POL-837 AWS Reserved Instances Recommendations Revamp (#1520)

* update * updated * update * spacing fix * updated * changelog * fixed * updates * update * improvements * opensearch * updates * update * changelog * updates * update * tweaks * tweak * update * update * update * tweak * README fix * update
flexera-public · Oct 12, 2023 · 2c67a03 · 2c67a03
1 parent 1cb317f
commit 2c67a03
Show file tree

Hide file tree

Showing 3 changed files with 574 additions and 370 deletions.
diff --git a/cost/aws/reserved_instances/recommendations/CHANGELOG.md b/cost/aws/reserved_instances/recommendations/CHANGELOG.md
@@ -1,5 +1,17 @@
 # Changelog
 
+## v3.0
+
+- Policy now automatically converts savings to local currency when appropriate
+- Removed parameter to do the above manually via a user-specified exchange rate
+- Added exchange rate context to incident to allow user to derive unmodified values when needed
+- Several parameters altered to be more descriptive and intuitive to use
+- `ElasticSearch` is now referred to as `OpenSearch` in keeping with current AWS naming conventions
+- Added additional context to incident description
+- Normalized incident export to be consistent with other policies
+- Streamlined code for better readability and faster execution
+- Policy now requires a valid Flexera credential
+
 ## v2.20
 
 - Changed service metadata to "Compute" to ensure proper incident scraping

diff --git a/cost/aws/reserved_instances/recommendations/README.md b/cost/aws/reserved_instances/recommendations/README.md
@@ -1,24 +1,34 @@
-# AWS Reserved Instances Recommendation
+# AWS Reserved Instances Recommendations
 
-This Policy Template leverages the [AWS Reservation Purchase Recommendation API](https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetReservationPurchaseRecommendation.html). It will raise incidents if AWS has any RI Purchase Recommendations, whose net savings exceeds the *Net Savings Threshold* parameter in the Policy.
+## What it does
 
-It will email the user specified in `Email addresses of the recipients you wish to notify`
+This Policy Template reports any Reserved Instance Purchase Recommendations generated by AWS. The user can adjust which recommendations are reported via policy parameters.
 
-> *NOTE: This Policy Template must be appled to the **AWS Organization Master Payer** account.*
+> *NOTE: This Policy Template must be applied to the **AWS Organization Master Payer** account.*
+
+## Functional Details
+
+Recommendations are obtained via requests to the [AWS Reservation Purchase Recommendation API](https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetReservationPurchaseRecommendation.html).
+
+### Policy Savings Details
+
+The policy includes the estimated savings. The estimated savings is recognized if the recommended reserved instance is purchased. The savings values are provided directly by the [AWS Reservation Purchase Recommendation API](https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetReservationPurchaseRecommendation.html).
+
+If the Flexera organization is configured to use a currency other than the one the [AWS Reservation Purchase Recommendation API](https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetReservationPurchaseRecommendation.html) returns, the savings values will be converted using the exchange rate at the time that the policy executes.
 
 ## Input Parameters
 
 This policy has the following input parameters required when launching the policy.
 
-- *Look Back Period* - Number of days of prior usage to analyze
-- *Service* - AWS Service for which to scan for RI Recommendations.  Select  All to include all services in a single incident and "All Except EC2" to include all services except the Elastic Compute Cloud (EC2).
+- *Email Addresses* - Email addresses of the recipients you wish to notify when new incidents are created.
 - *Account Number* - The Account number for use with the AWS STS Cross Account Role. Leave blank when using AWS IAM Access key and secret. It only needs to be passed when the desired AWS account is different than the one associated with the Flexera One credential. [more](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm#automationadmin_1982464505_1123608)
-- *EC2 Specification* - EC2 RI type. Note: this parameter will be ignored if the Service parameter is not \"Elastic Compute Cloud (EC2)\"
-- *RI Term* - Length of RI term
-- *Payment Option* - RI purchase option.  Leave blank to include all RI purchase options
-- *Net Savings Threshold* - Specify the minimum estimated monthly savings that should result in a recommendation
-- *Email addresses to notify* - Email addresses of the recipients you wish to notify
-- *Currency Adjustment* - Number to adjust monthly estimated savings by depending on USD conversion (maximum value 5.0)
+- *Minimum Savings Threshold* - Minimum potential savings required to generate a recommendation.
+- *Look Back Period* - Number of days of prior usage to analyze
+- *Service* - AWS Services to scan for recommendations. Items can be removed by clicking X to the right of the name.
+- *EC2 Reservation Type* - The type of reservation recommendations to produce for EC2. Standard reservations are less flexible than convertible ones but provide a higher discount. Has no effect on recommendations for services other than `Elastic Compute Cloud (EC2)`
+- *Account Scope* - The account scope that you want your recommendations for. Select Payer to produce results only for a Master Payer account, or Linked to produce results for all linked accounts as well.
+- *Reservation Term* - Length of reservation term to provide recommendations for.
+- *Payment Option* - Reservation purchase option to provide recommendations for. Select `Everything` to produce recommendations for all three.
 
 ## Policy Actions
 
@@ -28,32 +38,32 @@ The following policy actions are taken on any resources found to be out of compl
 
 ## Prerequisites
 
-This policy uses [credentials](https://docs.flexera.com/flexera/EN/Automation/ManagingCredentialsExternal.htm) for connecting to the cloud -- in order to apply this policy you must have a credential registered in the system that is compatible with this policy. If there are no credentials listed when you apply the policy, please contact your cloud admin and ask them to register a credential that is compatible with this policy. The information below should be consulted when creating the credential.
+This Policy Template uses [Credentials](https://docs.flexera.com/flexera/EN/Automation/ManagingCredentialsExternal.htm) for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s).
 
-### Credential configuration
+- [**AWS Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm#automationadmin_1982464505_1121575) (*provider=aws*) which has the following permissions:
+  - `ce:GetReservationPurchaseRecommendation`
 
-For administrators [creating and managing credentials](https://docs.flexera.com/flexera/EN/Automation/ManagingCredentialsExternal.htm) to use with this policy, the following information is needed:
+  Example IAM Permission Policy:
 
-Provider tag value to match this policy: `aws`
+  ```json
+  {
+      "Version": "2012-10-17",
+      "Statement": [
+          {
+              "Effect": "Allow",
+              "Action": [
+                  "ce:GetReservationPurchaseRecommendation"
+              ],
+              "Resource": "*"
+          }
+      ]
+  }
+  ```
 
-Required permissions in the provider:
+- [**Flexera Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) (*provider=flexera*) which has the following roles:
+  - `billing_center_viewer`
 
-```javascript
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": [
-        "ce:*"
-      ],
-      "Resource": [
-        "*"
-      ]
-    }
-  ]
-}
-```
+The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) page in the docs has detailed instructions for setting up Credentials for the most common providers.
 
 ## Supported Clouds