By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Transit Gateway Tagging for costing

0

Hi

I wonder if anybody else has been successful in tagging the TGW attachments and getting meaningful results? According to the new tagging method in https://aws.amazon.com/blogs/networking-and-content-delivery/analyzing-aws-transit-gateway-data-processing-charges-with-cost-allocation-tags/ its petting easy, but my results are not correct as 99% of the cost shows for the shared account and 1% for the rest, which cannot be correct.

Maybe some clarification with this can help?

Step 1: Tag the Transit Gateway resource in each account and the Transit Gateway attachments as follows:

Shared Services VPC attachment tagged as ‘Team:Infra’ (1 - Requires clarification)
Workload VPC A attachment tagged as ‘Team:A’  (Understood)
Workload VPC B attachment tagged as ‘Team:B’ (Understood)
Transit Gateway in Shared Services account tagged ‘Team:Infra’ (Understood)
Transit Gateway resource in workload account A tagged as ‘Team:A’  (2 - Requires clarification)
Transit Gateway resource in workload account B tagged as ‘Team:B’  (2 - Requires clarification)

1 - What if we have 3 VPC attachments in the shared services? (Ingress, Inspection and Egress) 2 - Transit Gateway resource = Is this the TGW itself in the workload account? Or this the TGW attachment in the workload account?

Thanks

Topics
Networking & Content DeliveryCloud Financial Management
Tags
AWS Transit GatewayAWS BillingTagging
Language
English
Daniel
asked 3 months ago106 views
1 Answer
0
Accepted Answer

Thank you for your question about Transit Gateway tagging for cost allocation. I understand you're having some challenges with the results you're seeing. Let me clarify a few points to help you with your tagging strategy.

First, regarding your question about multiple VPC attachments in the shared services account:

If you have multiple VPC attachments in the shared services account (such as Ingress, Inspection, and Egress), you should tag each of these attachments separately. For example:

  • Ingress VPC attachment: 'Team:Infra-Ingress'
  • Inspection VPC attachment: 'Team:Infra-Inspection'
  • Egress VPC attachment: 'Team:Infra-Egress'

This granular tagging will help you better understand and allocate costs for each specific function within your shared services.

Now, to address your second question about the "Transit Gateway resource" in workload accounts:

The "Transit Gateway resource" refers to the Transit Gateway itself as it appears in each workload account. In a multi-account setup using AWS Resource Access Manager (RAM), the Transit Gateway is shared from the central account to the workload accounts. In each workload account, you'll see a read-only representation of the Transit Gateway. This is what you should tag in each workload account.

To clarify the tagging process:

  1. In the central/shared services account:

    • Tag the Transit Gateway itself
    • Tag each VPC attachment (including multiple attachments if present)

  2. In each workload account:

    • Tag the shared Transit Gateway resource
    • Tag the VPC attachment in that account

Regarding the issue you're seeing with 99% of costs showing for the shared account, this could be due to a few factors:

  1. Ensure that you've activated the tags as cost allocation tags in the AWS Billing Console.
  2. There might be a delay in seeing the effects of tagging in your cost reports. It can take up to 24 hours for tags to be reflected in billing.
  3. Double-check that you've tagged both the Transit Gateway resource and the attachments in all accounts correctly.
  4. Remember that data processing charges are aggregated at the account level, not per attachment. This means that all data processing for VPCs from a single account attached to the same Transit Gateway will be grouped together.

If you're still seeing unexpected results after applying these tagging practices and waiting for the changes to propagate, you may want to consider using AWS Transit Gateway Flow Logs in combination with Cost and Usage Reports for a more detailed breakdown of traffic and costs between accounts.

Remember, effective cost allocation with Transit Gateway requires consistent tagging across all related resources and accounts. It's a powerful tool when set up correctly, but it can take some fine-tuning to get the results you're looking for.
Sources
Analyzing AWS Transit Gateway Data Processing charges with cost allocation tags | Networking & Content Delivery
Organizing and tracking costs using AWS cost allocation tags - AWS Billing
Using AWS Transit Gateway Flow Logs to chargeback data processing costs in a multi-account environment | Networking & Content Delivery

profile picture
re:Post Agent
answered 3 months ago
AWS
EXPERT
AWS Support - Sage
reviewed 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content