Deploy core infrastructure for data retrieval

Create Reusable Resource

The first step is to create a set of reusable resources that can be passed into the other modules.

  1. Click Launch CloudFormation Template if you are deploying to your Cost Optimization linked account (recommended)

Or if you wish to keep this on your local machine please copy the below and deploy how you would normally:

AWSTemplateFormatVersion: '2010-09-09'
Description: Main CF template that builds shared resources and other stacks
Parameters:
    DestinationBucket:
        Type: String
        Description: Name of the S3 Bucket that needs to be created to hold information
        AllowedPattern: (?=^.{3,63}$)(?!^(\d+\.)+\d+$)(^(([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])$)
        Default: costoptimizationdatacollectionbucket
    ManagementAccountRole: 
        Type: String
        Description: This will be the name of the IAM role that will be deployed in the management account which can retrieve AWS Org data. This is deployed in the next step
        Default: Lambda-Assume-Role-Management-Account
    ManagementAccountID: 
        Type: String
        Description: Your Management Account ID
    MultiAccountRoleName:
        Type: String
        Description: This will be the name of the IAM role that will be deployed from the management account to linked accounts as a read only role
        Default: "Optimization-data-Multi-Account-Role"
    CodeBucket:
        Type: String
        Description: An AWS owned S3 Bucket that exists and holds code for the modules. Please choose from the list below depending on your region. The Default is in Oregon
        AllowedValues:
        - aws-well-architected-labs-ireland
        - aws-well-architected-labs
        - aws-well-architected-labs-ohio
        - aws-well-architected-labs-virginia
        - aws-well-architected-labs-california
        - aws-well-architected-labs-oregon
        - aws-well-architected-labs-singapore
        - aws-well-architected-labs-frankfurt
        - aws-well-architected-labs-london
        - aws-well-architected-labs-stockholm
Outputs:
    S3Bucket:
        Description: Name of S3 Bucket which will store the AWS Cost Explorer Rightsizing recommendations
        Value:
            Ref: S3Bucket
    S3BucketARN:
        Description: ARN of S3 Bucket which will store the AWS Cost Explorer Rightsizing recommendations
        Value:
            Fn::GetAtt:
                - S3Bucket
                - Arn 
#Reusable Resources:
Resources:
    S3Bucket:
        Type: 'AWS::S3::Bucket'
        Properties:
            BucketName:
                !Sub "${DestinationBucket}${AWS::AccountId}"
            VersioningConfiguration:
                Status: Enabled
            BucketEncryption:
                ServerSideEncryptionConfiguration:
                - ServerSideEncryptionByDefault:
                    SSEAlgorithm: AES256
    GlueRole:
        Type: AWS::IAM::Role
        Properties:
            RoleName: AWS-OPTICS-Glue-Crawler
            AssumeRolePolicyDocument:
                Statement:
                    - Action:
                        - sts:AssumeRole
                      Effect: Allow
                      Principal:
                        Service:
                          - glue.amazonaws.com
                Version: 2012-10-17
            ManagedPolicyArns:
                - arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole
            Path: /
            Policies:
                - PolicyName: "Put-S3"
                  PolicyDocument:
                    Version: "2012-10-17"
                    Statement:
                      - Effect: "Allow"
                        Action:
                          - "s3:PutObject"
                          - "s3:GetObject"
                        Resource: !Join
                          - ''
                          - - !GetAtt S3Bucket.Arn 
                            - '*'

For the CodeBucket Parameter, if deploying in Oregon leave as CodeBucket: aws-well-architected-labs

  1. Click Next. Images/upload_templates3.png

  2. Call the stack OptimizationDataCollectionStack and fill in the parameters with the information described. The Role mentioned will be deployed in the next step. Select the Code bucket for the region you are in. Click Next and Next again Images/Main_CF_Parameters.png

  3. Tick the box ‘I acknowledge that AWS CloudFormation might create IAM resources with custom names.' and click Create stack. Images/Tick_Box.png

  4. Wait until your CloudFormation has a status of CREATE_COMPLETE. Images/Main_CF_Deployed.png

We will edit this template in designer in the AWS Console. If you wish to keep a version locally then download and manage how you would normally.