Mastering AWS Cost and Usage Reports (CUR) for Granular Analysis

Learning Objectives

After studying this guide, you should be able to:

Configure the necessary S3 bucket policies to allow AWS Billing to export reports.
Differentiate between the granularity and capabilities of Cost Explorer versus CUR.
Implement a granular cost reporting strategy that includes resource IDs and tags.
Analyze usage trends by selecting appropriate time granularities (hourly, daily, monthly).

Key Terms & Glossary

CUR (Cost and Usage Report): The most granular AWS billing data source, providing itemized costs at the resource level.
Granularity: The scale of detail in a report; in CUR, this can be hourly, daily, or monthly.
Bucket Policy: A resource-based IAM policy used to grant the AWS Billing service permissions to write files to your S3 bucket.
CSV (Comma-Separated Values): The standard file format for CUR data, compatible with spreadsheet and database tools.
Resource ID: A unique identifier for an AWS resource (e.g., i-1234567890abcdef0), used in CUR to track costs to specific instances or volumes.

The "Big Idea"

While AWS Cost Explorer is excellent for high-level visualizations, it is a "read-only" lens on your data. AWS Cost and Usage Reports (CUR) act as the raw data engine. It provides the "atomic level" of billing information. If Cost Explorer shows you what you spent, CUR shows you why you spent it, down to the specific second a resource was active and which specific resource was responsible.

Formula / Concept Box

Concept	Requirement / Rule
Setup Steps	1. Create S3 Bucket $\rightarrow 2. Apply IAM Policy \rightarrow$ 3. Define Report in Billing Console
Data Availability	It typically takes 24 hours for data to begin populating after initial setup.
Permissions (Principal)	`"Service": "billingreports.amazonaws.com"`
Required Actions	`s3:GetBucketAcl`, `s3:GetBucketPolicy`, `s3:PutObject`

Hierarchical Outline

I. AWS Cost and Usage Reports (CUR) Fundamentals
- Most Detailed Reporting: Comprehensive understanding of consumption and pricing.
- Delivery Mechanism: Automated export to a customer-owned S3 bucket.
- Time Granularity: Hourly, daily, weekly, or monthly intervals.
II. Configuration Workflow
- Step 1: S3 Preparation
  - Create a standard S3 bucket.
  - Apply a specific Bucket Policy to allow the billingreports service access.
- Step 2: CUR Definition
  - Navigate to Billing and Cost Management console.
  - Enable the service (if first-time use).
  - Select Create report and define content (e.g., include Resource IDs).
III. Data Consumption
- File Format: Default is CSV.
- Analysis Tools: S3, Amazon Athena, Amazon QuickSight, or third-party tools.

Visual Anchors

CUR Setup Workflow

Loading Diagram...

Data Flow Architecture

\begin{tikzpicture}[node distance=2cm, every node/.style={rectangle, draw, rounded corners, align=center, fill=blue!5}] \node (billing) {AWS Billing \ Service}; \node (s3) [right of=billing, xshift=2cm] {Customer S3 Bucket \ (CSV Storage)}; \node (athena) [above right of=s3, xshift=2cm] {Amazon Athena \ (SQL Query)}; \node (quicksight) [below right of=s3, xshift=2cm] {Amazon QuickSight \ (Visualization)};

code

\draw[->, thick] (billing) -- node[above] {Export} (s3);
\draw[->, thick] (s3) -- (athena);
\draw[->, thick] (s3) -- (quicksight);

\end{tikzpicture}

Definition-Example Pairs

Term: Resource ID Inclusion
Definition: An optional setting in CUR that adds a column for the specific ID of every resource.
Example: Without this, you see "EC2-Instances cost: $500." With this, you see "i-0a1b2c3d: $450" and "i-9e8f7g6h: $50," allowing you to identify a specific misconfigured instance.
Term: Time Granularity
Definition: The level of temporal detail recorded for each line item.
Example: Choosing "Hourly" granularity lets a Solutions Architect see that costs spike every day at 3 PM, coinciding with a specific scheduled batch job.

Worked Examples

Scenario: Configuring the S3 Bucket Policy

To allow AWS to drop your billing files, you must use a policy that identifies the billing service. Below is the breakdown of a compliant policy block:

1. Identify the Principal:

json

"Principal": { "Service": "billingreports.amazonaws.com" }

2. Define Conditions: To prevent "confused deputy" security risks, use aws:SourceArn to ensure only your specific report definition can write to the bucket.

3. Grant Write Permissions: Use s3:PutObject on the resource path arn:aws:s3:::YOUR-BUCKET/*.

[!IMPORTANT] Ensure you replace ${AccountId} and EXAMPLE-BUCKET with your actual AWS Account ID and bucket name, or the policy will fail to apply.

Checkpoint Questions

What is the minimum amount of time you should expect to wait before CUR data appears in your S3 bucket after setup?
Which specific AWS Service Principal must be granted permission in the S3 bucket policy?
If you want to see exactly which Lambda function is driving up costs, which specific option must you check during the CUR report creation?
How does CUR differ from Cost Explorer in terms of data editability and customizability?

▶Click to see Answers

Approximately 24 hours.
billingreports.amazonaws.com.
"Include resource IDs."
Cost Explorer provides out-of-the-box, non-editable default reports for common patterns; CUR provides raw, highly customizable CSV data for deep analysis.

Muddy Points & Cross-Refs

The "24-Hour Lag": Students often mistake the setup as "broken" when the S3 bucket remains empty immediately after creation. Remind yourself: Wait one day.
Cost Explorer vs. CUR: Think of Cost Explorer as the "Executive Dashboard" and CUR as the "Forensic Ledger."
S3 Bucket Location: The bucket must exist before you can finalize the CUR definition in the Billing console.

Comparison Tables

Feature	AWS Cost Explorer	AWS Cost & Usage Reports (CUR)
Primary Use	Visualizing trends and patterns	Deep-dive forensic analysis
Granularity	Daily/Monthly (Hourly requires opt-in)	Hourly/Daily/Monthly (Standard)
Data Format	Interactive Graphs/UI	CSV or Parquet in S3
Resource IDs	Limited visualization	Fully included (if selected)
Automation	Manual filtering/API	Automated export to S3
Setup Difficulty	Low (Out-of-the-box)	Medium (S3 + Policies required)