forked from aws-samples/aws-cost-explorer-report
-
Notifications
You must be signed in to change notification settings - Fork 0
/
easy_deploy.yaml
122 lines (121 loc) · 3.36 KB
/
easy_deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Parameters:
SESSendFrom:
Type: String
Description: Email thats authorised in this account for SES sending. Will not email
if blank
SESSendTo:
Type: String
Description: List of comma seperated emails to send to
SESRegion:
Type: String
Default: us-east-1
Description: Region you have configured SES in (Default us-east-1)
S3Bucket:
Type: String
Description: S3 Bucket to store the report in
AccountLabel:
Type: String
Default: Email
Description: Email or Name, default is Email
ListOfCostTags:
Type: String
Description: Comma seperated list of all Cost Allocation Tags
CurrentMonth:
Type: String
Description: true | false for if current partial month included
DayOfMonth:
Type: Number
Default: 6
Description: DayOfMonth for Schedule, default 6 - use 12 if you want to report
refunds and finalised Enterprise Support.
Resources:
CostExplorerReportLayer:
Type: AWS::Serverless::LayerVersion
Properties:
ContentUri: s3://aws-cost-explorer-report-release/layer.zip
CompatibleRuntimes:
- python3.8
Metadata:
BuildMethod: python3.8
CostExplorerReport:
Type: AWS::Serverless::Function
Properties:
FunctionName: CostExplorerReportLambda
Description: Function for generating / sending monthly cost report
MemorySize: 256
Timeout: 60
Handler: lambda.main_handler
Runtime: python3.8
CodeUri: s3://aws-cost-explorer-report-release/lambda.zip
Layers:
- Ref: CostExplorerReportLayer
Role:
Fn::GetAtt:
- CostExplorerReportLambdaIAMRole
- Arn
Environment:
Variables:
S3_BUCKET:
Ref: S3Bucket
SES_SEND:
Ref: SESSendTo
SES_FROM:
Ref: SESSendFrom
SES_REGION:
Ref: SESRegion
COST_TAGS:
Ref: ListOfCostTags
ACCOUNT_LABEL:
Ref: AccountLabel
CURRENT_MONTH:
Ref: CurrentMonth
INC_SUPPORT: 'false'
INC_TAX: 'true'
Events:
MonthlyEvent:
Properties:
Schedule:
Fn::Sub: cron(0 1 ${DayOfMonth} * ? *)
Type: Schedule
CostExplorerReportLambdaIAMRole:
Type: AWS::IAM::Role
Properties:
Path: /
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Policies:
- PolicyName: root
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ce:*
Resource: '*'
- Effect: Allow
Action:
- organizations:ListAccounts
Resource: '*'
- Effect: Allow
Action:
- ses:SendEmail
- ses:SendRawEmail
Resource: '*'
- Effect: Allow
Action:
- s3:PutObject
- s3:PutObjectAcl
Resource:
Fn::Sub: arn:aws:s3:::${S3Bucket}/*
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: AllowLambdaServiceToAssumeRole
Effect: Allow
Action:
- sts:AssumeRole
Principal:
Service:
- lambda.amazonaws.com