Connect AWS
oncost collects AWS costs via the Cost and Usage Report (CUR). Setup takes about 10 minutes.Prerequisites
- An AWS account with billing access
- Permission to create IAM roles and S3 buckets (or an existing CUR export)
Step 1: Enable CUR in AWS
If you don’t already have a Cost and Usage Report:- Go to AWS Console > Billing > Cost and Usage Reports
- Click Create report
- Name it (e.g.,
oncost-cur) - Select Include resource IDs
- Choose an S3 bucket for delivery (create one if needed)
- Set Report path prefix to
cur/ - Select Parquet format
- Click Create
Step 2: Create the IAM role
In oncost, go to Settings > Connections > New Connection > AWS. oncost shows you:- The External ID (unique to your organization)
- The IAM policy to attach
- Go to IAM > Roles > Create role
- Select Another AWS account
- Enter the oncost AWS account ID shown in the connection form
- Check Require external ID and paste the External ID
- Attach the policy shown in oncost (read-only access to CUR S3 bucket and Cost Explorer API)
- Name the role (e.g.,
oncost-cost-reader) - Copy the Role ARN
Step 3: Complete the connection
Back in oncost:- Paste the Role ARN
- Enter the S3 bucket and report path prefix from your CUR setup
- Click Test Connection to verify access
- Click Save
What oncost collects
- Daily cost breakdown by service, region, account, and resource
- Usage quantities (hours, GB, requests)
- Tags applied to resources
- Line item types (usage, tax, credit, refund)
Troubleshooting
| Issue | Fix |
|---|---|
| ”Access Denied” on test | Verify the Role ARN and External ID match. Check the IAM policy allows s3:GetObject on the CUR bucket. |
| No data after 24 hours | CUR delivery can take up to 24 hours. Check AWS CUR console for delivery status. |
| Missing tags | Ensure Include resource IDs is enabled on the CUR report. Tags appear after the next CUR delivery. |