Account Management, Billing & Support Flashcards
AWS Organizations
• Global service
• Allows to manage multiple AWS accounts
Cost Benefits:
• Consolidated Billing
• Pricing benefits from aggregated usage
• Pooling of Reserved EC2 instances for optimal savings
• API is available to automate AWS account creation
• Restrict account privileges using Service Control Policies (SCP)
Multi Account Strategies
Create accounts per department, per cost center, per dev/test/ prod, based on regulatory restrictions (using SCP), for better resource isolation (ex: VPC), to have separate per-account service limits, isolated account for logging
Use tagging standards for billing purposes
• Enable CloudTrail on all accounts, send logs to central S3 account
• Send CloudWatch Logs to central logging account
Service Control Policies (SCP)
• Whitelist or blacklist IAM actions
• Applied at the OU or Account level
• Does not apply to the Master Account
• SCP is applied to all the Users and Roles of the Account, including Root user
• The SCP does not affect service-linked roles
• SCP must have an explicit Allow
AWS Organization – Consolidated Billing
• Combined Usage: combine the usage across all AWS accounts in the AWS Organization to share the volume pricing, Reserved Instances and Savings Plans discounts
• One Bill
• The management account can turn off Reserved Instances discount sharing
AWS Control Tower
Easy way to set up and govern a secure and compliant multi-account AWS environment based on best practices
Benefits:
• Automate the set up of your environment in a few clicks
• Automate ongoing policy management using guardrails
• Detect policy violations and remediate them
• Monitor compliance through an interactive dashboard
Pricing Models in AWS
• Pay as you go: pay for what you use, remain agile, responsive, meet scale demands
• Save when you reserve: minimize risks, predictably manage budgets, comply with long-terms requirements
• Pay less by using more: volume-based discounts
• Pay less as AWS grows
Free services & free tier in AWS
• IAM
• VPC
• Consolidated Billing
• Elastic Beanstalk
• CloudFormation
• Auto Scaling Groups
Compute Pricing – EC2
• Only charged for what you use
• Number of instances
• Instance configuration
• ELB running time and amount of data processed
• Detailed monitoring
Compute Pricing – EC2 (Instances)
On-demand instances:
• Minimum of 60s
• Pay per second (Linux/Windows) or per hour
Reserved instances:
• Up to 75% discount compared to On-demand on hourly rate
• 1- or 3-years commitment • All upfront, partial upfront, no upfront
Spot instances:
• Up to 90% discount compared to On-demand on hourly rate
• Bid for unused capacity
Dedicated Host:
• On-demand
• Reservation for 1 year or 3 years commitment
Savings plans as an alternative to save on sustained usage
Compute Pricing – Lambda / ECS / Fargate
Lambda:
• Pay per call
• Pay per duration
ECS:
• EC2 Launch Type Model: No additional fees, you pay for AWS resources stored and created in your application
Fargate:
• Fargate Launch Type Model: Pay for vCPU and memory resources allocated to your applications in your containers
Storage Pricing – S3
• Storage class: S3 Standard, S3 Infrequent Access, S3 One-Zone IA, S3 Intelligent Tiering, S3 Glacier and S3 Glacier Deep Archive
• Number and size of objects: Price can be tiered (based on volume)
• Number and type of requests
• Data transfer OUT of the S3 region
• S3 Transfer Acceleration
• Lifecycle transitions
Storage Pricing – S3
• Storage class: S3 Standard, S3 Infrequent Access, S3 One-Zone IA, S3 Intelligent Tiering, S3 Glacier and S3 Glacier Deep Archive
• Number and size of objects: Price can be tiered (based on volume)
• Number and type of requests
• Data transfer OUT of the S3 region
• S3 Transfer Acceleration
• Lifecycle transitions
Storage Pricing - EBS
• Volume type (based on performance)
• Storage volume in GB per month provisionned
• IOPS (Input/Output Operations per Second)
Snapshots:
• Added data cost per GB per month
Data transfer:
• Outbound data transfer are tiered for volume discounts
• Inbound is free
Database Pricing - RDS
• Per hour billing
• Database characteristics: Engine, Size & Memory class
Purchase type:
• On-demand
• Reserved instances with required up-front
• Backup Storage: There is no additional charge for backup storage up to 100% of your total database storage for a region.
Database Pricing - RDS 2
• Additional storage (per GB per month)
• Number of input and output requests per month
Deployment type (storage and I/O are variable):
• Single AZ • Multiple AZs
Data transfer:
• Outbound data transfer are tiered for volume discounts
• Inbound is free
Content Delivery – CloudFront
• Pricing is different across different geographic regions
• Aggregated for each edge location, then applied to your bill
• Data Transfer Out (volume discount)
• Number of HTTP/HTTPS request
Networking Costs in AWS per GB
• Use Private IP instead of Public IP for good savings and better network performance
• Use same AZ for maximum savings (at the cost of high availability)
Savings Plan
• Commit a certain $ amount per hour for 1 or 3 years
• Easiest way to setup long-term commitments on AWS
EC2 Savings Plan:
• Up to 72% discount
• Commit to usage of individual instance families in a region
• Regardless of AZ, size, OS or tenancy
Compute Savings Plan
• Up to 66% discount
• Regardless of Family, Region, size, OS, tenancy, compute options
• Compute Options: EC2, Fargate, Lambda
• Setup from the AWS Cost Explorer console
AWS Compute Optimizer
• Reduce costs and improve performance by recommending optimal AWS resources for your
workloads
• Helps you choose optimal configurations and right- size your workloads
• Uses Machine Learning to analyze your resources’ configurations and their utilization CloudWatch metrics
• Lower your costs by up to 25%
• Recommendations can be exported to S3
Billing and Costing Tools
Estimating costs in the cloud:
• Pricing Calculator
Tracking costs in the cloud:
• Billing Dashboard
• Cost Allocation Tags
• Cost and Usage Reports
• Cost Explorer
Monitoring against costs plans:
• Billing Alarms • Budget
AWS Pricing Calculator
Estimate the cost for your solution architecture
AWS Billing Dashboard
Will show you all the cost actually for the month, the forecast, and the month-to-date
Cost Allocation Tags
• Use cost allocation tags to track your AWS costs on a detailed level
AWS generated tags
• Automatically applied to the resource you create
• Starts with Prefix aws:
User-defined tags
• Defined by the user
• Starts with Prefix user:
Tagging and Resource Groups
• Tags are used for organizing resources
• Free naming, common tags are: Name, Environment, Team …
Tags can be used to create Resource Groups:
• Create, maintain, and view a collection of resources that share common tags
• Manage these tags using the Tag Editor
Cost and Usage Reports
• The AWS Cost & Usage Report contains the most comprehensive set of AWS cost and usage data available, including additional metadata about AWS services, pricing, and reservations
• Dive deeper into your AWS costs and usage
• Can be integrated with Athena, Redshift or QuickSight
Cost Explorer
Visualize, understand, and manage your AWS costs and usage over time
Create custom reports that analyze cost and usage data.
• Analyze your data at a high level: total costs and usage across all accounts
• Or Monthly, hourly, resource level granularity
• Choose an optimal Savings Plan
• Forecast usage up to 12 months based on previous usage
Billing Alarms in CloudWatch
Billing data metric is stored in CloudWatch us-east1
• Billing data are for overall worldwide AWS costs
• It’s for actual cost, not for projected costs
• Intended a simple alarm (not as powerful as AWS Budgets)
AWS Budgets
Create budget and send alarms when costs exceeds the budget
• 3 types of budgets: Usage, Cost, Reservation
• Up to 5 SNS notifications per budget
Trusted Advisor
Analyze your AWS accounts and provides
recommendation on 5 categories
• Cost optimization
• Performance
• Security
• Fault tolerance
• Service limits
Trusted Advisor – Basic & Developer Support plan (7 CORE CHECKS)
Basic & Developer Support plan (7 CORE CHECKS)
• S3 Bucket Permissions
• Security Groups – Specific Ports Unrestricted
• IAM Use (one IAM user minimum)
• MFA on Root Account
• EBS Public Snapshots
• RDS Public Snapshots
• Service Limits
Trusted Advisor – Business & Enterprise Support plan (FULL CHECKS)
• Full Checks available on the 5 categories
• Ability to set CloudWatch alarms when
reaching limits
• Programmatic Access using AWS Support API
AWS Basic Support Plan
• Customer Service & Communities - 24x7 access to customer service, documentation, whitepapers, and support forums.
• AWS Trusted Advisor - Access to the 7 core Trusted Advisor checks and guidance to provision your resources following best practices
• AWS Personal Health Dashboard
AWS Developer Support Plan
• All Basic Support Plan +
• Business hours email access to Cloud Support Associates
• Unlimited cases / 1 primary contact
Case severity / response times:
• General guidance: < 24 business hours
• System impaired: < 12 business hour
AWS Business Support Plan (24/7)
• Intended to be used if you have production workloads
• Trusted Advisor – Full set of checks + API access
• 24x7 phone, email, and chat access to Cloud Support Engineers
• Unlimited cases / unlimited contacts
• Access to Infrastructure Event Management for additional fee.
Case severity / response times:
• General guidance: < 24 business hours
• System impaired: < 12 business hours
• Production system impaired: < 4 hours
• Production system down: < 1 hour
AWS Enterprise On-Ramp Support Plan (24/7)
• Intended to be used if you have production or business critical workloads
• All of Business Support Plan +
• Access to a pool of Technical Account Managers (TAM)
• Concierge Support Team (for billing and account best practices)
• Infrastructure Event Management, Well-Architected & Operations Reviews
Case severity / response times:
• …
• Production system impaired: < 4 hours
• Production system down: < 1 hour
• Business-critical system down: < 30 minutes
