Dev.to

Manage your custom Billing Views as code

The custom billing view was introduced by AWS back in December 2024, but still a lot of customers have not discovered it. Make sure to take a look if this is new to you and your teams care about the AWS bill. Background Earlier the billing view in AWS was only visible for two different areas, single account view and organizational view (all accounts in an AWS organization). That goes for both the dashoboard as well as the cost explorer. You could filter on accounts in the cost explorer, but that required access to the management account. Custom billing views are here This new feature let us create and share separate views for different purposes. This is a very noce feature in an environment where you for example have different accounts for different teams and environments. A custom billing view contain a dashboard and cost-explorer with access to what you define for that view. You can create views (in the management account) which are either account-based or cost-tag-based filters, and they look like this (with a selector in the upper left corner). After creating a view you can share it with one or more AWS accounts within your organization. This sharing is done with RAM (Resource Access Manager) Managing billing views with CLI Because we do not want to do click-ops, we need a way to automate this. Here we can use the AWS CLI. Let us have some variables to make things easier: $teamName = name of team $teamAccounts = account(s) where the team view their billingdata (example "123456789012 123456789999") $dataFilter = list of accounts to include in the report, for example dev, stage and prod accounts. The dataFilter must be on the following format { "dimensions": { "key": "LINKED_ACCOUNT", "values": [ "123456789012", "210987654321", "121314151616" ] } } Create a view Here we create a view and keep the ARN in a variable for later use billingviewARN=$(aws billing create-billing-view --name '$teamName' --source-views arn:aws:billing::123456789012:billingview/primary --data-filter-expression $dataFilter --query arn) Note that a billing-view need a "parent" view, which has to be primary A billing-view can also be tagged, and the tag can be used in a policy if you like to restrict access to a view. Share the view with one or more accounts For sharing the billing-view with one or more accounts, a persmisson policy is required - for billingview you use arn:aws:ram::aws:permission/AWSRAMDefaultPermissionBillingView If you like to alter the permissions yourself you can also make your own policy in RAM. Sharing is done like this: aws --region us-east-1 ram create-resource-share --name "$teamName" --resource-arns $billingviewARN --principals $teamAccounts --permission-arns arn:aws:ram::aws:permission/AWSRAMDefaultPermissionBillingView --no-allow-external-principals To avoid shareing with external account I use no-allow-external-principals. This specifies that principals outside your organization can not be associated with this resource share. IMPORTANT Everything related to billing is in us-east-1 so make sure you use the CLI with the correct region when using RAM Summary You should now be able to automate the creation and sharing of custom billing views in your AWS organization. This is much more scalable if you have multiple teams, and you add a script to the on-baording-process. Let the cost be visible to different teams so each team can be better equiped to keep the cost down. References: AWS CLI billing https://awscli.amazonaws.com/v2/documentation/api/latest/reference/billing/index.html#cli-aws-billing AWS CLI RAM https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ram/index.html#cli-aws-ram

Apr 7, 2025 - 11:59
 0
Manage your custom Billing Views as code

The custom billing view was introduced by AWS back in December 2024, but still a lot of customers have not discovered it. Make sure to take a look if this is new to you and your teams care about the AWS bill.

Background

Earlier the billing view in AWS was only visible for two different areas, single account view and organizational view (all accounts in an AWS organization). That goes for both the dashoboard as well as the cost explorer. You could filter on accounts in the cost explorer, but that required access to the management account.

Custom billing views are here

This new feature let us create and share separate views for different purposes. This is a very noce feature in an environment where you for example have different accounts for different teams and environments.

A custom billing view contain a dashboard and cost-explorer with access to what you define for that view. You can create views (in the management account) which are either account-based or cost-tag-based filters, and they look like this (with a selector in the upper left corner).

Image description

After creating a view you can share it with one or more AWS accounts within your organization. This sharing is done with RAM (Resource Access Manager)

Managing billing views with CLI

Because we do not want to do click-ops, we need a way to automate this. Here we can use the AWS CLI.

Let us have some variables to make things easier:

  • $teamName = name of team
  • $teamAccounts = account(s) where the team view their billingdata (example "123456789012 123456789999")
  • $dataFilter = list of accounts to include in the report, for example dev, stage and prod accounts. The dataFilter must be on the following format 
{
  "dimensions": {
    "key": "LINKED_ACCOUNT",
    "values": [
      "123456789012",
      "210987654321",
      "121314151616"
    ]
  }
}

Create a view

Here we create a view and keep the ARN in a variable for later use

billingviewARN=$(aws billing create-billing-view --name '$teamName' --source-views arn:aws:billing::123456789012:billingview/primary --data-filter-expression $dataFilter --query arn)
Note that a billing-view need a "parent" view, which has to be primary

A billing-view can also be tagged, and the tag can be used in a policy if you like to restrict access to a view.

Share the view with one or more accounts

For sharing the billing-view with one or more accounts, a persmisson policy is required - for billingview you use
arn:aws:ram::aws:permission/AWSRAMDefaultPermissionBillingView
If you like to alter the permissions yourself you can also make your own policy in RAM.

Sharing is done like this:
aws --region us-east-1 ram create-resource-share --name "$teamName" --resource-arns $billingviewARN --principals $teamAccounts --permission-arns arn:aws:ram::aws:permission/AWSRAMDefaultPermissionBillingView --no-allow-external-principals

To avoid shareing with external account I use no-allow-external-principals. This specifies that principals outside your organization can not be associated with this resource share.

IMPORTANT Everything related to billing is in us-east-1 so make sure you use the CLI with the correct region when using RAM

Summary

You should now be able to automate the creation and sharing of custom billing views in your AWS organization. This is much more scalable if you have multiple teams, and you add a script to the on-baording-process. Let the cost be visible to different teams so each team can be better equiped to keep the cost down.

References:

Read More

Tags:

Previous Article

Exploring Innovative Open Source Front End Projects to Boost Your Skills in 2025

Next Article

My First DEV.to Post via Python

Related Posts

An Actually Productive Arch Linux Setup

An Actually Productive Arch Linux Setup

Feb 28, 2025  0

How to Use APIs in Your Applications

How to Use APIs in Your Applications

Apr 4, 2025  0

Deploying Redis and an ECS Service with websocket on AWS with Terraform

Deploying Redis and an ECS Service with websocket on AW...

Apr 2, 2025  0