The sheer power and abundance of AWS services can lead to complex billing structures and potential cost overruns for users. To overcome this and effectively manage and optimize your AWS costs, we can use Komiser, a cloud-agnostic open-source tool that helps in cost management. It also has an enterprise version called Tailwarden.

Komiser is a powerful open-source tool designed to address the complexity of managing and optimizing costs within AWS and other cloud providers. It enables users to gain valuable insights into their cloud spending, identify potential cost overruns, and implement cost-saving measures.

Komiser’s Approach to Cost Optimization

1. Resource Visibility:

Komiser provides a detailed overview of the resources used on AWS, such as EC2 instances, S3 buckets, RDS databases, etc. It categorizes and displays resources in a structured manner, making it easier to identify areas of high resource consumption.

2. Cost Breakdown:

The tool breaks down the costs associated with each resource, allowing the user to identify which services contribute the most to their overall AWS bill. This breakdown helps users prioritize optimization efforts based on the services consuming a significant portion of their budget.

3. Historical Analysis:

Komiser allows users to analyze historical data, helping them track resource usage and cost changes over time. By understanding how usage patterns evolve, users can make informed decisions about scaling resources or adopting alternative services to optimize costs.

4. Recommendations:

The tool provides recommendations for optimizing costs by suggesting potential changes to the user’s resource configurations. This can include resizing instances, modifying storage configurations, or adopting reserved instances to benefit from cost savings plans.

5. Customizable Dashboards:

Komiser offers customizable dashboards that allow users to create views tailored to their specific needs. Users can focus on specific resource types, regions, or cost components to gain deeper insights into the areas that matter most to their organization.

6. Alerting:

Komiser supports alerting functionalities, enabling users to set up notifications based on predefined thresholds for costs or resource usage. Proactive alerts help them address issues in real-time, preventing unexpected spikes in costs.

EKS Installation

Komiser provides official Helm charts for EKS deployment. This can be done by following the below steps:

• Create an IAM OIDC provider for the EKS cluster.
• Create an IAM policy for Komiser with the following policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "1",
      "Effect": "Allow",
      "Action": [
        "ec2:Describe*",
        "elasticloadbalancing:Describe*",
        "autoscaling:Describe*",
        "s3:Describe*",
        "ecs:List*",
        "ce:GetCostAndUsage",
        "ce:GetCostForecast",
        "apigateway:GET",
        "dynamodb:Describe*"
      ],
      "Resource": "*"
    },
    {
      "Sid": "2",
      "Effect": "Allow",
      "Action": [
        "lambda:List*",
        "dynamodb:List*",
        "cloudfront:List*",
        "iam:List*",
        "ecs:Describe*",
        "glacier:List*",
        "sqs:List*",
        "route53:List*",
        "sns:List*",
        "s3:Get*"
      ],
      "Resource": "*"
    },
    {
      "Sid": "3",
      "Effect": "Allow",
      "Action": [
        "acm:List*",
        "mq:List*",
        "cloudwatch:Get*",
        "cloudtrail:LookupEvents",
        "datapipeline:List*",
        "eks:List*",
        "elasticache:Describe*",
        "es:List*",
        "logs:Describe*",
        "rds:Describe*",
        "cloudwatch:Describe*"
      ],
      "Resource": "*"
    },
    {
      "Sid": "4",
      "Effect": "Allow",
      "Action": [
        "glue:Get*",
        "organizations:Describe*",
        "iam:Get*",
        "kinesis:List*",
        "kms:List*",
        "kms:Describe*",
        "redshift:Describe*",
        "tag:Get*",
        "route53:List*",
        "support:Describe*",
        "swf:List*",
        "config:BatchGetResourceConfig"
      ],
      "Resource": "*"
    },
    {
      "Sid": "5",
      "Effect": "Allow",
      "Action": [
        "sns:List*",
        "lambda:List*",
        "kms:List*",
        "pricing:GetProducts",
        "ecr:Describe*",
        "elasticfilesystem:Describe*",
        "rds:Describe*",
        "elasticache:List*",
        "eks:Describe*",
        "elasticloadbalancing:DescribeTags"
      ],
      "Resource": "*"
    }
  ]
}

• Create an IAM role to be used by the Komiser service account.Attach the previously created policy to the role.Add the following trust relationship policy to the role:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Federated": "arn:aws:iam::${ACCOUNT_ID}:oidc-provider/${OIDC_PROVIDER}"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "${OIDC_PROVIDER}:aud": "sts.amazonaws.com",
          "${OIDC_PROVIDER}:sub": "system:serviceaccount:${NAMESPACE}:komiser"
        }
      }
    }
  ]
}

• Clone the official Komiser Helm chart.

git clone https://github.com/tailwarden/helm.git

• Update the templates/service-account.yaml file with the arn of the IAM role which was previously created.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: komiser
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME

• Update the templates/configmap-credentials.yaml to add the AWS account credentials and region.

apiVersion: v1
kind: ConfigMap
metadata:
  name: aws-configmap-credentials
data:
  credentials.yaml: |-
    [default]
    region = [region]
    aws_access_key_id = [access-key-id]
    aws_secret_access_key = [secret-access-key]

• Update the values.yaml to add aws region to scan:

image:
  repository: tailwarden/komiser
  tag: 3.1.0
  pullPolicy: IfNotPresent

aws:
  region: "us-east-1"

• Deploy Komiser to EKS.

helm install -f values.yaml komiser .

The Komiser dashboard can be reached at the Komiser service endpoint.