AWS Cost Explorer API
AWS Cost Explorer API enables programmatic access to AWS cost and usage data, providing comprehensive insights into cloud spending patterns, resource utilization, and cost optimization opportunities for better financial management.
Power end-to-end data operations for your AWS Cost Explorer API API with Nexla. Our bi-directional AWS Cost Explorer API connector is purpose-built for AWS Cost Explorer API, making it simple to ingest data, sync it across systems, and deliver it anywhere — all with no coding required. Nexla turns API-sourced data into ready-to-use, reusable data products and makes it easy to send data to AWS Cost Explorer API or any other destination. With comprehensive monitoring, lineage tracking, and access controls, Nexla keeps your AWS Cost Explorer API workflows fast, secure, and fully governed.
Features
Type: API
- Seamless API Integration: Connect to any endpoint as source or destination without coding, with automatic data product creation
- Visual Composition & Chaining: Build complex integrations using visual templates, chain API calls, and compose workflows with data validation and filtering
- API Proxy: Expose curated slices of your data securely with a secure and customizable API proxy that validates and transforms data on the fly
- Request optimization with intelligent batching, retry, and caching to minimize API calls and costs
Prerequisites
Before creating an AWS Cost Explorer API credential in Nexla, you need to create an IAM user with appropriate permissions and obtain AWS Access Key credentials. AWS Cost Explorer API uses AWS Signature Version 4 for authentication.
AWS IAM User Setup
The IAM user must have appropriate permissions to access the Cost Explorer API. Ensure that the user has the necessary IAM policies attached. For detailed information about Cost Explorer API permissions, see the AWS Cost Explorer API documentation.
-
Access AWS IAM Console: Sign in to your AWS account and navigate to the IAM Console.
-
Create an IAM User: Create a new IAM user or select an existing user that will be used for API access. This user will need permissions to access the Cost Explorer API.
-
Attach Cost Explorer Permissions: Attach the necessary IAM policies to the user. The user needs permissions to access the Cost Explorer API, such as:
ce:GetCostAndUsagece:GetCostAndUsageWithResourcesce:GetDimensionValuesce:GetReservationCoveragece:GetReservationPurchaseRecommendationce:GetReservationUtilizationce:GetRightsizingRecommendationce:GetSavingsPlansCoveragece:GetSavingsPlansPurchaseRecommendationce:GetSavingsPlansUtilizationce:GetUsageReportce:ListCostCategoryDefinitions- Or attach the
AWSCostExplorerServiceReadOnlyAccessmanaged policy for read-only access
-
Create Access Key: Create an access key pair for the IAM user. This will generate an Access Key ID and Secret Access Key that you'll use for authentication.
-
Select AWS Region: Determine which AWS region you want to use for the Cost Explorer API. The Cost Explorer API is available in specific regions, typically
us-east-1(N. Virginia). -
Copy Credentials: Copy the Access Key ID and Secret Access Key immediately after creation, as the secret key will only be shown once.
AWS Access Keys provide programmatic access to your AWS account. Keep your Access Key ID and Secret Access Key secure and do not share them publicly or commit them to version control systems. If you suspect your access keys have been compromised, rotate them immediately in the IAM Console. For detailed information about AWS IAM and access keys, see the AWS IAM documentation.
Authenticate
Credentials required
| Field | Required | Secret | Description |
|---|---|---|---|
| AWS Access Key | Yes | No | The access key id of the Access Key pair that is used for verifying the identity of the requesting user. |
| AWS Secret Key | Yes | Yes | The access secret of the Access Key pair that is used for verifying the identity of the requesting user. |
| AWS Region | Yes | No | The region that is receiving the request. |
| Session Token | No | Yes | Optional session token if the request requires temporary security credentials. This is added to the request as x-amz-access-token request header. |
Create a credential in Nexla
- After selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.
New Credential Overlay – AWS Cost Explorer API

-
Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.
-
Enter your AWS Access Key ID in the AWS Access Key field. This should be the Access Key ID obtained from your IAM user's access key pair. The Access Key ID is used together with the Secret Access Key to sign API requests using AWS Signature Version 4.
-
Enter your AWS Secret Access Key in the AWS Secret Key field. This should be the Secret Access Key obtained from your IAM user's access key pair. The Secret Access Key is used together with the Access Key ID to sign API requests.
The AWS Access Key ID and Secret Access Key provide programmatic access to your AWS account through the Cost Explorer API. Keep these credentials secure and do not share them publicly or commit them to version control systems. AWS uses AWS Signature Version 4 to sign API requests, which allows Nexla to make authenticated requests to your AWS account.
-
Enter your AWS Region in the AWS Region field. This should be the AWS region where you want to make Cost Explorer API requests. Common regions include
us-east-1(N. Virginia),us-west-2(Oregon),eu-west-1(Ireland), and others. The Cost Explorer API is typically available inus-east-1. -
Optionally, enter a Session Token in the Session Token field if you are using temporary security credentials. Session tokens are required when using temporary credentials from AWS STS (Security Token Service) or when assuming IAM roles. If you are using permanent access keys, you can leave this field empty.
If you are using temporary security credentials (for example, from AWS STS or IAM role assumption), you must provide a Session Token. The session token is added to requests as the
x-amz-access-tokenheader. For permanent access keys, the session token field can be left empty. -
Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.
Use as a data source
To create a new data flow, navigate to the Integrate section, and click the New Data Flow button. Select the AWS Cost Explorer API connector tile, then select the credential that will be used to connect to the AWS Cost Explorer API instance, and click Next; or, create a new AWS Cost Explorer API credential for use in this flow.
Endpoint templates
Nexla provides pre-built templates that can be used to rapidly configure data sources to ingest data from common AWS Cost Explorer API endpoints. Select the endpoint from which this source will fetch data from the Endpoint pulldown menu. Available endpoint templates are listed in the expandable box below.
Once the selected endpoint template has been configured, click the Test button to the right of the endpoint selection menu to retrieve a sample of the data that will be fetched. Sample data will be displayed in the Endpoint Test Result panel on the right, allowing you to verify that the source is configured correctly before saving.
Manual configuration
AWS Cost Explorer API data sources can also be manually configured to ingest data from any valid AWS Cost Explorer API endpoint, including endpoints not covered by the pre-built templates, chained API calls, or custom request parameters. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, endpoint URL, date/time and lookup macros, path to data, metadata, and request headers.
The AWS Cost Explorer API uses POST requests to https://ce.{region}.amazonaws.com (e.g., https://ce.us-east-1.amazonaws.com). Every request requires a JSON request body along with the headers Content-Type: application/x-amz-json-1.1 and X-Amz-Target: AWSInsightsIndexService.{ActionName}, where {ActionName} is the selected Cost Explorer action (e.g., GetCostAndUsage). To return only the relevant records, set the path to data — for example, $.ResultsByTime[*].
Once all of the relevant settings have been configured, click the Create button in the upper right corner of the screen to save and create the new AWS Cost Explorer API data source. Nexla will now begin ingesting data from the configured endpoint and will organize any data that it finds into one or more Nexsets.