Introduction

What is Pyrae Cost Savings Report?

Pyrae Cost Savings Report is a streamlined tool designed to help organizations identify potential cost-saving opportunities within their AWS accounts. By analyzing your AWS resources and usage patterns, Pyrae provides actionable recommendations to optimize costs and improve efficiency—all within a quick 15-minute onboarding process.

How Does It Work?

To generate the cost savings report, Pyrae requires read-only access to your AWS account. This access is established by deploying a preconfigured template in your AWS account, available in both CloudFormation and Terraform. The template sets up the necessary roles and permissions for Pyrae to securely access metadata about your AWS resources and cost information.

You can review the detailed steps and explanations in our Template Explainer, which guides you through the deployment process and clarifies each part of the CloudFormation and Terraform templates.

Once onboarded, Pyrae scans your AWS account to identify unused or underutilized resources and provides a comprehensive report detailing potential cost-saving opportunities.

Please note: The cost savings report will be delivered within 48 hours after the onboarding process is completed.

High-Level Architecture

AWS Account Integration: Deploy the Pyrae template (CloudFormation or Terraform) in your AWS account to establish a secure, read-only connection.
Data Collection: Pyrae accesses metadata about your AWS resources and retrieves Cost and Usage Reports (CUR) stored in an S3 bucket within your account.
Analysis: Pyrae analyzes the collected data to identify areas where costs can be optimized, such as idle resources or inefficient configurations.
Reporting: Receive a detailed cost savings report highlighting actionable recommendations to reduce your AWS spending.

Policy Library

Our Policy Library contains a comprehensive list of the cost-saving policies and checks that Pyrae uses during the analysis. Reviewing these policies can help you understand the criteria used to identify savings opportunities and how they apply to your AWS environment.

Template Explainer

To get started, you'll need to deploy the Pyrae template in your AWS account. You can choose between CloudFormation and Terraform, depending on your infrastructure-as-code preference. The Template Explainer provides an annotated copy of the onboarding template, helping you understand each part of the template and its purpose.

Key points covered in the Template Explainer:

Deployment Region: The template must be deployed in US-East-1 due to AWS limitations with the Cost and Usage Report (CUR).
Parameters:
- DMZAccountId: Specifies the Pyrae Account ID that will access your AWS account. Defaults to Pyrae's secure DMZ account.
- ExternalId: A unique token provided by Pyrae to authenticate the connection securely.
Resources Created:
- PyraeAccessRole: Grants Pyrae read-only access to your AWS account.
- PullCURPolicy: Allows Pyrae to read the CUR from the designated S3 bucket.
- CURBucket: An S3 bucket where AWS will store your CUR.
- CUREventRule: Notifies Pyrae when new CUR files are available.
- CURBucketPolicy: Grants AWS permission to store the CUR in your bucket.
- CostAndUsageReportHourlyWithResources: Configures AWS to generate the CUR.
Security Considerations: The template follows the principle of least privilege, ensuring that Pyrae only has access to the necessary data required for analysis.

Technical FAQs

1. What permissions does Pyrae require in my AWS account?

Pyrae requires read-only access to your AWS account. The permissions are strictly limited and follow the principle of least privilege. Pyrae does not need access to your source code, artifacts, S3 object data, or KMS keys. The template (either CloudFormation or Terraform) sets up a role (PyraeAccessRole) with predefined policies that grant only the necessary permissions.

2. How is my data secured?

Security is a top priority for Pyrae. All data access is secured through AWS IAM roles with tightly scoped permissions. The use of an ExternalId parameter in the role assumption process prevents unauthorized access (resolving the Confused Deputy problem). Additionally, all data is transmitted and stored securely.

3. Will deploying the template incur additional AWS costs?

The associated costs are minimal:

S3 Storage Costs: Storing the Cost and Usage Reports in S3 will incur minimal charges, often just pennies per month.
EventBridge Charges: Costs for EventBridge events are negligible due to the low frequency of CUR updates.
Data Transfer Costs: When Pyrae downloads the CUR from your S3 bucket, cross-region data transfer charges apply but are minimized by efficient data handling.
API Usage Costs: Pyrae sparsely uses AWS API operations that cost money, such as retrieving CPU usage metrics. Pyrae conservatively uses paid API operations, eg, by only checking CPU usage once per day.

For detailed cost considerations, refer to the Template Explainer.

4. Why must the template be deployed in US-East-1?

AWS restricts the Cost and Usage Report (CUR) generation to the US-East-1 region. Deploying the template in this region ensures that the CUR is generated and stored correctly.

5. How long does the onboarding process take?

The onboarding process takes approximately 15 minutes to complete the deployment and verification. The cost savings report will be delivered within 48 hours after onboarding is completed.

6. Do I need to modify any existing resources or configurations?

No modifications to existing resources are necessary. The CloudFormation or Terraform template creates new resources required for Pyrae to access your account securely.

7. Can I customize the permissions or policies if needed?

Yes, while the provided policies are designed to grant only the necessary permissions, you can customize them if required. However, restricting permissions may limit Pyrae's ability to generate comprehensive cost-saving recommendations.

8. How can I get assistance during onboarding?

Pyrae representatives are available to assist with any questions or special cases during the onboarding process. Please contact us at founders@pyrae.com for assistance.

9. What happens after the cost savings report is generated?

After the analysis, you'll receive a detailed report highlighting areas where you can optimize costs. The report includes actionable recommendations, which you can implement to reduce your AWS spending.

10. Is there a trial period or cost associated with using Pyrae?

Pyrae offers a free cost savings report as part of our customer acquisition strategy. This allows you to experience the value of our service firsthand. For ongoing access to advanced features, recurring reports, or real-time monitoring, we offer paid upgrades. Please contact our sales team for more information.

For further details, please refer to the linked resources or contact us at founders@pyrae.com

Introduction

What is Pyrae Cost Savings Report?​

How Does It Work?​

High-Level Architecture​

Policy Library​

Template Explainer​

Technical FAQs​

1. What permissions does Pyrae require in my AWS account?​

2. How is my data secured?​

3. Will deploying the template incur additional AWS costs?​

4. Why must the template be deployed in US-East-1?​

5. How long does the onboarding process take?​

6. Do I need to modify any existing resources or configurations?​

7. Can I customize the permissions or policies if needed?​

8. How can I get assistance during onboarding?​

9. What happens after the cost savings report is generated?​

10. Is there a trial period or cost associated with using Pyrae?​