Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Support for Export Cost Management data to secure storage accounts with firewall #23962

Open
1 task done
robertbor opened this issue Nov 20, 2023 · 9 comments
Open
1 task done

Add Support for Export Cost Management data to secure storage accounts with firewall #23962

robertbor opened this issue Nov 20, 2023 · 9 comments
Labels
enhancement service/cost-management

Comments

@robertbor
Copy link

robertbor commented Nov 20, 2023
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

At September 12, 2023 Microsoft announced that it is possible to send the cost export data to a storage account behind a firewall.

https://azure.microsoft.com/en-us/updates/exportbehindfirewallga/

With the current provider version: 3.81.0 it is not possible to configure it.

Error: creating Scoped Export (Scope: "/subscriptions/***" │ Export Name: "exportname"): unexpected status 400 with error: 400: The exports service is not authorized to access the specified storage account 'storageaccountname'. For more information see: https://go.microsoft.com/fwlink/?linkid=2127915 │ │ with azurerm_subscription_cost_management_export.cost_export["costexportname"], │ on cost-export.tf line 48, in resource "azurerm_subscription_cost_management_export" "cost_export": │ 48: resource "azurerm_subscription_cost_management_export" "cost_export" *** │ │ creating Scoped Export (Scope: │ "/subscriptions/***" │ Export Name: "exportname"): unexpected status 400 with error: 400: The exports │ service is not authorized to access the specified storage account

New or Affected Resource(s)/Data Source(s)

azurerm_subscription_cost_management_export

Potential Terraform Configuration

No response

References

No response
@rcskosir
Copy link
Contributor

Thank you for taking the time to open this feature request!

@bytef10w
Copy link

bytef10w commented Feb 6, 2024
edited
Loading

Any updates on this? We faced exactly the same issue. It works fine while creating manually. Tested with 3.84.0 and latest one

@Tomasz-Kluczkowski

This comment was marked as duplicate.

Sign in to view
@philippfrenzel
Copy link

philippfrenzel commented Aug 23, 2024
edited
Loading

As I wanna get updates to this issue - i put myself in as commenter- this issue is blocking us - so would be awesome if someone has a solution or workaround

@emad0082

This comment was marked as off-topic.

Sign in to view
@w0ut0
Copy link

w0ut0 commented Sep 11, 2024

In my experience, this only works only by using Microsoft.CostManagement/exports api version 2023-07-01-preview, not with the newer version 2023-11-01 (which complains that the storage account is not accessible, even if all prerequisites are fine).

@emad0082
Copy link

@w0ut0

Do you have any examples of how to do this?

We are attempting to create the resource programmatically

@w0ut0
Copy link

w0ut0 commented Sep 26, 2024

Well, I had an example like

resource "time_static" "start_time" {}


# https://github.com/hashicorp/terraform-provider-azurerm/issues/23962
resource "azapi_resource" "cost_exports" {
  lifecycle {
    ignore_changes = [body.properties.schedule.recurrencePeriod.from]
  }
  type      = "Microsoft.CostManagement/exports@2023-07-01-preview"
  name      = "export"
  parent_id = data.azurerm_subscription.current.id
  location  = "global"
  identity {
    type = "SystemAssigned"
  }

  body = {
    properties = {
      definition = {
        dataSet = {
          configuration = {
            dataVersion = "2021-10-01",
            filters     = []
          }
          granularity = "Daily"
        }
        timeframe = "MonthToDate"
        type      = "AmortizedCost"
      }
      deliveryInfo = {
        destination = {
          container      = "azure"
          rootFolderPath = "cost",
          type           = "AzureBlob",
          resourceId     = "<storage_account_id>"
        }
      }
      format                = "Csv"
      partitionData         = true
      dataOverwriteBehavior = "OverwritePreviousReport"
      compressionMode       = "gzip"
      schedule = {
        recurrence = "Daily"
        status     = "Active"
        recurrencePeriod = {
          from = timeadd(time_static.start_time.id, "1h")
          to   = "2029-07-01T00:00:00Z"
        }
      }
    }
  }
}

But it does not apply in our CI/CD because of Azure/terraform-provider-azapi#575, which I hope is fixed with Azure/terraform-provider-azapi#616 (but not yet released)

@nikolai-fra
Copy link
Contributor

In the code client.go here is defined, that the underlaying azure sdk is using API version "2021-10-01" for the exports.
This has to be changed to "2023-11-01" (see here)

Does somebody here knows how to test this provider for implications resulting from the change in the api version?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement service/cost-management
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@philippfrenzel @robertbor @w0ut0 @Tomasz-Kluczkowski @bytef10w @nikolai-fra @rcskosir @emad0082