Added FinOps CFN templates

CHANGELOG.md

@@ -3,6 +3,13 @@
 All notable changes to this project will be documented in this file.
 
 
+## 2024-10-11
+
+### Added
+   * Added [FinOps/cfn/budgets.yml](FinOps/cfn/budgets.yml) - CloudFormation template for creating AWS Budgets.
+   * Added [FinOps/cfn/chatbot-sns.yml](FinOps/cfn/chatbot-sns.yml) - CloudFormation template for creating AWS Chatbot with SNS.
+   * Added [FinOps/cfn/cost-anomaly-detection.yml](FinOps/cfn/cost-anomaly-detection.yml) - CloudFormation template for creating Cost Anomaly Detection alerts.
+
 ## 2024-10-10
 
 ### Added

FinOps/README.md

@@ -10,3 +10,11 @@
 - [Using CUDOS Dashboard visualizations for AWS Marketplace spend visibility and optimization](https://aws.amazon.com/blogs/awsmarketplace/using-cudos-dashboard-visualizations-aws-marketplace-spend-visibility-optimization/), AWS, 2022-12-14
 - [A Detailed Overview of the Cost Intelligence Dashboard](https://aws.amazon.com/blogs/aws-cloud-financial-management/a-detailed-overview-of-the-cost-intelligence-dashboard/), AWS, 2021-12-03
 - https://wellarchitectedlabs.com/cloud-intelligence-dashboards/
+
+## CFN
+- Cost Anomaly Detection
+    - Region: us-east-1
+- Budgets
+    - Region: us-east-1
+- Cost Alerts
+    - Region: us-east-1

FinOps/cfn/budgets.yml

@@ -0,0 +1,195 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: Budgets example
+Resources:
+
+  AWSConfig:
+    Type: AWS::Budgets::Budget
+    DeletionPolicy: Retain
+    UpdateReplacePolicy: Retain
+    Properties:
+      Budget:
+        BudgetLimit:
+          Amount: '10000.0'
+          Unit: USD
+        BudgetName: AWS-Config
+        BudgetType: COST
+        CostFilters:
+          Service:
+            - AWS Config
+        CostTypes:
+          IncludeCredit: false
+          IncludeDiscount: false
+          IncludeOtherSubscription: true
+          IncludeRecurring: true
+          IncludeRefund: false
+          IncludeSubscription: true
+          IncludeSupport: false
+          IncludeTax: false
+          IncludeUpfront: true
+          UseAmortized: true
+          UseBlended: false
+        TimePeriod:
+          End: '2087-06-15T10:00:00+10:00'
+          Start: '2023-05-01T10:00:00+10:00'
+        TimeUnit: MONTHLY
+
+  AWSCloudwatch:
+    Type: AWS::Budgets::Budget
+    DeletionPolicy: Retain
+    UpdateReplacePolicy: Retain
+    Properties:
+      Budget:
+        BudgetLimit:
+          Amount: '10000.0'
+          Unit: USD
+        BudgetName: AWS-Cloudwatch
+        BudgetType: COST
+        CostFilters:
+          LinkedAccount:
+            - '111111111111'
+            - '222222222222'
+          Service:
+            - AmazonCloudWatch
+            - CloudWatch Events
+        CostTypes:
+          IncludeCredit: false
+          IncludeDiscount: false
+          IncludeOtherSubscription: true
+          IncludeRecurring: true
+          IncludeRefund: false
+          IncludeSubscription: true
+          IncludeSupport: true
+          IncludeTax: false
+          IncludeUpfront: true
+          UseAmortized: true
+          UseBlended: false
+        TimePeriod:
+          End: '2087-06-15T10:00:00+10:00'
+          Start: '2022-02-01T11:00:00+10:00'
+        TimeUnit: MONTHLY
+
+  AWSGuardDuty:
+    Type: AWS::Budgets::Budget
+    DeletionPolicy: Retain
+    UpdateReplacePolicy: Retain
+    Properties:
+      Budget:
+        BudgetLimit:
+          Amount: '1000.0'
+          Unit: USD
+        BudgetName: AWS-GuardDuty
+        BudgetType: COST
+        CostFilters:
+          Service:
+            - Amazon GuardDuty
+        CostTypes:
+          IncludeCredit: false
+          IncludeDiscount: false
+          IncludeOtherSubscription: true
+          IncludeRecurring: true
+          IncludeRefund: false
+          IncludeSubscription: true
+          IncludeSupport: true
+          IncludeTax: false
+          IncludeUpfront: true
+          UseAmortized: false
+          UseBlended: false
+        TimePeriod:
+          End: '2087-06-15T10:00:00+10:00'
+          Start: '2023-01-01T11:00:00+10:00'
+        TimeUnit: MONTHLY
+
+  AWSInspector:
+    Type: AWS::Budgets::Budget
+    DeletionPolicy: Retain
+    UpdateReplacePolicy: Retain
+    Properties:
+      Budget:
+        BudgetLimit:
+          Amount: '1000.0'
+          Unit: USD
+        BudgetName: AWS-Inspector
+        BudgetType: COST
+        CostFilters:
+          Service:
+            - Amazon Inspector
+        CostTypes:
+          IncludeCredit: false
+          IncludeDiscount: false
+          IncludeOtherSubscription: true
+          IncludeRecurring: true
+          IncludeRefund: false
+          IncludeSubscription: true
+          IncludeSupport: true
+          IncludeTax: false
+          IncludeUpfront: true
+          UseAmortized: false
+          UseBlended: false
+        TimePeriod:
+          End: '2087-06-15T10:00:00+10:00'
+          Start: '2022-08-01T10:00:00+10:00'
+        TimeUnit: MONTHLY
+
+  AWSSecurityHub:
+    Type: AWS::Budgets::Budget
+    DeletionPolicy: Retain
+    UpdateReplacePolicy: Retain
+    Properties:
+      Budget:
+        BudgetLimit:
+          Amount: '1000.0'
+          Unit: USD
+        BudgetName: AWS-SecurityHub
+        BudgetType: COST
+        CostFilters:
+          Service:
+            - AWS Security Hub
+        CostTypes:
+          IncludeCredit: false
+          IncludeDiscount: false
+          IncludeOtherSubscription: true
+          IncludeRecurring: true
+          IncludeRefund: false
+          IncludeSubscription: true
+          IncludeSupport: true
+          IncludeTax: false
+          IncludeUpfront: true
+          UseAmortized: false
+          UseBlended: false
+        TimePeriod:
+          End: '2087-06-15T10:00:00+10:00'
+          Start: '2022-08-01T10:00:00+10:00'
+        TimeUnit: MONTHLY
+
+  AWSSecurityLogs:
+    Type: AWS::Budgets::Budget
+    DeletionPolicy: Retain
+    UpdateReplacePolicy: Retain
+    Properties:
+      Budget:
+        BudgetLimit:
+          Amount: '1000.0'
+          Unit: USD
+        BudgetName: AWS-SecurityLogs
+        BudgetType: COST
+        CostFilters:
+          LinkedAccount:
+            - '111111111111'
+          Service:
+            - Amazon Simple Storage Service
+        CostTypes:
+          IncludeCredit: false
+          IncludeDiscount: false
+          IncludeOtherSubscription: true
+          IncludeRecurring: true
+          IncludeRefund: false
+          IncludeSubscription: true
+          IncludeSupport: true
+          IncludeTax: false
+          IncludeUpfront: true
+          UseAmortized: false
+          UseBlended: false
+        TimePeriod:
+          End: '2087-06-15T10:00:00+10:00'
+          Start: '2022-08-01T10:00:00+10:00'
+        TimeUnit: MONTHLY

FinOps/cfn/chatbot-sns.yml

@@ -0,0 +1,109 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: AWS Chatbots and SNS topics for Cost alerts
+
+Parameters:
+  SlackChannelName:
+    Description: Slack Channel Name
+    Type: String
+  SlackChannelId:
+    Description: The ID of the Slack channel to send alerts to
+    Type: String
+  SlackWorkspaceId:
+    Description: The ID of the Slack workspace authorized with AWS Chatbot
+    Type: String
+
+Resources:
+  ############################################################
+  # SNS Topics and Policies
+
+  SNSTopic:
+    Type: AWS::SNS::Topic
+    Properties:
+      DisplayName: !Sub Cost Alerts ${SlackChannelName}
+      TopicName: !Sub CostAlerts-${SlackChannelName}
+
+  SNSTopicPolicy:
+    Type: AWS::SNS::TopicPolicy
+    Properties:
+      PolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Sid: !Sub Budgets-${SlackChannelName}
+            Effect: Allow
+            Action:
+              - SNS:Publish
+            Principal:
+              Service:
+                budgets.amazonaws.com
+            Resource:
+              - !Ref SNSTopic
+          - Sid: !Sub CostAnomalyDetection-${SlackChannelName}
+            Effect: Allow
+            Action:
+              - SNS:Publish
+            Principal:
+              Service:
+                costalerts.amazonaws.com
+            Resource:
+              - !Ref SNSTopic
+      Topics:
+        - !Ref SNSTopic
+
+  ############################################################
+  # Chatbot
+
+  ChatbotRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service:
+                - chatbot.amazonaws.com
+            Action:
+              - sts:AssumeRole
+      Policies:
+        - PolicyName: ChatbotRolePolicy
+          PolicyDocument:
+            Version: 2012-10-17
+            Statement:
+              - Effect: Allow
+                Action:
+                  - cloudwatch:Describe*
+                  - cloudwatch:Get*
+                  - cloudwatch:List*
+                Resource: '*'
+
+  GuardrailPolicy:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      Description: Chatbot Guardrail Policies
+      PolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Action:
+              - cloudwatch:Describe*
+              - cloudwatch:Get*
+              - cloudwatch:List*
+            Resource: '*'
+
+  SlackChatbot:
+    Type: AWS::Chatbot::SlackChannelConfiguration
+    Properties:
+      ConfigurationName: !Sub ${SlackChannelName}-Alerts
+      GuardrailPolicies:
+        - !Ref GuardrailPolicy
+      IamRoleArn: !GetAtt ChatbotRole.Arn
+      LoggingLevel: INFO
+      SlackChannelId: !Ref SlackChannelId
+      SlackWorkspaceId: !Ref SlackWorkspaceId
+      SnsTopicArns:
+        - !Ref SNSTopic
+
+Outputs:
+  SlackSNSTopicARN:
+    Description: Slack SNS Topic ARN
+    Value: !Ref SNSTopic