https://infracost.io logo
#help
Title
# help
g

gorgeous-twilight-75626

09/05/2023, 3:45 PM
Hello all! I'm trying to use the Infracost Terraform module to enable Actual Costs. The issue I'm having is that when I create the resources for my environment, they are being created using my default provider which is in
us-east-2
and not the provider I created for the Infracost module. It seems that the provider variable for the module isn't working properly. I'm following this documentation: https://github.com/infracost/cross-account-link/blob/master/README.md and here is my code:
Copy code
# Do not change this, this is the only region that the AWS CUR API supports, this should not matter for
# you as your bucket can live in another region (described above).
provider "aws" {
  alias  = "us_east_1"
  region = "us-east-1"
}

module "infracost" {
  source = "<http://github.com/infracost/cross-account-link|github.com/infracost/cross-account-link>"
  infracost_external_id = "INFRACOST_ORGANIZATION_ID"
  # add a provider for region `us-east-1` and pass this in using aws.us_east_1 alias.
  providers = {
    aws.us_east_1 = aws.us_east_1
  }
}

output "infracost_cross_account_role_arn" {
  value = module.infracost.role_arn
}

output "infracost_cur_bucket_arn" {
  value = module.infracost.bucket_arn
}
But these are the outputs I'm getting from Terraform (I've replaced the account number with XXX):
Copy code
Terraform will perform the following actions:

  # module.infracost.aws_cur_report_definition.costand_usage_report will be created
  + resource "aws_cur_report_definition" "costand_usage_report" {
      + additional_schema_elements = [
          + "RESOURCES",
        ]
      + arn                        = (known after apply)
      + compression                = "GZIP"
      + format                     = "textORcsv"
      + id                         = (known after apply)
      + refresh_closed_reports     = true
      + report_name                = "InfracostReportXXXXXXXXXXXXXX"
      + report_versioning          = "OVERWRITE_REPORT"
      + s3_bucket                  = "infracost-cur-XXXXXXXXXXXXXXXXX"
      + s3_prefix                  = "daily-v1"
      + s3_region                  = "us-east-2"
      + time_unit                  = "DAILY"
    }

  # module.infracost.aws_s3_bucket_notification.sns_topic will be created
  + resource "aws_s3_bucket_notification" "sns_topic" {
      + bucket      = "infracost-cur-XXXXXXXXXXXXXXXXXX"
      + eventbridge = false
      + id          = (known after apply)

      + topic {
          + events        = [
              + "s3:ObjectCreated:*",
            ]
          + filter_suffix = "Manifest.json"
          + id            = (known after apply)
          + topic_arn     = "arn:aws:sns:us-east-2:XXXXXXXXXXX:cur-uploaded"
        }
    }
Any help is appreciated! Thank you!
c

crooked-daybreak-55253

09/05/2023, 4:01 PM
Hi Shaq, let me take a look
So you’re surprised to see the s3 bucket created in
us-east-2
even though you’re passing the
<http://aws.us|aws.us>__east_1_
alias to the module right? I think this is actually ok. The
aws_cur_report_definition
needs to be created in us-east-1, but the s3 bucket itself can be in another region.
g

gorgeous-twilight-75626

09/05/2023, 4:29 PM
Thanks for the reply Tim! If that's not the issue then I'll keep digging to figure out where the issue is on my end.
c

crooked-daybreak-55253

09/05/2023, 4:30 PM
What’s the problem you’re running into? Are the CUR reports being created?
g

gorgeous-twilight-75626

09/05/2023, 4:35 PM
It previously was this error:
Copy code
│ Error: putting S3 Bucket Notification Configuration: InvalidArgument: Unable to validate the following destination configurations
│       status code: 400, request id: 2NMDPPYZ8YECJJ2V, host id: b51xW0qHu8EqBYC8vZYk7VZmT1cGaAt275S5bWpGAWCl1haHMclb5lsiTWLlTgAK9CXGzuXTjt4=
│ 
│   with module.infracost.aws_s3_bucket_notification.sns_topic,
│   on .terraform/modules/infracost/main.tf line 356, in resource "aws_s3_bucket_notification" "sns_topic":
│  356: resource "aws_s3_bucket_notification" "sns_topic" {
│ 
╵
╷
│ Error: creating Cost And Usage Report Definition (InfracostReportXXXXXXXXXXXXX): ValidationException: Failed to verify customer bucket permission. accountId= XXXXXXXX, bucket name: infracost-cur-XXXXXXXXXXXX, bucket region: us-east-2
│ 
│   with module.infracost.aws_cur_report_definition.costand_usage_report,
│   on .terraform/modules/infracost/main.tf line 418, in resource "aws_cur_report_definition" "costand_usage_report":
│  418: resource "aws_cur_report_definition" "costand_usage_report" {
Which I thought may have been correlated with the regions for Infracost, but now I see it may have been because my default provider uses a
profile
variable to separate my AWS creds for CLI. And it was using my default credentials instead of the
profile
credentials. After adding my
profile
to the
provider
for Infracost, I'm getting a better error that's permissions related.
4 Views