AWS Billing Cloudwatch Alarm terraform module: terraform-aws-cost-mgmt-billing-alarm

Adds a billing alert with optional sns topic creation (or use a pre-existing one) to alert when a U$S (currency actually configurable) billing threshold is reached.

If aws_sns_topic_enabled = true then you'll still need to subscribe to the created SNS topic manually (please check Important Consderations section for detailed info).

Releases

• Versions: <= 0.x.y (Terraform 0.11.x compatible)

  • eg: https://registry.terraform.io/modules/binbashar/cost-budget/aws/0.0.1

• Versions: >= 1.x.y (Terraform 0.12.x compatible -> WIP)

  • eg: https://registry.terraform.io/modules/binbashar/cost-budget/aws/1.0.0

Requirements

Name	Version
terraform	>= 0.12.28
aws	>= 2.70.0

Providers

Name	Version
aws	>= 2.70.0

Modules

No modules.

Resources

Name	Type
aws_cloudwatch_metric_alarm.account_billing_alarm	resource
aws_sns_topic.sns_alert_topic	resource

Inputs

Name	Description	Type	Default	Required
aws_account_id	AWS account id	string	null	no
aws_env	AWS environment you are deploying to. Will be appended to SNS topic and alarm name. (e.g. dev, stage, prod)	string	n/a	yes
create_sns_topic	Creates a SNS Topic if true.	bool	true	no
currency	Short notation for currency type (e.g. USD, CAD, EUR)	string	"USD"	no
monthly_billing_threshold	The threshold for which estimated monthly charges will trigger the metric alarm.	string	n/a	yes
sns_topic_arns	List of SNS topic ARNs to be used. If create_sns_topic is true, it merges the created SNS Topic by this module with this list of ARNs	list(string)	[]	no
datapoints_to_alarm	The number of datapoints that must be breaching to trigger the alarm.	number	null	no
tags	A mapping of tags to assign to all resources	map(string)	{}	no

Outputs

Name	Description
sns_topic_arns	List of SNS Topic ARNs to be subscribed to in order to delivery the clodwatch billing alarms

The module outputs one block, sns_topic_arns. Access it like this:

output "sns_topic_arns" {
  value = module.billing_alert.sns_topic_arns
}

Examples

For an specific account

cloudwatch-billing-alert-to-new-sns-with-acct-id

module "billing_alert" {
  source = "binbashar/cost-billing-alarm/aws"

  aws_env = "${var.aws_profile}"
  aws_account_id = 111111111111
  monthly_billing_threshold = 500
  currency = "USD"
}

output "sns_topic_arn" {
  value = "${module.billing_alert.sns_topic_arn}"
}
# Will output the following:
# arn:aws:sns:us-east-1:111111111111:billing-alarm-notification-usd-dev for billing alarms

cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id

module "billing_cloudwatch_alert" {
  source = "binbashar/cost-billing-alarm/aws"

  aws_env = "${var.aws_profile}"
  aws_account_id = 111111111111
  monthly_billing_threshold = 500
  currency = "USD"
}

For a consolidated billing account aws-org like approach (or single account)

cloudwatch-billing-alert-to-new-sns-with-consolidated-acct

module "billing_alert" {
  source = "binbashar/cost-billing-alarm/aws"

  aws_env = "${var.aws_profile}"
  monthly_billing_threshold = 500
  currency = "USD"
}

output "sns_topic_arn" {
  value = "${module.billing_alert.sns_topic_arn}"
}
# Will output the following:
# arn:aws:sns:us-east-1:111111111111:billing-alarm-notification-usd-dev for billing alarms

cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct

module "billing_cloudwatch_alert" {
  source = "binbashar/cost-billing-alarm/aws"

  aws_env = "${var.aws_profile}"
  monthly_billing_threshold = 500
  currency = "USD"
}

---

Important Considerations

• This metric is checked every 8 hours, and a single metric sample above the threshold amount will trigger an alarm state. The metric is named billing-alarm-${lower(currency)}-${aws_env}

• If aws_sns_topic_enabled = true the alarm action is automatically set to the created SNS topic, billing-alarm-notification-${lower(currency)}-${aws_env}. YOU MUST MANUALLY SUBSCRIBE TO THIS SNS TOPIC.

  !! MANUAL STEP : !! Subscribe emails to arn:aws:sns:us-east-1:111111111111:billing-alarm-notification-usd-dev for billing alarms

Binbash Leverage | DevOps Automation Code Library Integration

In order to get the full automated potential of the Binbash Leverage DevOps Automation Code Library
you should initialize all the necessary helper Makefiles.

How?

You must execute the make init-makefiles command at the root context

╭─delivery at delivery-I7567 in ~/terraform/terraform-aws-backup-by-tags on master✔ 20-09-17
╰─⠠⠵ make
Available Commands:
 - init-makefiles     initialize makefiles

Why?

You'll get all the necessary commands to automatically operate this module via a dockerized approach, example shown below

╭─delivery at delivery-I7567 in ~/terraform/terraform-aws-backup-by-tags on master✔ 20-09-17
╰─⠠⠵ make
Available Commands:
 - circleci-validate-config  ## Validate A CircleCI Config (https
 - format-check        ## The terraform fmt is used to rewrite tf conf files to a canonical format and style.
 - format              ## The terraform fmt is used to rewrite tf conf files to a canonical format and style.
 - tf-dir-chmod        ## run chown in ./.terraform to gran that the docker mounted dir has the right permissions
 - version             ## Show terraform version
 - init-makefiles      ## initialize makefiles

╭─delivery at delivery-I7567 in ~/terraform/terraform-aws-backup-by-tags on master✔ 20-09-17
╰─⠠⠵ make format-check
docker run --rm -v /home/delivery/Binbash/repos/Leverage/terraform/terraform-aws-backup-by-tags:"/go/src/project/":rw -v :/config -v /common.config:/common-config/common.config -v ~/.ssh:/root/.ssh -v ~/.gitconfig:/etc/gitconfig -v ~/.aws/bb:/root/.aws/bb -e AWS_SHARED_CREDENTIALS_FILE=/root/.aws/bb/credentials -e AWS_CONFIG_FILE=/root/.aws/bb/config --entrypoint=/bin/terraform -w "/go/src/project/" -it binbash/terraform-awscli-slim:0.12.28 fmt -check

Release Management

CircleCi PR auto-release job

• pipeline-job (NOTE: Will only run after merged PR)
• releases
• changelog