Account Management, Billing & Support Flashcards
AWS Organizations Properties
- Global service
- Manage multiple account (master & child)
- Cost benefits
- consolidated billing
- pricing from aggregate usage
- Pooling of reserved ec12 instances
- API is available to automate AWS account creation
- Restrict privs using SCP (service control policies)
SCP
Service control policy
- whilelist or blacklist IAM
- Apply SCP at OU or account level
- Doesn’t apply to master account
- applies to all users and roles of account
- Deny all
- use cases
- restrict access to certain services (can’t use EMR)
- Enforce PCI compliance by explicitly disabling services
Multi-account strategies
- Accounts per department, cost center, environment, regulatory, isolation, etc.
- multi account vs one account multi VPC
- use tagging for billing
- Enable cloudtrail, send to central S3
- Send cloudWatch logs to central logging
AWS OU
organizational unit
Can have multiple accounts
- Root OU has everything
- dev OU
- prod OU
- finanace OU
Organization - consolidated billing
- Usage of all accounts in the org
- share volume pricing
- share reserved instances and savings plans
- One bill
- can turn off reserved instances discount sharing for any account
AWS Control Tower
- govern secure multi-account environment based on best practices
- automate set up with clicks
- define policies using guardrails
- Detect policy violations
- monitor compliance
- run on top of Organiations
Landing Zone
well structured set of accounts in control towerwith a home region, a couple of OUs, some audit accounts, etc.
AWS RAM
Resource Access Manager
- share AWS resources with other accounts
- share with any account or organization
- avoid resource duplication
- Aurora, VPC subnets, transit gateay, R53, EC3
AWS Service Catalog
- Simplified portal to launch set of authorized products
- includes virtual machines, databases, storage, etc.
- AWS service catalog predefines these services
Service Catalog usage
- define produce in CloudFormation templates
- Portfolios are collections of products
- IAM permissions to access portfolios for users
- launched resources are properly configured and tagged
What are the four pricing models?
- pay as you go (on-demand)
- save when reserved
- reserved instance for different services
- Volume-based discounts
- AWS drops pricing over time
What are free services?
- IAM
- VPC
- Consolidated billing
- Elastik beanstalk
- CloudFormation
- Auto scaling groups
- Free tier (t2.micro for a year, data transfer)
EC2 Pricing
- on demand pricing
- 60s min, or by second or hour
- reserved instances
- up to 75% discount, 1-3 yr commit
- all, partial, or no upfront payment
- spot
- up to 90% discount
- bid for unused capacity
- dedicated host
- on demand
- 1 or 3 year reservation
- savings plans if sustained usage
Lambda pricing
Pay per call and per duration
ECS pricing
No additional fees, but pay for AWS resources storage and created in the application
Fargate pricing
Pay for vCPU and memory in containers
S3 pricing
- S3 standard, infrequent, One-Zone IA, Intelligent tiering, Glacier, and Glacier deep archive
- number and size of objects (tiered on volume)
- Number and type of requests
- data transfer out of S3 region
- S3 transfer acceleration (if used)
- Lifecycle transitions
EFS is similar (pay per use, has infrequent access, & lifecycle rules)
EBS pricing
- volume type
- storage volume (GB/month)
- IOPS (general purpose, provisioned, magentic)
- snapshots
- data transfer
- outbound cost
- inbound is free
RDS pricing
- per hour billing
- database characteristics
- engine
- size
- memory class
- purchase time (on demand, reserved)
- Backup storage
- number of input/output requests/month
- Single vs multiple AZ
- outbound transfer tiered, inbound is free
AWS CloudFront Pricing
- different based on region
- aggregated at edge locations
- pay for data transfer out, not in
- Number of HTTP/HTTPS requests
Networking Costs in AWS per GB
- inbound generally free
- use of public network for AZ to AZ gets charges, less if using private IP
- interregion cost
- use same AZ to maximize savings
AWS Savings Plan
- Commit certain $$ amount/hour for 1 or 3 years
- easiest way to set up long term commitments
- EC2 savings plan
- up to 72% discount
- commit to usage of individual instance families in a region
- regardless of AZ or tenancy
- all upfront, partial, or no upfront
- Computer savings plan
- up to 66% discount
- regardless of family, region, size, os, etc.
- EC2, fargate, lambda,
- Machine learning savings plan (SageMaker)
AWS Compute Optimizer
- reduce costs and improve performance by recommending optimal resources for workload
- Uses ML to analys workload and checks CloudWatch
- EC2, Autoscaling groups, EBS, Lambda
- Lower costs by 25%
- Export recommendations to S3
Billing and Costing Tools
- Estimating costs
- pricing calculator
- Tracking costs
- Billing dashboard
- Cost allocation tags
- Cost and Usage reports
- Cost explorer
- Monitoring
- Billing alarms
- budgets
AWS Pricing Calculator
https://calculator.aws
Cost Allocation Tags
- Track AWS costs on detailed level
- AWS generated tags
- automatically applied to created resources
- starts with prefix aws:
- user defined tags
- starts with prefix user:
AWS Cost Explorer
- Forecast usage up to 12 months based on prior usage
- visualize AWS cost and usage over time
- Create custom reports
- Choose best savings plan
AWS Resource Groups
- Create, maintain, and view resources with common tags
- manage using tag editor
CloudWatch billing alarms
- billing data stored in us-east-1
- data is for worldwide AWS cost
- actual, not projected
- simple alarm
AWS Budgets
- Create and send alarms
- Usage, Cost, Reservation, Savings Plans
- For RIs
- track ultilization
- support EC2, elastichache, RDS, redshift
- 5 SNS notifications per budget
- filter by service, tag, etc.
- 2 budgets free, then 0.02 per day per budget
Cost Anomaly Detection
- Monitor usage with ML
- You don’t have to define anything
- Send anomaly detection report with root cause
- Notifications through SNS per event, or daily/weekly
Service Quotas
- Notify when you are close to quota threshold
- CloudWatch alarms on the quotas console
- Example: Lambda concurrent executions
- request a quota increase or shutdown resource before limit is hit
Trusted Advisor
- Nothing to install
- Analyze on 6 categories
- Cost optimization
- performance
- security
- fault tolerance
- service limits
- operational excellence
AWS Basic Support
- Customer service & communities, 24x7 access to CS, documentation, forums
- Trusted advisor
- Personal health dashboard
AWS Developer Support Plan
- Basic support +
- Business hours emial access to cloud support associates
- Unlimited cases, 1 primary contact
- general guidance < 24 business hr
- system impair < 12 business hours
AWS Business Support Plan
- Production workload
- Full trusted advisor checks
24x7 phone, email, chat access to cloud support engineers - unlimited cases, unlimited contacts
- Prod impaired < 4hr
- prod sysrtem down < 1 hr
AWS Enterprise On-Ramp Support Plan
Business Support Plan +
* Access to TAM
* Concierge support team for billing and accout best practices
* Infrastructure event management, WAF
* Business critical system < 30 minutes
Enterprise Support Plan
Business Support Plan +
* Dedicatd TAM
* Concierge support team for billing and account best practices
* Infrastructure event management, WAF
* Business critical system < 15 minutes