Account Management, Billing & Support Flashcards
1
Q
AWS Organizations Properties
A
- Global service
- Manage multiple account (master & child)
- Cost benefits
- consolidated billing
- pricing from aggregate usage
- Pooling of reserved ec12 instances
- API is available to automate AWS account creation
- Restrict privs using SCP (service control policies)
2
Q
SCP
A
Service control policy
- whilelist or blacklist IAM
- Apply SCP at OU or account level
- Doesn’t apply to master account
- applies to all users and roles of account
- Deny all
- use cases
- restrict access to certain services (can’t use EMR)
- Enforce PCI compliance by explicitly disabling services
3
Q
Multi-account strategies
A
- Accounts per department, cost center, environment, regulatory, isolation, etc.
- multi account vs one account multi VPC
- use tagging for billing
- Enable cloudtrail, send to central S3
- Send cloudWatch logs to central logging
4
Q
AWS OU
A
organizational unit
Can have multiple accounts
- Root OU has everything
- dev OU
- prod OU
- finanace OU
5
Q
Organization - consolidated billing
A
- Usage of all accounts in the org
- share volume pricing
- share reserved instances and savings plans
- One bill
- can turn off reserved instances discount sharing for any account
6
Q
AWS Control Tower
A
- govern secure multi-account environment based on best practices
- automate set up with clicks
- define policies using guardrails
- Detect policy violations
- monitor compliance
- run on top of Organiations
7
Q
Landing Zone
A
well structured set of accounts in control towerwith a home region, a couple of OUs, some audit accounts, etc.
8
Q
AWS RAM
A
Resource Access Manager
- share AWS resources with other accounts
- share with any account or organization
- avoid resource duplication
- Aurora, VPC subnets, transit gateay, R53, EC3
9
Q
AWS Service Catalog
A
- Simplified portal to launch set of authorized products
- includes virtual machines, databases, storage, etc.
- AWS service catalog predefines these services
10
Q
Service Catalog usage
A
- define produce in CloudFormation templates
- Portfolios are collections of products
- IAM permissions to access portfolios for users
- launched resources are properly configured and tagged
11
Q
What are the four pricing models?
A
- pay as you go (on-demand)
- save when reserved
- reserved instance for different services
- Volume-based discounts
- AWS drops pricing over time
12
Q
What are free services?
A
- IAM
- VPC
- Consolidated billing
- Elastik beanstalk
- CloudFormation
- Auto scaling groups
- Free tier (t2.micro for a year, data transfer)
13
Q
EC2 Pricing
A
- on demand pricing
- 60s min, or by second or hour
- reserved instances
- up to 75% discount, 1-3 yr commit
- all, partial, or no upfront payment
- spot
- up to 90% discount
- bid for unused capacity
- dedicated host
- on demand
- 1 or 3 year reservation
- savings plans if sustained usage
14
Q
Lambda pricing
A
Pay per call and per duration
15
Q
ECS pricing
A
No additional fees, but pay for AWS resources storage and created in the application
16
Q
Fargate pricing
A
Pay for vCPU and memory in containers
17
Q
S3 pricing
A
- S3 standard, infrequent, One-Zone IA, Intelligent tiering, Glacier, and Glacier deep archive
- number and size of objects (tiered on volume)
- Number and type of requests
- data transfer out of S3 region
- S3 transfer acceleration (if used)
- Lifecycle transitions
EFS is similar (pay per use, has infrequent access, & lifecycle rules)
18
Q
EBS pricing
A
- volume type
- storage volume (GB/month)
- IOPS (general purpose, provisioned, magentic)
- snapshots
- data transfer
- outbound cost
- inbound is free
19
Q
RDS pricing
A
- per hour billing
- database characteristics
- engine
- size
- memory class
- purchase time (on demand, reserved)
- Backup storage
- number of input/output requests/month
- Single vs multiple AZ
- outbound transfer tiered, inbound is free
20
Q
AWS CloudFront Pricing
A
- different based on region
- aggregated at edge locations
- pay for data transfer out, not in
- Number of HTTP/HTTPS requests
21
Q
Networking Costs in AWS per GB
A
- inbound generally free
- use of public network for AZ to AZ gets charges, less if using private IP
- interregion cost
- use same AZ to maximize savings
22
Q
AWS Savings Plan
A
- Commit certain $$ amount/hour for 1 or 3 years
- easiest way to set up long term commitments
- EC2 savings plan
- up to 72% discount
- commit to usage of individual instance families in a region
- regardless of AZ or tenancy
- all upfront, partial, or no upfront
- Computer savings plan
- up to 66% discount
- regardless of family, region, size, os, etc.
- EC2, fargate, lambda,
- Machine learning savings plan (SageMaker)
23
Q
AWS Compute Optimizer
A
- reduce costs and improve performance by recommending optimal resources for workload
- Uses ML to analys workload and checks CloudWatch
- EC2, Autoscaling groups, EBS, Lambda
- Lower costs by 25%
- Export recommendations to S3
24
Q
Billing and Costing Tools
A
- Estimating costs
- pricing calculator
- Tracking costs
- Billing dashboard
- Cost allocation tags
- Cost and Usage reports
- Cost explorer
- Monitoring
- Billing alarms
- budgets
25
**AWS Pricing Calculator**
**https://calculator.aws**
26
**Cost Allocation Tags**
* Track AWS costs on detailed level
* AWS generated tags
* * automatically applied to created resources
* * starts with prefix aws:
* user defined tags
* * starts with prefix user:
27
**AWS Cost Explorer**
* **Forecast usage up to 12 months based on prior usage**
* visualize AWS cost and usage over time
* Create custom reports
* Choose best savings plan
28
**AWS Resource Groups**
* Create, maintain, and view resources with common tags
* manage using tag editor
29
**CloudWatch billing alarms**
* billing data stored in us-east-1
* data is for worldwide AWS cost
* actual, not projected
* simple alarm
30
**AWS Budgets**
* Create and send alarms
* Usage, Cost, Reservation, Savings Plans
* For RIs
* * track ultilization
* * support EC2, elastichache, RDS, redshift
* 5 SNS notifications per budget
* filter by service, tag, etc.
* 2 budgets free, then 0.02 per day per budget
31
**Cost Anomaly Detection**
* Monitor usage with ML
* You don't have to define anything
* Send anomaly detection report with root cause
* Notifications through SNS per event, or daily/weekly
31
**Service Quotas**
* Notify when you are close to quota threshold
* CloudWatch alarms on the quotas console
* Example: Lambda concurrent executions
* request a quota increase or shutdown resource before limit is hit
32
**Trusted Advisor**
* Nothing to install
* Analyze on 6 categories
* * Cost optimization
* * performance
* * security
* * fault tolerance
* * service limits
* * operational excellence
33
**AWS Basic Support**
* Customer service & communities, 24x7 access to CS, documentation, forums
* Trusted advisor
* Personal health dashboard
34
**AWS Developer Support Plan**
* Basic support +
* Business hours emial access to cloud support associates
* Unlimited cases, 1 primary contact
* general guidance < 24 business hr
* system impair < 12 business hours
35
**AWS Business Support Plan**
* Production workload
* Full trusted advisor checks
24x7 phone, email, chat access to cloud support engineers
* unlimited cases, unlimited contacts
* Prod impaired < 4hr
* prod sysrtem down < 1 hr
36
**AWS Enterprise On-Ramp Support Plan**
Business Support Plan +
* Access to TAM
* Concierge support team for billing and accout best practices
* Infrastructure event management, WAF
* Business critical system < 30 minutes
37
**Enterprise Support Plan**
Business Support Plan +
* Dedicatd TAM
* Concierge support team for billing and account best practices
* Infrastructure event management, WAF
* Business critical system < 15 minutes
