Skip to content
This repository has been archived by the owner on Dec 17, 2021. It is now read-only.

Ice

Jump to bottom
Joe Hohertz edited this page May 30, 2014 · 3 revisions

HOME > BURI ROLE GUIDE > ICE

Ice is a Netflix OSS tool that provides a visualization console for AWS detailed billing records, allowing one to drill down into all kinds of views to see where your AWS costs are being incurred.

This role definition is currently very basic, allowing for the monitoring of a single account.

  1. Enable billing access
  2. Create Ice work data S3 bucket
  3. Configure local/site.yml and build AMI
  4. Create IAM role
  5. Create security group
  6. Launch Ice Cluster
## Step 1: Enable billing access

  1. See Amazon documentation on billing access for full details

  2. You will need the detailed billing (hourly) reports enabled, generating files of the form:

    <accountid>-aws-billing-detailed-line-items-<year>-<month>.csv.zip

    For future features yet to be activated, also enable the tagged billing records, which provide zips like these:

    <accountid>-aws-billing-detailed-line-items-with-resources-and-tags-<year>-<month>.csv.zip

  3. You will need to use the S3 bucket name these files are delivered to in a later configration step. This will be referred to as the billing S3 bucket.

  4. You should have this running for a little bit before running Ice, to allow stats to accumulate

## Step 2: Create Ice work data S3 bucket
  1. Open the AWS S3 console
  2. Click "Create Bucket", provide a name, and ensure you select the correct region where you will deploy ice.
## Step 3: Configure local/site.yml and build AMI

  1. Edit local/site.yml in your Buri build tree and ensure the following is set as needed:

    ice_billing_s3_bucket_names: billing-bucket-name
ice_billing_s3_bucket_prefix:
ice_company_name: Your company name
ice_work_s3_bucket_name: ice-work-bucket-name
ice_account1_aws_id: 123456789012
ice_admin_password: "adminpassword"

  2. Build the AMI for Ice

    ./resnap.sh <base-pvm-ami-ID> ice
## Step 4: Create IAM role

  1. In the AWS IAM console left-side menu, click "Roles"

  2. Click "Create New Role"

  3. Give it a name. ("Ice" is suggested)

  4. On the "Select Role Type" screen, click "Select" next to "Amazon EC2"

  5. Click "Custom Policy", then "Select"

  6. Under "Policy Name", give it the same name as in 3rd point of this section.

  7. Under "Policy Document", paste in the file policies/ice.sample from the Buri distribution

  8. Edit the following text in what was pasted, to reflect the S3 bucket you have created for Ice working storage:

       "Resource": [
     "arn:aws:s3:::example-ice-working",
     "arn:aws:s3:::example-ice-working/*"
   ],

  9. Click "Continue" and then "Create Role" to complete creating the IAM role needed by Exihibitor.

## Step 5: Create security group
  1. In the AWS EC2 console left-side menu, under "Network & Security", click "Security Groups"
  2. Click "Create Security Group"
  3. Give it a name. ("Ice" is suggested), and a description, pick VPC if applicable.
  4. Add a rule to allow SSH from the source IPs you wish to administrate from
  5. Add a rule to allow HTTP from the source IPs you wish to administrate from
  6. Click "Create"
## Step 6: Launch Ice

  1. Select the Ice AMI to launch, and ensure it has the IAM role and security group for Ice applied. You should only have one instance of this running at any given time. It will take a couple minutes to startup as it does the initial processing of your billing records.

  2. Hit the following URL to access the console, substituting hostname with one of yours:

    http://ec2-11-11-11-11.compute-1.amazonaws.com/ice

  3. Login with user "admin", and the password you configured in your site.xml before building.

Clone this wiki locally