preview
We're still working on this feature, but we'd love for you to try it out!
This feature is currently provided as part of a preview program pursuant to our pre-release policies.
Manually integrate your AWS account with Cloud Cost Intelligence by configuring the required AWS resources and settings. This method provides complete control over each configuration step.
Setup instructions
重要
For the following steps, sign in to the AWS Management Console and remain signed in throughout the process.
Create S3 bucket for Cost and Usage reports
Create an S3 bucket to store AWS Cost and Usage Reports (CUR). We recommend using the us-east-2 region.
Navigate to S3 service and click Create bucket.
Enter a unique bucket name (for example,
<your-company-name>-billing).Configure bucket settings:
- Enable versioning
- Disable public access (recommended)
- Enable default encryption (recommended)
Tags (Optional): Add any tags if needed for your organization's resource management and click Create bucket.
重要
Remember the bucket name for the following steps.
Configure AWS Cost and Usage Reports
Create a Cost and Usage Report to be delivered to your S3 bucket:
Navigate to Billing Dashboard > Cost & Usage Analysis > Data Exports, then click Create.
Configure report settings:
Setting Value Description Export Type Standard Data ExportDetailed usage and cost information for billing and cost analysis. Export Name NameName for the CUR report (e.g., <company-name>-billing-cci).Data Table CUR 2.0Supports the latest FOCUS format table structure. Include Resource IDs ONEnables detailed tracking of costs by individual AWS resources. Split Cost Allocation Data OFFSimplifies data structure. Leave off unless detailed cost allocation splits are required. Time granularity HourlyRequired for detailed cost and usage analysis. Compression type ParquetColumnar storage format that enhances query performance and reduces storage space. File Versioning Create New Report VersionCreates a new version with each update, retaining historical reports for auditing. Data Refresh Settings AUTOMATICKeeps CUR data up-to-date automatically. Data Export Setting S3 Bucket Select the bucket you created in Create S3 bucket for Cost and Usage reports CUR files are saved in the S3 bucket. Agree to overwrite the policy. S3 path prefix cost-and-usage-reportsOrganizes Cost and Usage Reports within the S3 bucket. Click Next and then Create report.
重要
Remember the export name for CCI integration. Ensure the S3 path prefix is
cost-and-usage-reports. First report delivers within 24 hours; subsequent reports deliver periodically.
Create IAM policy for CCI access
Create an Identity and Access Management (IAM) policy that grants CCI permissions to access your CUR data:
Navigate to IAM service > Policies and click Create policy.
Switch to the JSON editor and paste the following policy:
{"Version": "2012-10-17","Statement": [{"Action": ["s3:Get*", "s3:List*"],"Effect": "Allow","Resource": ["arn:aws:s3:::<bucket-name>/*","arn:aws:s3:::<bucket-name>"],"Sid": "AccessMasterPayerBillingBucket"},{"Effect": "Allow","Action": ["pricing:DescribeServices","pricing:GetAttributeValues","pricing:GetProducts","pricing:GetPriceListFileUrl","pricing:ListPriceLists"],"Resource": ["*"]}]}重要
Replace
bucket-namewith your S3 bucket name from Create S3 bucket for Cost and Usage reports.Click Next.
Name the policy
CCI-Access-Policy(or your preferred name), add a description, and click Create policy.
Create IAM role for CCI to assume
Create an IAM role that CCI will assume to access your CUR data:
Navigate to IAM service > Roles and click Create role.
Select Custom Trust Policy in the trusted entity type section and paste the following role definition:
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": {"AWS": "arn:aws:iam::207192125115:user/cci_global_user"},"Action": "sts:AssumeRole","Condition": {"StringEquals": {"sts:ExternalId": "<externalID>"}}}]}Note
The
externalIdis generated when you start the CCI integration.Click Next.
Attach the policy created in Create IAM policy for CCI access and click Next.
Name the role
CCI-Access-Role(or your preferred name), add a description (optional), and click Create role.Note the Role ARN (Amazon Resource Name) from the role summary page.
重要
You'll need the Role ARN during the CCI integration.
Manually integrate your AWS account
- Navigate to one.newrelic.com > Integrations & Agents > Cloud Cost Intelligence - AWS.
- Select Manually integrate your AWS account and click Continue.
Provide connection details
Enter the required details:
- Connection name: Default name provided. Edit for custom name.
- Cross-account IAM role ARN: Enter the IAM role ARN (Amazon Resource Name) to allow Cloud Cost Intelligence to access your S3 bucket (format:
arn:aws:iam::<account-id>:role/<role-name>). - External ID: Copy the external ID and add it to your IAM role trust policy in AWS.
- Data export name: Enter the name of the data export file. For report
cci-ingestion-test, the path iscost-and-usage-reports/cci-ingestion-test/data. - S3 bucket name: Enter the exact bucket name. Use
us-east-2region for optimal performance.
Configure trust policy
Add the New Relic global user (arn:aws:iam::207192125115:user/cci_global_user) to your IAM role trust policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::207192125115:user/cci_global_user" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "<externalID>" } } } ]}重要
Set sts:ExternalId to the external ID from Provide connection details. Activate AWS Security Token Service (STS) for regions where it's not active by default (for example, ap-east-1, eu-south-1).
Test connection
Click Test connection to verify the connection to your AWS environment.
重要
Initial data processing takes a few hours after setup completes.
Optional: Enable advanced features
Enable these optional features to enhance your AWS cost analysis.
Real-time cost estimation
To enable real-time estimated cost viewing in CCI, meet the prerequisites for your instrumentation method:
Method | Description | When to choose | Prerequisites |
|---|---|---|---|
Infrastructure agent and integrations | Uses the New Relic Infrastructure Agent for detailed monitoring. | For deep visibility/control, ideal for standalone EC2, EKS/EC2, or ECS/EC2 setups. |
|
Cloud integration (metrics) | Utilizes AWS CloudWatch metrics for near real-time monitoring. | When real-time data is essential for dynamic environments. | Set up Amazon CloudWatch Metric Streams. |
Cloud integration (polling) - legacy | Collects data by polling AWS services at intervals. | For environments tolerating less frequent updates. | Set up AWS polling integrations. |
Kubernetes cost allocation
- Install the Kubernetes integration. AWS Fargate integration is not supported.
- Beyond standard Kubernetes labels (
app.kubernetes.io/name,app.kubernetes.io/instance,app.kubernetes.io/component, andapp.kubernetes.io/part-of), add custom labels such asenvironmentandteam, and custom resource tags such asprojectandcostCenterfor better cost segmentation and analysis.
Recommendations
- Configure cost allocation tags in your AWS account. Apply at least two custom resource tags consistently across AWS resources for effective cost filtering and grouping.
- Use an S3 bucket in the
us-east-2region for optimal performance and cost efficiency.
Access control advisory
All users with access to the designated New Relic account/organization can view your AWS cloud cost data. Select the appropriate New Relic account/organization that aligns with your internal access control policies.
重要
S3 bucket access
New Relic only requires read access to your S3 bucket, limited to a single IAM role. Maintain this access level to protect your data.