in step 8) in Harness.

Step 2: Create Cross-Account IAM Role using the AWS CloudFormation Template

Harness uses the secure cross-account role to access your AWS account. The role includes a restricted policy to access the cost and usage reports and resources for cost analysis. Harness will never modify any of your workloads.

  1. Click Follow these instructions and click Launch Template. You can review the template before launching it. To review, click View Template.
    Ensure that you are logged into your AWS master account. The master account is the account that creates the organization.
  2. In Quick create stack, in Capabilities, select acknowledgment, and click Create stack.
  3. In the Stacks page, from Outputs tab copy Value.

Step 3: Provide Cross-Account IAM ARN from the Output of CloudFormation Stack

  1. Enter the Cross-Account Role ARN that you copied from the Outputs tab (previous step) in Harness.
  2. Enter the Account Name.
  3. Click Save & Continue.
    When you are done, it will look something like this:

Step (Optional): Provide Access to Member Accounts

With access to AWS member accounts, CE provides cost impact data on member accounts events.

Once setup, the list of the member accounts linked to your AWS master account along with their status is displayed. To provide access to member accounts you need to create an IAM Role using the CloudFormation Template provided in the CE AWS setup. This IAM role provides access to member accounts.

  1. Click Follow these instructions and click Launch Template. The StackSets settings appear.

    StackSets provides IAM access across linked member accounts.
    Ensure that you are logged into your AWS master account. The master account is the account that creates the organization.

Step 1: Choose a Template

  1. In Prerequisite - Prepare template, select Template is ready.
  2. In the Specify template, select the Amazon S3 URL and enter the following URL and click Next.

    https://continuous-efficiency-prod.s3.us-east-2.amazonaws.com/setup/v1/linkedAccount.json

Step 2: Specify StackSet Details

  1. Enter Stack set name harness-ce-iam-stackset.
  2. In Parameters, in ExternalID enter the IDharness:111111111111:lnFZRF6jQO6tQnB9xxXXXx and click Next.

    Copy the External ID from Harness. The external ID is generated dynamically for your account.

Step 3: Configure StackSet Options

In Permissions, select Service-managed permissions and click Next.

Step 4:  Set Deployment Options

  1. In Deployment targets, select Deploy to organization.
  2. In Automatic deployment, select Enabled.
  3. In Account removal behavior, select Delete Stacks.
  4. Select a region from the drop-down list and click Next.

Step 5: Review

Review the details, select acknowledgment, and click Submit.

  1. In Harness, click Verify Access to check the status of the connected member accounts. The following status is displayed:

    Connected: Harness has access to your linked member accounts.
    Not Connected: Harness does not have access to your linked member accounts.
    Not Verified: Harness is not able to verify linked member accounts.
  2. To modify any of the master account settings, click Back.
  3. When you have provided access to Harness for all of the member accounts you want to analyze, click Done.
  4. The connected AWS master account along with the member account details are displayed.
  5. Use Has Access, No Access, or All filters to sort the members accounts for which Harness has the access.

The AWS Cloud Provider is now listed under Efficiency Enabled.

As noted earlier, after enabling CE, it takes about 24 hours for the data to be available for viewing and analysis in Cost Explorer.

Next Steps


How did we do?