Implement chargeback for connectivity to RISE - General SAP Guides

Implement chargeback for connectivity to RISE

If you are a company with subsidiaries, you may have different RISE contracts, leading to deployments in separate AWS accounts while requiring an interlinked network connectivity. In this instance, you must deploy Transit Gateway connection in a Landing Zone (multi-account) setup. It can scale your RISE deployment and integrate with multiple RISE with SAP VPCs.

Transit Gateway Flow Logs enables effective cost management. Transit Gateway Flow Logs can be integrated with Cost and Usage Report (CUR) that can be attributed as chargeback to the business units. For more information, see Logging network traffic using Transit Gateway Flow Logs.

How to implement chargeback capability for connectivity to RISE

The preceding diagram displays how Transit Gateway can be used to connect multiple RISE with SAP VPCs and provide chargeback capability through the Flow Logs.

For more information, see the following blogs:

Use the following steps to enable this setup:

  1. Enable Transit Gateway Flow Logs. For more information, see Create a flow log that publishes to Amazon S3.

  2. Setup Cost and Usage Reporting and setup Athena to utilize the reporting. For more information, see Creating Cost and Usage Reports and Querying Cost and Usage Reports using Amazon Athena.

  3. Obtain the Transit Gateway data processing charge per-account.

    1. Decide a cost allocation strategy - distribute costs evenly across all accounts or distribute proportionally across all accounts.

    2. Calculate the total network traffic and percentage allocation per account using AWS Transit Gateway query.

    3. Estimate cost per account, by collecting from CloudWatch that collects Network In(Upload) and NetworkOut(Download).

      1. NetworkIn(Upload) + NetworkOut(Download) per usage account/ total data processed in network account

      2. % of usage x total cost = chargeback cost per usage account