Skip to main content

AWS EKS Configuration

To configure OpenCost for Amazon Elastic Kubernetes Service (EKS), you’ll need to set up IAM roles, enable cost allocation tags, and add AWS credentials. This configuration allows OpenCost to retrieve accurate cost data for your EKS cluster.

1) Enable Cost Allocation Tags

  • Step 1.1 - Go to the AWS Management Console.
  • Step 1.2 - Navigate to Billing and Cost Management > Cost Allocation Tags.
  • Step 1.3 - Enable tags for resources you want to track (e.g., kubernetes.io/cluster/<cluster-name>).

Enabling these tags allows OpenCost to retrieve and allocate AWS cost data more accurately.

2) Enable AWS Spot Instance Data Feed

If you’re using spot instances in AWS, configure OpenCost to collect data on spot instance pricing:

  • Step 2.1 - In AWS EC2 Console, go to Spot Requests.
  • Step 2.2 - Select Spot Data Feed and configure it to store data in an S3 bucket.

This enables OpenCost to account for spot instance costs accurately.

3) IAM Roles for Service Accounts

For OpenCost to access AWS pricing data, create an IAM role with the necessary permissions and associate it with your EKS service account.

  • Step 3.1 - In the AWS IAM Console, go to Roles and click Create Role.
  • Step 3.2 - Select EC2 as the trusted entity.
  • Step 3.3 - Attach the following policies:
    • AmazonEC2ReadOnlyAccess (for read-only access to EC2 instances).
    • AWSPriceListServiceFullAccess (for access to AWS pricing).
  • Step 3.4 - Name the role (e.g., OpenCost-AWS-Access) and click Create Role.

After creating the IAM role, associate it with your EKS service account to grant OpenCost necessary permissions.

4) EKS Pod Identities

To assign costs accurately to specific workloads on EKS, configure IAM roles for Kubernetes service accounts using EKS Pod Identities.

  1. Enable IAM Roles for Service Accounts on EKS

  2. Associate IAM Role with EKS Service Account

    • Step 4.2 - Associate the IAM role created in Step 3 with your EKS service account using eksctl or by configuring the ServiceAccount resource directly in Kubernetes. Example configuration:

      serviceAccount:
        create: true
        annotations:
          eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/OpenCost-AWS-Access
        name: opencost-service-account  # Replace with your service account name

This setup enables OpenCost to securely access AWS pricing data and assign costs to specific pods based on their usage.