AWS Marketplace
Integrating Flexera Optima with AWS Control Tower
AWS Control Tower enables customers of all sizes to implement a multi-account strategy built on AWS Organizations. One of the key features of AWS Organizations is consolidated billing, which rolls up all of the charges incurred in member accounts to the AWS Organizations management account. There, costs can be viewed and analyzed in AWS Cost Explorer. Some customers need more detail or have more complex cost reporting requirements than what AWS Cost Explorer supports. For those use cases, AWS provides access to granular billing data and APIs that can be consumed by robust cost reporting platforms, such as Flexera’s Optima Cloud Cost Management.
One of the biggest challenges when optimizing cloud costs is implementing recommended savings across large organizations, where control of cloud accounts is decentralized. Flexera Optima offers a unique approach to cost management and optimization that enables cloud governance teams to work collaboratively with business units and cloud resource owners to reduce wasted cloud spend.
In this blog post, Edwin and I show you to register your AWS Control Tower environment and member accounts with Flexera Optima. We do this by deploying an AWS CloudFormation template in to the AWS Control Tower management account. This template creates all the necessary Amazon S3 buckets, service roles, and service integrations between AWS and Flexera.
In order to deploy this solution, you will need:
- An AWS Control Tower environment. This solution must be deployed in the Control Tower management account.
- A Flexera Optima subscription. Flexera Optima can be purchased.
Solution overview
Flexera provides a CloudFormation template that creates all of the necessary resources in AWS and pulls source code for the onboarding Lambda function from an S3 bucket that Flexera owns and maintains. Flexera uses a cross-account role to retrieve data from the Cost and Usage Report S3 bucket in your management account.
The template deploys the following resources:
- The AWS Control Tower Flexera template creates an S3 bucket for cost and usage reporting.
- The template creates a an IAM role with permission to write to the local LambdaZipsBucket.
- The template creates the OptimalOnboarding Lambda function, which pulls Lambda code from your local S3 bucket.
- The template creates the Lambda zips bucket. This bucket stores a local copy of AWS Lambda function code from the Flexera QSS3Bucket.
- The template creates the CopyZipsFunction Lambda function.
- The CopyZips Lambda function copies the OptimaOnboarding Lambda function code to the local LambdaZipsBucket. Refer to the following diagram.
- The OptimaConnectRole allows Flexera Optima to call GetObjects from the billing S3Bucket as well as list and describe operations in AWS Organizations.
- The OptimaOnboarding Lambda function calls the Flexera Optima API and provides information about the AWS environment and S3 bucket locations. Refer to the following diagram.
Solution walkthrough
To get started deploying the solution complete the following steps:
- Download the AWS CloudFormation template from Flexera’s GitHub
- In the AWS Management Console, choose Services. Under Management and Governance, choose CloudFormation.
- On the AWS CloudFormation page upper right, choose Create Stack and then With new resources (standard).
- Under Specify Template, choose Upload a template file and then choose Choose File. Select the template that you downloaded in step 1. Choose Next.
- Enter a name for your stack and provide values for the following parameters:
Parameter | Description | Required |
FlexeraOrgId | The numeric ID of your Flexera organization. Get it from the Flexera console’s URL when you’re logged in. | Yes. |
RefreshToken | Your API refresh token. To get it from the Flexera console, choose User Settings and then choose API Credentials. | Yes. |
S3Bucket | The name of the S3 bucket where your hourly Cost and Usage Report is stored. Leave it empty to allow for auto-creation. | No, automatically created if no value is supplied. |
S3Prefix | The name of the S3 bucket prefix where your hourly Cost and Usage Report is stored. Leave it empty to allow for auto-creation. | No, automatically created if no value is supplied. |
QSS3BucketName | The Flexera S3 bucket where the Lambda function package lives. Don’t modify this parameter unless the Flexera team requires you to do so. | No, automatically uses the Flxlambda bucket. |
QSS3KeyPrefix | The Flexera S3 bucket prefix where the Lambda function package lives. Don’t modify this parameter unless the Flexera team requires you to do so. | No, automatically uses the assets/ prefix. |
After you supply these parameters, launch the stack. It takes a few minutes for the stack to complete. To verify when it’s completed, open the AWS CloudFormation console, choose Stacks, choose the stack name you supplied in step 5 earlier, and then and choose Resources. The Status column shows the status for your current resources.
Verify onboarding
To verify that your organization has been onboarded to Flexera, do the following.
- Navigate to the Flexera console.
- On the left menu, choose Administration, and then under Cloud Settings, choose Settings.
- The cross-account role appears on the Billing Configuration The following screenshot shows the Flexera console open to the Settings tab, with Billing Configuration highlighted and AWS Cross-Account Role visible.
Next steps
Now that you have deployed the Flexera CloudFormation template, newly created accounts in AWS Control Tower will be registered automatically in Flexera Optima. As you add accounts to your environment, their cost and usage data will be displayed in Optima.
To get started analyzing your billing data in Optima, we recommend creating billing centers to allocate cloud costs to your teams and provide them access to their data. You can also prepare for a cost optimization assessment. For more information, watch the Optima training videos.
Cleaning up
Should you decide not to use Flexera Optima, you must take the following actions to avoid unwanted usage charges:
- Empty the LambdaZipsBucket S3 bucket.
- Delete the Flexera CloudFormation Stack.
- If you subscribed to Flexera Optima through AWS Marketplace, you must cancel your subscription.
Conclusion
In this blog post, we showed you how to onboard your AWS Control Tower environment to Flexera Optima using the AWS CloudFormation template provided by Flexera. We explained how the components of the template work and are deployed. After deploying this solution, can centrally report on and manage costs from your AWS Control Tower environment in Flexera Optima.
About the authors
Jeff Stockamp is a Senior Solutions Architect based in Seattle, Washington. Jeff helps guide customers as they build well architected-applications and migrate workloads to AWS. Jeff holds both the AWS Certified Professional Solutions Architect and DevOps Engineer certifications as well as Networking and Security Specialty certifications. | |
Edwin Gonzalez is a Senior Solutions Architect at Flexera where he works with enterprise clients, providing them with architectural best practices and cost optimization recommendations. He has worked with public and private clouds for over 10 years. When he’s not on a terminal, he’s riding his bike, making excellent coffee and spending time with his family.
|