Including or Excluding Spend from a Linked AWS Account
Per AWS, "All AWS GovCloud (US) activity, usage, and payments are managed through a standard AWS account. When you sign up for AWS GovCloud (US), your AWS GovCloud (US) account is associated with your standard AWS account." However, Kion lets you decide whether to include the spending from the linked commercial (aka "standard") account when reporting/viewing spend for the GovCloud account and vice versa.
When you add an AWS GovCloud account to Kion (by attaching it to a project or adding it to the account cache), you'll see the option to Include Spend From Linked Commercial Account.This setting cannot be changed in the UI after the account is added to Kion, so it's important to understand what this does.
What Happens When You Include Spend from a Linked Account
Checking the Include Spend From Linked Commercial Account box for both new and existing GovCloud accounts means that spend from the linked commercial account will show on all reports and graphs for the GovCloud account.
When you use Kion to create a brand new GovCloud account, you'll automatically be creating an AWS commercial account as well (since a linked commercial account is required to manage the GovCloud account). If you're adding a GovCloud account that already exists to Kion, it will already be associated with an AWS commercial account. So regardless of whether you check the Include Spend From Linked Commercial Account box, the accounts are linked to one another, but you can choose whether to report their spending together.
Similarly, if you're adding an AWS commercial account that has a GovCloud account linked to it, you can choose to Include Spend From Linked GovCloud Account. Checking this box will show the spend from the GovCloud account on all reports and graphs for the commercial account. If you're connecting an existing account, it will use the linked GovCloud account that is already associated with the commercial account.
If you're creating a new commercial account, you'll need to check the box that says Create and Link GovCloud Account first to create a linked GovCloud account, and then you can choose whether or not to include the spend from it in the commercial account's reports.
Choosing Your Settings
The best choice depends on your organization's needs and preferences, but to help you make an informed decision, we want users to know the pros/cons of including spend from the linked account:
Pros of Including Linked Account Spend
- Spend can't be misreported as belonging to the GovCloud account when it should have been Commercial, and vice versa.
- If you leave Include Spend From Linked Account unchecked, expenses may not be categorized accurately as GovCloud account spend vs AWS commercial account spend. The sum total on reports will be correct, but some charges aren't clearly marked as a GovCloud expense, so it may register as spend for the commercial account instead. Reporting the spend together eliminates that risk.
- You'll prevent potential double reporting of spend.
- If you leave Include Spend From Linked Account unchecked and a cloud rule has an expense-generating CFT on it, the CFT could be deployed to both the Commercial and GovCloud accounts, thus doubling the spend (for example, CFTs that enable config or AWS CloudWatch). Including the spend from the linked commercial account prevents this.
Cons of Including Linked Account Spend
- Reporting capabilities won't be as granular.
- If you leave Include Spend From Linked Account unchecked and add both the commercial account and the GovCloud account to the same project, you can add CARs, compliance checks and cloud rules to BOTH the commercial account and the GovCloud account, and you can view reports for those accounts separately. Your capabilities around this are more limited if you include linked commercial account spend and report on them together.
For the most flexibility, we recommend leaving the box unchecked, but adding both the commercial account and the GovCloud account to the same project so that the sum of spend is accurate for the project but you have more granular control when reporting.