Cloud Accounts

Connect and manage your AWS, GCP, and Azure accounts for unified multi-cloud cost tracking.

Supported Cloud Providers

☁️

AWS

✅ Available

Secure OIDC authentication without storing credentials

Setup Guide →

☁️

GCP

✅ Available

Service Account authentication with encrypted key storage

Setup Guide →

☁️

Azure

✅ Available

Service Principal authentication with encrypted credential storage

Setup Guide →

Getting Started

Prerequisites

Active CosmosCost account (Business plan or higher for multiple providers)

Admin role in your organization

Access to your cloud provider console

Appropriate permissions to create IAM roles/service accounts

Connection Process Overview

Navigate to Settings → Cloud Accounts

Click Add Cloud Account

Select your provider (AWS, GCP, or Azure)

Follow provider-specific setup wizard

Complete configuration in cloud provider console

Verify connection in CosmosCost

Wait for initial data sync (24-48 hours)

Managing Cloud Accounts

Account List View

The Cloud Accounts page displays all connected accounts with:

Provider

AWS, GCP, or Azure icon

Account Name

Friendly name you assigned

Account ID

Cloud provider identifier

Status

Connected, Error, or Syncing

Last Sync

Last successful sync timestamp

Actions

Edit, Sync Now, or Remove

Account Status

✅

Connected

Account validated and syncing normally

🔄

Syncing

Currently fetching cost data

❌

Error

Connection issue requires attention

⏸️

Paused

Account temporarily disabled

Editing Account Details

Click the edit icon next to the account

Update account name or description

Modify sync frequency (if available)

Save changes

Manual Sync

Trigger immediate data sync:

Find the account in the list

Click Sync Now

Sync begins immediately

Status updates when complete

Removing Accounts

Click the menu icon next to the account

Select Remove Account

Review warning about data deletion

Confirm removal

Account and cost data deleted

Warning

Removing an account deletes all historical cost data. Export data before removal if needed.

Data Synchronization

Sync Frequency

Free Plan

Daily sync

Business Plan

Every 6 hours

B+

Business+ Plan

Hourly + manual on-demand

Initial Sync

After connecting a new account:

Historical data import (up to 24 months)

First sync takes 24-48 hours

Incremental syncs are faster

Email notification when complete

What Gets Synced

Daily cost and usage data

Service-level breakdowns

Regional cost distribution

Resource tags (if available)

Billing account details

Security & Permissions

AWS Security

No credentials stored

Uses OIDC Web Identity Federation

Read-only access

Cannot modify your AWS resources

Minimal permissions

Only Cost Explorer and billing APIs

Audit trail

All API calls logged in CloudTrail

GCP Security

Encrypted storage

Service account keys encrypted at rest (AES-256)

Read-only roles

Only Viewer and BigQuery User permissions

Restricted API access

Limited to billing and cost APIs

Automatic key rotation

Rotate keys every 90 days (recommended)

Azure Security

Encrypted storage

Service principal credentials encrypted at rest (AES-256)

Read-only access

Only Cost Management Reader permission required

Minimal permissions

Limited to cost data only, no resource access

Credential rotation

Rotate client secrets every 12-24 months

Azure Integration Setup

Quick Start: Azure Service Principal

Azure uses Service Principal (App Registration) authentication for secure access to cost data.

Create App Registration

Generate Client Secret

Create secret in Certificates & Secrets - copy value immediately (shown once!)

Assign Cost Management Reader Role

CRITICAL: Must be assigned at Subscription level in IAM

Add to CostMixer

Enter Tenant ID, Client ID, Client Secret, and Subscription ID in CostMixer

Best Practices

Use dedicated service accounts/roles for CosmosCost

Apply principle of least privilege

Enable audit logging in your cloud provider

Regularly review connected accounts

Remove accounts you no longer need

Monitor for unusual API activity

Troubleshooting

Connection Failed

☁️AWS Issues

•

Verify IAM role trust relationship is correct

•

Check role has required policies attached

•

Ensure Cost Explorer is enabled

•

Verify OIDC provider is configured

☁️GCP Issues

•

Confirm service account has Billing Account Viewer role

•

Check required APIs are enabled

•

Verify JSON key is valid and not expired

•

Ensure billing export is configured

☁️Azure Issues

•

Verify service principal has Cost Management Reader role

•

Check role is assigned at subscription level

•

Ensure client secret is not expired

•

Wait 5-10 minutes for role propagation

No Data Syncing

Possible causes:

Initial sync still in progress (wait 24-48 hours)

No billable usage in selected time period

Cloud provider billing delay (up to 24 hours)

Permissions issue preventing data access

Sync Errors

Check account status for error details

Verify cloud provider credentials are still valid

Review permissions in cloud console

Try manual sync

Contact support if issue persists

Plan Limitations

Feature	Free	Business	Business+
AWS Accounts	1	Unlimited	Unlimited
GCP Accounts	❌	Unlimited	Unlimited
Azure Accounts	❌	Unlimited	Unlimited
Sync Frequency	Daily	Every 6h	Hourly
Manual Sync	❌	Limited	✅

Ready to Connect?

Start with our AWS Setup Guide to connect your first account.

Need help connecting accounts? Check troubleshooting or contact support.