Section 18: Account Management, Billing & Support Flashcards
What is AWS Organization?
AWS Organizations allow for the management of multiple AWS accounts. (global service, master account, cost benefits, API, SCP)
Describe attributes of AWS Organizations
- Global Service
- Manage multiple AWS accounts
- Main account is master
- Cost Benefits
- Consolidate Billing across all accounts
- Pricing benefits from aggregated usage
- Pooling of Reserved EC2 instances
- API ( automate AWS account creation)
- Restrict account privileges using Service Control Policies (SCP)
Describe a Multi Account Strategy
- accounts per department, per cot center, env, regulatory , separate per-account service limits, isolated account for logging
- Use tagging for billing
- Enable CloudTrail to central S3
- Send CloudWatch Logs to central
What is a Service control Policies?
Service Control Policies (SCP) is a policy applied to OU or Account level that allow or deny actions within an account. The actions applies to all Users and Roles of the Account (inc Root). It doesn’t apply to Master Account.
Attributes of Service Control Policies (SCP)
- Whitelist or blacklist IAM actions
- Applied at the OU or Account level
- does not apply to Master Account
- SCP is applied to all the Users and Roles of the Account inc Root
- SCP does not affect service-linked toles
- SCP must have an explicit Allow
- Applied as hierarchy
How does AWS Organization Consolidated Billing work?
- Needs to be enabled
- Combined Usage - combine usage across all to share volume pricing, reserved instances and savings plan discount
- One Bill
- Management account can turn off Reserved Instance discount sharing for any OU
What is AWS Control Tower?
Easy way to set up and govern a secure and compliant _multi-account AWS environmen_t based on best practices. Control Tower automatically sets up AWS Organization to organize accounts and implement SCP.
What are the benefits of AWS Control Tower?
- Automate the set up of your environment in a few clicks
- automate ongoing policy management using guardrails
- Detect policy violations and remediate them
- Monitor compliance through an interactive dashboard
What are the 4 pricing models?
- Pay as you go
- Save when you reserve
- Pay less by using more
- Pay less as AWS grows
What are the free services & free tier in AWS?
- IAM
- VPC
- Consolidated Billing
- pay res created
- Elastic Beanstalk
- CloudFormation
- Auto Scaling Groups
- Free Tier
- EC2 t2.micro for a year
- S3, EBs, ELB, AWS data Transfer
Discuss Compute Pricing EC2 Parameters?
- Only charged for what you use
- Number of instances
- Instance configuration
- Capacity
- Region
- OS and software
- Instance type
- Instance size
- ELB running time and amount of data processed
- Detailed monitoring
Discuss Compute Pricing - EC2 types
- On-demand instances
- Minimum for 60s
- Pay per seconds or per hour
- Reserved Instances
- Up to 75% discount compare to hourly rate
- 1 or 3 years
- All upfront, partial upfront, no upfront
- Spot instance
- 90% discount
- Bid for unused capacity
- Dedicated Host
- On-demand
- 1 or 3 years
- Savings plans as an alt to save on sustained usage
Discuss Compute Pricing - Lambda
Pay per call
Pay per duration
Discuss Compute Pricing - ECS
- ECS
- EC2 Launch Type Model
- No additional fees, you pay for AWS resources stored and created in your application
- Fargate
- Fargate Launch Type Model
- Pay for vCPU and memory resources allocated to your applications in your containers
What are the S3 Storage classes?
- S3 Standard
- S3 Infrequent Access
- S3 One-Zone IA
- S3 Intelligent Tiering
- S3 Glacier
- S3 Glacier Deep Archive
