How to utilize the recently added Cost Allocation Tags functionality in AWS Secrets Manager
This post explains how to use Secrets Manager Costs Allocation Tags, a new feature, to gain more insight into your Secrets Manager expenses.
Throughout their lifecycles, database credentials, application credentials, API keys, and other secrets can be managed, retrieved, and rotated with the help of AWS Secrets Manager. In order to avoid unauthorized access to secrets by someone looking through your source code, configuration, or components, it helps to replace hard-coded credentials in application source code with runtime calls to retrieve credentials dynamically. Cost allocation tags are managed at the payer account level.
Prior to this feature’s release, your AWS bill would only display the total cost of Secrets Manager for a particular account; it would not be possible to separate charges per secret to a particular cost centre or organisation.
AWS Secrets Manager Cost Allocation Tags
The new functionality is called AWS Secrets Manager Cost Allocation Tags. Assigning a key-value pair to an AWS resource is possible with Cost Allocation Tags, a general AWS functionality. As cost allocation tags, these tags can be enabled in AWS Cost Explorer. They enable you to classify and monitor expenses using these tags once they are activated. To designate resources that belong to the engineering team, for instance, you may make a tag group with the value Engineering. You can track charges, filter or group by tags in Cost Explorer, and add tags to reports for analysis and visualisation, such as cost and use reports, once you’ve activated this tag for cost allocation.
Cost allocation tags are now supported by AWS Secrets Manager, giving you more precise control and insight into your Secrets Manager expenses. You can more thoroughly classify and monitor Secrets Manager usage costs with this capability. Assigning charges per secret back to cost centres or companies aids in better understanding and managing your AWS expenditures.
What is the purpose of cost allocation tags
Any label that you or AWS gives to an AWS resource is called a tag. Every tag has a value and a key. Every tag key must be distinct for every resource, and it can only have one value. You can use cost allocation tags to keep a close eye on your AWS expenses and tags to arrange your resources.
With this new ability, you can:
- Dissect Secrets Manager expenses according to aspects that are significant to your company, such environment, project, or department.
- Examine cost and use information as well as Cost Explorer’s itemised Secrets Manager usage.
- Enhance chargeback and cost allocation procedures throughout your companies and business divisions.
How to create cost allocation tags in AWS
There are four steps in the AWS cost allocation procedure for Secrets Manager tags:
- Create the necessary cost allocation labels.
- Add cost allocation tags on your resources (secrets manager secrets in this case).
- In the AWS Billing console’s Cost Allocation Tags section, activate your tags.
- Create cost categories in Cost Explorer by filtering and grouping by tags.
It may take up to 24 hours for the tag keys to show available for activation on the Cost Allocation Tags page in the AWS Billing dashboard after you have created and attached user-defined tags to your resources. For AWS to begin tracking the costs related to those tags and for them to display in Cost Explorer, you must activate them once they appear. The activation of tag keys may take an additional 24 hours.
You can use the AWS Command Line Interface (AWS CLI) or the AWS Management Console to create and add user-defined tags for cost allocation to Secrets Manager secrets. An example of how to manage costs by several cost centers using the tag key CostCenter.
- Using the Console: To edit tags, choose an existing or new secret in the Secrets Manager console, then click the Tags option. A key-value pair, like CostCenter, and a particular cost centre code, such 7263 for engineering or 1121 for finance, would then be assigned.
- The aws secretsmanager tag-resource command can be used with the AWS CLI. It requires the –secret-id and the –tags as a key-value pair (Key=CostCenter,Value=7263, for example). Usually, when this command is successfully executed, no output is produced.
You can use the AWS CLI or the AWS Billing and Cost Management console to enable user-defined tags for usage in cost allocation.
- Using the Console: To activate the cost allocation tags, select the user-defined cost allocation tags option, pick the tag keys you wish to use, and then click Activate. The AWS Cost Management and Billing panel will open as a result.
- Using the AWS CLI: To set the Status to Active and provide the TagKey (e.g., TagKey=CostCenter,Status=Active), use the aws ce update-cost-allocation-tags-status command.
Seeing the outcomes in Cost Explorer is the last step. You can start filtering or grouping by the activated tag (such as CostCenter) to view use and charges after it shows up under Tags in the Filter or Group By fields in Cost Explorer.
- In Cost Explorer, you may set report parameters to view results. After choosing a Date Range, you would select Dimension as Tag under Group by and then pick your particular tag (e.g., Cost Centre). Additionally, you can choose the Service as Secrets Manager by using Filters.
With the tag values (e.g., by cost centers like engineering 7263 and finance 1121), you can now clearly see the cost and usage of your secrets. This report can then be used to cross-charge secret charges to the appropriate cost areas within your company.
You can also read APT41’s Actions Highlight the Need for Threat Monitoring
Thank you for your Interest in Cloud Computing. Please Reply