An import job copies usage data from cloud accounts into Orbitera's billing system.

Orbitera uses identity and access management (IAM), where you grant Orbitera a role to access the account as a third party. You can revoke Orbitera access at any time. You control access to your data.

What you'll learn

To set up importing of your AWS billing data into the Orbitera platform you need to access both the AWS console and the Orbitera portal.

How will you use this quickstart?

Only read through it Read it and complete the exercises
  1. Log in to your AWS Payer Account console.
  2. Follow these step-by-step instructions to enable Cost and Usage Reports.
  3. Copy the name of your S3 bucket.
  1. In the Orbitera administration console, navigate to Settings.
  2. In the left navigation menu, under Billing, select Cloud Account.
  3. Click Add.
  4. From the Cloud Provider drop down, select Amazon Web Services.
  5. Enter the AWS Payer Account ID number.
    You can find your Account ID on the Account Settings page.
  6. (Optional) Enter an email address and notes.
  7. Check Payer Account.
  8. Click Create.


Keep the window open.

This generates a set of Access Credentials and instructions. In the next step, you will need to refer back to these credentials. At the bottom of the Access Credentials, there is a blank entry for your AWS Role ARN. In the next step, you will create your AWS Role ARN and enter it here.

Overview

Orbitera needs read-only access to the AWS account that contains your billing data. You can grant access to Orbitera by creating an AWS IAM role that "trusts" the Orbitera AWS account. As an additional security precaution, you'll also configure the IAM role to be read only and use an ExternalID (a unique key to be provided by Orbitera at access-time).

For security and auditing purposes, it's recommended that you create a separate, unique role for Orbitera billing access. You own the trust relationship between the Orbitera AWS account and your own account. You can easily revoke the permissions granted to Orbitera by simply logging into the AWS management console and deleting the role.

Procedure

  1. In a different window, log in to your Amazon IAM console.
  2. Select Roles from the left navigation pane.
  3. Click Create role.
  4. Select Another AWS account.
  5. Enter the Account ID: 328676173091.
    This account ID identifies Orbitera.
  6. Click the Require external ID checkbox.
  7. Enter the External ID shown in the Orbitera Settings > Billing > Cloud Accounts window.
  8. Leave Require MFA unselected.

  1. Click Next:Permissions.
  1. Search for and select ReadOnlyAccess from the policy template list.
  1. Click Next Step:Review.
  1. Enter Orbitera as the Role Name.
  1. Click Create Role.
  1. Select the newly created Orbitera role in your roles list.
  1. From the Summary, copy the Role ARN value.
  1. Switch back to the Orbitera console window Access Credentials page.
  2. Paste the Role ARN at the bottom of the Access Credentials.
  3. Click Check now.
  4. Make sure the result is Verified.
  5. Click Save.
  1. In the Orbitera administration console, navigate to the Billing module and click Imports.
  2. Click New Job.
  3. For the Data Source, select AWS Billing Customer Data.
  4. In the Cloud Account dropdown, select the same Payer Account shown on your AWS Account Settings page.
  5. In the Bucket field Input the S3 bucket name shown on your AWS S3 page.
  6. Enter the recurrence, import month, and next run information.
    The import month is the billing period to be imported.
    Example:

  1. Click Save.

I have a large new customer with an existing AWS bill and 100 linked accounts included. I want to combine these 100 accounts into a single Orbitera invoice. The member account billing needs to roll up into the master account and show up in Orbitera. How do I handle this?

In this case, you need to assign each of the 100 linked account IDs to the Orbitera customer, and then re-import any past data that you want to be allocated to that customer after the configuration is complete.

Do I need to add each member account to Orbitera individually?

You do have to assign accounts to Orbitera customers for them to be properly configured.
However, assuming they are included as part of a master payer account that already has an import job configured, you do not need to manually add the account linkedaccountIDs into Orbitera.

That said, you might want to save time by manually adding the linkedaccountIDs when they are known. Newly created accounts only appear in the billing data when they have actual usage.

When a new account appears in the billing data and it has not been added into Orbitera manually, they appear in the cloud accounts table as unassigned. Each of these unassigned accounts should be assigned to an Orbitera customer. In general, you should never allow new accounts to remain in an unassigned state.

If you'd like to proactively configure accounts so they are properly assigned before usage data is generated, you can manually add the account to the cloud accounts table and then assign it to a customer using the normal process, and when usage data does appear it will be appropriately assigned.

I have the master set up with the billing role to pull the data from S3. When I add these member accounts, do I need to re-add the billing role to the accounts, or do I just assign the accounts that are showing up as unassigned to a new customer?

The answer is yes and no. The best practice is to configure a read-only role in each linked account so that Orbitera can see any Reserved Instance (RI) purchases made within that account. Orbitera strongly recommends you build this step into your onboarding process. When we import your usage data, we simultaneously query AWS for each account's RI inventory, which is what we use this role to do.

If you cannot configure this role, the system assumes that the account doesn't own any RIs it happens to use, and will re-price this usage as on-demand. There's also an override option in each customer under Cloud Providers > AWS that allows you to Pass RI Optimization to the customer and not auto-reprice RI usage to On Demand, but this also prevents Orbitera from repricing RI usage for instances owned by other accounts (a margin opportunity for you as a reseller).

You've successfully configured your AWS Billing import.

In this quickstart you learned how to:

As a bonus, you also learned some best practices.

Was this quickstart helpful?

Yes Somewhat No

If you want to learn more, explore these resources: