BOYD is a software application that runs on your local computer and provides a web interface for downloading selected columns, classifying and analyzing AWS Cost and Usage Reports (CUR) data from S3 parquet files.

BOYD uses local AWS command line session profiles to access CUR parquet files in S3. Minimal BOYD settings require a CUR bucket, the region where the bucket is deployed and an AWS command line profile that has access to the bucket.

Once configured, BOYD will identify the CUR report version (1.0, 2.0 or FOCUS) and the columns available in your dataset. There may be hundreds of columns and you will likely only need a fraction of them depending on your use case. Select the schema columns of interest and if you are not sure about a column’s contents, the S3 CUR Explorer allows you to browse summary statistics of columns directly from your reports in S3 to preview values.

CUR reports are typically massive in width and length: lots of columns and lots of rows. Schema selection helps reduce the width while the date columns (_end_date/_start_date/PeriodStart/PeriodEnd) will impact the length. For example, if you only need monthly reporting visibility and use other means for your daily trend visibility, only including bill_billing_period_start_date/BillPeriodStart and excluding the other _start_date/_end_date/PeriodStart/PeriodEnd columns, the size of the BOYD collected dataset will be reduced. Not surprisingly, including line_item_usage_start_date/ChargePeriodStart on an hourly CUR report will dramatically increase the size of your collected dataset.

With your schema selected, return to the home page, select a billing period and BOYD will collect the data from S3. From there you can start to explore your inventory, identify classification strategies to apply more context to your data, and explore the reporting and analysis capabilities.

BOYD has an initial 14 day free trial period to allow users to assess how well it works with their dataset. Prior to initiating the free trial you should ensure you have a CUR report configured that meets the requirements and that you have AWS command line access and an AWS command line interface profile configured to access your CUR report bucket and files. For BOYD CUR collection you will need to know your CUR bucket, the region where the bucket is deployed and your AWS command line profile that has access to the bucket. For utilizing Dig Mode, you will need access to the read permissions in the default AWS “SecurityAudit” role.

• MacOS supported
• (Windows support in development)

• AWS CUR reporting with:
  • Include resource IDs enabled
  • Data export delivery options: Parquet format;
  • Report Versioning: Overwrite existing data export file;
  • Daily reporting is recommended; hourly reporting is supported but will result in much larger datasets and reduce performance.
• Recommended less than 1GB/month total CUR parquet size, but mileage will vary depending on the schema columns collected, cloud services/architectures in use and local system capabilities;
• AWS command line access to your Cost and Usage Report (CUR) S3 bucket; see “What AWS permissions are required?” for details

• BOYD requires AWS permissions to Get/List CUR S3 bucket and files. Dig Mode, which can be used to investigate and apply discovered context to your results, requires additional permissions to AWS Get/Describe APIs, AWS Cloudtrail events API, and AWS Config API. The AWS managed “SecurityAuditRole” role should cover the necessary Dig Mode permissions.
• An example AWS IAM policy showing the minimum permissions required for CUR access (does not include “SecurityAudit” role permissions):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketAcl",
                "s3:GetBucketPolicy"
            ],
            "Resource": [
                "arn:aws:s3:::<YOUR_CUR_BUCKET>",
            ]
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:GetObjectAttributes"
            ],
            "Resource": [
                "arn:aws:s3:::<YOUR_CUR_BUCKET>/*"
            ]
        }
    ]
}

Dig Mode has been tested against the following services and APIs. Cloudtrail API requests attempt lookups using the ARN and/or resource ID value. (Note: GovCloud regions are not supported in BOYD v1.0.1.)