A Terraform module to set up an AWS cross-account link for Infracost Cloud. This gives Infracost read-only access to AWS APIs to fetch recommendations from AWS Compute Optimizer. This needs to be run against all AWS accounts that have recommendations as Infracost also requires details of the resources that the recommendations apply to. See the main.tf file for the required permissions.
- You have an AWS account
- You need your Infracost Cloud organization ID - find this in the Org Settings of Infracost Cloud
- Use the module to create the cross account role in all AWS accounts that have recommendations. Pass the
infracost_external_idvariable (which points to your Infracost organization ID) to the module.
provider "aws" {
region = "us-west-2"
}
module "infracost" {
source = "github.com/infracost/cross-account-link?v0.2.1"
infracost_external_id = "INFRACOST_ORGANIZATION_ID"
providers = {
aws = aws
}
}
output "infracost_cross_account_role_arn" {
value = module.infracost.role_arn
}-
Run
terraform initandterraform applyto create the cross account role in all AWS accounts. -
Email the
infracost_cross_account_role_arnoutputs to Infracost:
To: [email protected]
Subject: Enable AWS read-only access for Infracost Cloud
Body:
Hi, my name is Rafa and I'm the DevOps Lead at ACME Corporation.
- Infracost Cloud org ID: $YOUR_INFRACOST_ORGANIZATION_ID
- Our AWS Cross Account ARNs are:
<terraform output infracost_cross_account_role_arn>
Regards,
Rafa
When new FinOps policies or features are added, this module may need to be updated to include the new permissions. We will notify you when this is the case so you can update the version of the module.