Hello all I m trying to use the Infracost Terraform module t Infracost Community #help

$https://infracost.io logo$

Hello all! I'm trying to use the Infracost Terrafo...

gorgeous-twilight-75626

09/05/2023, 3:45 PM

Hello all! I'm trying to use the Infracost Terraform module to enable Actual Costs. The issue I'm having is that when I create the resources for my environment, they are being created using my default provider which is in

us-east-2

and not the provider I created for the Infracost module. It seems that the provider variable for the module isn't working properly. I'm following this documentation: https://github.com/infracost/cross-account-link/blob/master/README.md and here is my code:

Copy code

# Do not change this, this is the only region that the AWS CUR API supports, this should not matter for
# you as your bucket can live in another region (described above).
provider "aws" {
  alias  = "us_east_1"
  region = "us-east-1"
}

module "infracost" {
  source = "<http://github.com/infracost/cross-account-link|github.com/infracost/cross-account-link>"
  infracost_external_id = "INFRACOST_ORGANIZATION_ID"
  # add a provider for region `us-east-1` and pass this in using aws.us_east_1 alias.
  providers = {
    aws.us_east_1 = aws.us_east_1
  }
}

output "infracost_cross_account_role_arn" {
  value = module.infracost.role_arn
}

output "infracost_cur_bucket_arn" {
  value = module.infracost.bucket_arn
}

But these are the outputs I'm getting from Terraform (I've replaced the account number with XXX):

Copy code

Terraform will perform the following actions:

  # module.infracost.aws_cur_report_definition.costand_usage_report will be created
  + resource "aws_cur_report_definition" "costand_usage_report" {
      + additional_schema_elements = [
          + "RESOURCES",
        ]
      + arn                        = (known after apply)
      + compression                = "GZIP"
      + format                     = "textORcsv"
      + id                         = (known after apply)
      + refresh_closed_reports     = true
      + report_name                = "InfracostReportXXXXXXXXXXXXXX"
      + report_versioning          = "OVERWRITE_REPORT"
      + s3_bucket                  = "infracost-cur-XXXXXXXXXXXXXXXXX"
      + s3_prefix                  = "daily-v1"
      + s3_region                  = "us-east-2"
      + time_unit                  = "DAILY"
    }

  # module.infracost.aws_s3_bucket_notification.sns_topic will be created
  + resource "aws_s3_bucket_notification" "sns_topic" {
      + bucket      = "infracost-cur-XXXXXXXXXXXXXXXXXX"
      + eventbridge = false
      + id          = (known after apply)

      + topic {
          + events        = [
              + "s3:ObjectCreated:*",
            ]
          + filter_suffix = "Manifest.json"
          + id            = (known after apply)
          + topic_arn     = "arn:aws:sns:us-east-2:XXXXXXXXXXX:cur-uploaded"
        }
    }

Any help is appreciated! Thank you!

crooked-daybreak-55253

09/05/2023, 4:01 PM

Hi Shaq, let me take a look

crooked-daybreak-55253

09/05/2023, 4:20 PM

So you’re surprised to see the s3 bucket created in

us-east-2

even though you’re passing the

<http://aws.us|aws.us>__east_1_

alias to the module right? I think this is actually ok. The

aws_cur_report_definition

needs to be created in us-east-1, but the s3 bucket itself can be in another region.

gorgeous-twilight-75626

09/05/2023, 4:29 PM

Thanks for the reply Tim! If that's not the issue then I'll keep digging to figure out where the issue is on my end.

crooked-daybreak-55253

09/05/2023, 4:30 PM

What’s the problem you’re running into? Are the CUR reports being created?

gorgeous-twilight-75626

09/05/2023, 4:35 PM

It previously was this error:

Copy code

│ Error: putting S3 Bucket Notification Configuration: InvalidArgument: Unable to validate the following destination configurations
│       status code: 400, request id: 2NMDPPYZ8YECJJ2V, host id: b51xW0qHu8EqBYC8vZYk7VZmT1cGaAt275S5bWpGAWCl1haHMclb5lsiTWLlTgAK9CXGzuXTjt4=
│ 
│   with module.infracost.aws_s3_bucket_notification.sns_topic,
│   on .terraform/modules/infracost/main.tf line 356, in resource "aws_s3_bucket_notification" "sns_topic":
│  356: resource "aws_s3_bucket_notification" "sns_topic" {
│ 
╵
╷
│ Error: creating Cost And Usage Report Definition (InfracostReportXXXXXXXXXXXXX): ValidationException: Failed to verify customer bucket permission. accountId= XXXXXXXX, bucket name: infracost-cur-XXXXXXXXXXXX, bucket region: us-east-2
│ 
│   with module.infracost.aws_cur_report_definition.costand_usage_report,
│   on .terraform/modules/infracost/main.tf line 418, in resource "aws_cur_report_definition" "costand_usage_report":
│  418: resource "aws_cur_report_definition" "costand_usage_report" {

Which I thought may have been correlated with the regions for Infracost, but now I see it may have been because my default provider uses a

profile

variable to separate my AWS creds for CLI. And it was using my default credentials instead of the

profile

credentials. After adding my

profile

to the

provider

for Infracost, I'm getting a better error that's permissions related.

4 Views

Open in Slack

Previous Next