Overview

This article describes how to integrate AWS CUR data with Ripple. While we recommend using AWS CloudFormation for this setup, if a manual configuration is required, please follow the steps below.

Time to complete: Around 5 minutes.

Required permissions: Since AWS Cost and Usage Reports (CUR) are issued at the Payer Account level, you will need admin access to your Payer Account.

Note: If you do not have a Ripple account, please send us your root account email address (used to log in to Ripple) and we will create an account for you.

Required Information

- Ripple login ID (Email address) 

- AWS account ID (12-digit number) 

- Information of the created report 
     - Report Name
     - S3 Bucket 
     - Report Path Prefix or Report Path

- IAM Role ARN 
(eg. arn:aws:iam::xxxxxxxxxxxx:role/crossacounnt-access-for-alphaus)

Step 1. Create an S3 bucket and CUR Report (Optional)

Create an Hourly Report using the AWS account from which you will be sharing billing information.

You may skip this step if you already have a report definition that meets all of the following criteria:

Time granularity is set to Hourly
Resource ID is enabled in the report
The S3 bucket does not contain any objects that you do not wish Alphaus to view (read access is granted to the entire bucket)

Step 1.1: Create an S3 bucket

From the S3 Console, create a bucket with any name. The default options are fine. Please make a note of the bucket name as it will be used as the output destination for the report.

Step 1.2: Create a CUR Report

From the AWS Management Console, open Billing and Cost Management and navigate to Legacy Pages > Cost and Usage Reports.
Click Create report > fill in Step 1: Specify report details as follows:
1. Report Name: Any name
1. Include Resource IDs: Checked ✅
2. Data refresh settings: Checked (recommended) ✅
In Step 2: Delivery Options
1. Create a new bucket; or
2. Select existing bucket (the one created in Step 1.1)
Confirm that Valid Bucket is displayed, then proceed with the following settings:
1. S3 Path Prefix: Required
2. Report data time granularity: Hourly
3. Report Versioning: Create new report version
4. Report data integration: Unchecked
5. Compression Type: GZIP or ZIP
⚠️ Only GZIP and ZIP compression types are supported. Enabling Report data integration may cause the report to not function correctly.
Step 3: Review and create, confirm all details are correct and complete the setup.

Step 2: Create an IAM Policy and Role to Delegate Read Permissions

Step 2.1: Create an IAM Policy

From the AWS Management Console, open IAM and navigate to Roles > Create Role.

Select JSON as the input format and enter the following policy. Replace {replace_to_report_bucket} with your S3 bucket name (created in Step 1.1):

{
    "Version": "2012-10-17",
   "Statement": [
         {
               "Effect": "Allow",
               "Action": [
                     "s3:Get*",
                     "s3:List*"
               ],
               "Resource": [
                     "arn:aws:s3:::{replace_to_report_bucket}",
                     "arn:aws:s3:::{replace_to_report_bucket}/*"
               ]
         }
   ]
}

Proceed to Review and create and enter the following:
- Policy name: Any (*required)
- Description: Optional
- Add tags - optional
Click Create policy.

Step 2.2: Create an IAM Role

From the AWS Management Console, open IAM and navigate to Roles > Create Role.
Input the following information in the Step 1: Selected trusty entity page:
1. Trusted entity type: AWS account
2. An AWS account: Another AWS account
3. Account ID: 131920598436
4. Options: Optional
In the Step 2: Add permissions page, select the policy you just created (in Step 2.1). Enable the checkbox ✅ and proceed.
Step 3: Name, review and create:
1. Policy name: Any (*required)
2. Description: Optional
3. Add tags - optional
Confirm that the Trusted Entity and Policies are applied correctly, then click Create Role.
Click on the role you just created and note down the Role ARN.

That's all for the AWS Console setup! ✅

Register in Ripple

From the left menu in Ripple, click Settings > Payer Account Settings.
Click ... next to the relevant Payer Account.
Click Register/Update S3 Bucket — the following screen will appear.
Fill in the required fields and click Register S3 Bucket in the bottom right corner to save.

To verify that the CUR integration is working correctly, expand the relevant Payer Account details to view the S3 Bucket Registration Info section. This section tracks the CUR update history — if data is being reflected here, the integration is working correctly.

Note: Ripple integrates CUR data from the date the connection is established. If you need to import data from previous months, please contact us via the chat function in the bottom right corner or at ripple_cs@alphaus.cloud.

For example, if you connected your CUR to Ripple in November, data from November onwards will be available in Ripple. To import data from October or earlier, please contact us.

Notes

If you encounter errors during setup, please check that the IAM user performing the operations has sufficient permissions. (Root account users will not have this issue.)
S3 server-side encryption (SSE-S3) can be used with Ripple without any additional configuration.
For other encryption options (SSE-KMS or SSE-C), please contact us in advance at ripple_cs@alphaus.cloud.
- If using SSE-KMS, you will need to add AWS KMS permissions to your IAM policy.

If any errors occur during the process or if you have any questions, please contact us at ripple_cs@alphaus.cloud for further assistance.

You now have all the necessary information to register your AWS Payer Account in Ripple 🎉

Next: Payer Account Registration (Manual Setup) →

Ripple - Payer Account Registration (Manual Setup)

Ripple - Account & Billing Group Registration: Mapping Sheet

CUR Specification Change Log

Ripple - Payer Account Registration (AWS CloudFormation)

Ripple - Integrate AWS Billing Conductor to Ripple

Ripple - AWS CUR Integration