Skip to content

rhythmictech/terraform-aws-rhythmic-cost-monitor

BranchesTags

Repository files navigation

terraform-aws-rhythmic-cost-monitor

Configures AWS cost anomaly detection and budget services for monitoring tflint trivy yamllint misspell pre-commit-check follow on Twitter

Example

Here's what using the module will look like

module "example" {
  source = "rhythmictech/rhythmic-cost-monitor/aws"
  datadog_api_key_secret_arn = ""
}

About

Rhythmic is an AWS Managed Services Provider. We rely heavily on automation to deliver our services, ingesting configuration, event and state information from AWS via listeners (e.g., EventBridge and SNS), services (e.g., Anomaly Detection), and APIs via custom scripts (e.g., Trusted Advisor).

We open source the vast majority of the resources we use to deliver our managed services because transparency is one of our principles.

Requirements

Name Version
terraform >= 1.5
archive >= 2.2.0
aws >= 4.62

Providers

Name Version
archive 2.4.2
aws 5.36.0

Modules

Name Source Version
tags rhythmictech/tags/terraform ~> 1.1.1

Resources

Name Type
aws_budgets_budget.ri_utilization resource
aws_budgets_budget.service resource
aws_budgets_budget.sp_utilization resource
aws_ce_anomaly_monitor.cost_alerts resource
aws_ce_anomaly_subscription.cost_alerts resource
aws_cloudwatch_event_rule.monitor_sps_and_ris resource
aws_cloudwatch_event_target.monitor_sps_and_ris resource
aws_cloudwatch_log_group.monitor_sps_and_ris resource
aws_cur_report_definition.cur resource
aws_iam_policy.cur_forwarding resource
aws_iam_policy.datadog_cost_policy resource
aws_iam_policy.monitor_sps_and_ris_execution resource
aws_iam_role.cur_forwarding resource
aws_iam_role.monitor_sps_and_ris_execution resource
aws_iam_role_policy_attachment.cur_forwarding resource
aws_iam_role_policy_attachment.datadog_cost_policy resource
aws_iam_role_policy_attachment.monitor_sps_and_ris_execution resource
aws_lambda_function.monitor_sps_and_ris resource
aws_lambda_permission.monitor_sps_and_ris resource
aws_s3_bucket.local_cur resource
aws_s3_bucket_lifecycle_configuration.local_cur resource
aws_s3_bucket_policy.local_cur resource
aws_s3_bucket_public_access_block.local_cur resource
aws_s3_bucket_replication_configuration.replication resource
aws_s3_bucket_server_side_encryption_configuration.local_cur resource
aws_s3_bucket_versioning.local_cur resource
aws_sns_topic.cost_alerts resource
aws_sns_topic_policy.cost_alerts resource
aws_sns_topic_subscription.cost_alerts resource
archive_file.monitor_sps_and_ris data source
aws_caller_identity.current data source
aws_iam_policy_document.cost_alerts data source
aws_iam_policy_document.cur_assume data source
aws_iam_policy_document.cur_forwarding data source
aws_iam_policy_document.datadog_cost_policy data source
aws_iam_policy_document.lambda_assume data source
aws_iam_policy_document.local_cur data source
aws_iam_policy_document.monitor_sps_and_ris_execution data source
aws_kms_alias.notifications data source
aws_region.current data source
aws_secretsmanager_secret.datadog_api_key data source
aws_secretsmanager_secret_version.datadog_api_key data source

Inputs

Name Description Type Default Required
anomaly_cost_monitor_name Name of Anomaly Detection Cost Monitor string "Rhythmic-DefaultAnomalyMonitor" no
anomaly_cost_subscription_name Name of Anomaly Detection Cost Subscription string "Rhythmic-DefaultAnomalySubscription" no
anomaly_total_impact_absolute_threshold Minimum dollar threshold number 100 no
anomaly_total_impact_percentage_threshold Percentage threshold number 10 no
aws_service_shorthand_map Map of shorthand notation for AWS services to their long form AWS services in cost and usage reporting, sorted alphabetically with lowercase keys map(string) 
{
  "apiGateway": "Amazon API Gateway",
  "appFlow": "Amazon AppFlow",
  "appRunner": "AWS App Runner",
  "appSync": "AWS AppSync",
  "athena": "Amazon Athena",
  "backup": "AWS Backup",
  "braket": "Amazon Braket",
  "chime": "Amazon Chime",
  "cloudFront": "Amazon CloudFront",
  "cloudWatch": "Amazon CloudWatch",
  "codeArtifact": "AWS CodeArtifact",
  "codeBuild": "AWS CodeBuild",
  "codeCommit": "AWS CodeCommit",
  "codeDeploy": "AWS CodeDeploy",
  "codePipeline": "AWS CodePipeline",
  "codeStar": "AWS CodeStar",
  "comprehend": "Amazon Comprehend",
  "connect": "Amazon Connect",
  "dataPipeline": "AWS Data Pipeline",
  "datadog": "Datadog",
  "deepComposer": "AWS DeepComposer",
  "deepLens": "AWS DeepLens",
  "deepRacer": "AWS DeepRacer",
  "detective": "Amazon Detective",
  "directConnect": "AWS Direct Connect",
  "dms": "AWS Database Migration Service",
  "documentDB": "Amazon DocumentDB",
  "dynamodb": "Amazon DynamoDB",
  "ec2": "Amazon Elastic Compute Cloud - Compute",
  "ecs": "Amazon Elastic Container Service",
  "efs": "Amazon Elastic File System",
  "eks": "Amazon Elastic Kubernetes Service",
  "elasticache": "Amazon ElastiCache",
  "emr": "Amazon Elastic MapReduce",
  "es": "Amazon Elasticsearch Service",
  "fargate": "AWS Fargate",
  "forecast": "Amazon Forecast",
  "fsx": "Amazon FSx",
  "gameLift": "Amazon GameLift",
  "glue": "AWS Glue",
  "greengrass": "AWS Greengrass",
  "guardDuty": "Amazon GuardDuty",
  "healthLake": "Amazon HealthLake",
  "honeycode": "Amazon Honeycode",
  "iam": "AWS Identity and Access Management",
  "inspector": "Amazon Inspector",
  "iot1Click": "AWS IoT 1-Click",
  "iotAnalytics": "AWS IoT Analytics",
  "iotButton": "AWS IoT Button",
  "iotCore": "AWS IoT Core",
  "iotDeviceManagement": "AWS IoT Device Management",
  "iotEvents": "AWS IoT Events",
  "iotSiteWise": "AWS IoT SiteWise",
  "iotThingsGraph": "AWS IoT Things Graph",
  "ivs": "Amazon Interactive Video Service",
  "kendra": "Amazon Kendra",
  "kinesis": "Amazon Kinesis",
  "kms": "AWS Key Management Service",
  "lambda": "AWS Lambda",
  "lex": "Amazon Lex",
  "lightsail": "Amazon Lightsail",
  "lookoutForVision": "Amazon Lookout for Vision",
  "lumberyard": "Amazon Lumberyard",
  "macie": "Amazon Macie",
  "managedBlockchain": "Amazon Managed Blockchain",
  "mq": "Amazon MQ",
  "msk": "Amazon Managed Streaming for Apache Kafka",
  "neptune": "Amazon Neptune",
  "opensearch": "Amazon OpenSearch Service",
  "outposts": "AWS Outposts",
  "pinpoint": "Amazon Pinpoint",
  "polly": "Amazon Polly",
  "qldb": "Amazon Quantum Ledger Database",
  "qls": "AWS Quantum Ledger Service",
  "quicksight": "Amazon QuickSight",
  "rds": "Amazon Relational Database Service",
  "redshift": "Amazon Redshift",
  "rekognition": "Amazon Rekognition",
  "robomaker": "AWS RoboMaker",
  "route53": "Amazon Route 53",
  "s3": "Amazon Simple Storage Service",
  "s3Outposts": "Amazon S3 on Outposts",
  "sagemaker": "Amazon SageMaker",
  "ses": "Amazon Simple Email Service",
  "sesv2": "Amazon Simple Email Service v2",
  "shield": "AWS Shield",
  "snowball": "AWS Snowball",
  "sns": "Amazon Simple Notification Service",
  "sqs": "Amazon Simple Queue Service",
  "stepFunctions": "AWS Step Functions",
  "storageGateway": "AWS Storage Gateway",
  "sumerian": "Amazon Sumerian",
  "swf": "Amazon Simple Workflow Service",
  "textract": "Amazon Textract",
  "timestream": "Amazon Timestream",
  "transcribe": "Amazon Transcribe",
  "transcribeMedical": "Amazon Transcribe Medical",
  "transfer": "AWS Transfer for SFTP",
  "translate": "Amazon Translate",
  "vpn": "AWS VPN",
  "waf": "AWS WAF",
  "wellArchitectedTool": "AWS Well-Architected Tool",
  "workDocs": "Amazon WorkDocs",
  "workLink": "Amazon WorkLink",
  "workMail": "Amazon WorkMail",
  "workSpaces": "Amazon WorkSpaces",
  "xRay": "AWS X-Ray",
  "zocalo": "Amazon Zocalo"
}
 no
cur_forwarding_bucket_arn S3 bucket ARN where CUR data will be forwarded string null no
datadog_api_key_secret_arn ARN of the AWS Secret containing the Datadog API key string n/a yes
enable_cur_collection Enable Cost and Usage Report collection for aggregation in a QuickSight CUDOS project. Be mindful of existing CUR collection processes before enabling. bool false no
enable_datadog_cost_management Enable Datadog cost management bool false no
expiring_sps_and_ris_alert_exp Alert expiration threshold for SPs and RIs number 7 no
expiring_sps_and_ris_warning_exp Warning expiration threshold for SPs and RIs number 30 no
monitor_ri_utilization Enable monitoring of Reserved Instances Utilization bool false no
monitor_sp_utilization Enable monitoring of Savings Plan Utilization bool false no
name_prefix Prefix for all resource names string "rhythmic-" no
ri_utilization_services List of services for Reserved Instance utilization monitoring list(string) 
[
  "ec2",
  "elasticache",
  "es",
  "opensearch",
  "rds",
  "redshift"
]
 no
service_budgets Map of service budgets 
map(object({
    time_unit : string
    limit_amount : string
    limit_unit : string
    threshold : number
    threshold_type : string
    notification_type : string
  }))
 
{
  "ec2": {
    "limit_amount": "5",
    "limit_unit": "USD",
    "notification_type": "ACTUAL",
    "threshold": 90,
    "threshold_type": "PERCENTAGE",
    "time_unit": "MONTHLY"
  }
}
 no
tags User-Defined tags map(string) {} no

Outputs

No outputs.

Getting Started

This workflow has a few prerequisites which are installed through the ./bin/install-x.sh scripts and are linked below. The install script will also work on your local machine.

We use tfenv to manage terraform versions, so the version is defined in the versions.tf and tfenv installs the latest compliant version. pre-commit is like a package manager for scripts that integrate with git hooks. We use them to run the rest of the tools before apply. terraform-docs creates the beautiful docs (above), tfsec scans for security no-nos, tflint scans for best practices.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 6

Change anomaly detection logic Latest
Aug 20, 2024
+ 5 releases

Packages

No packages published

Languages