This blog focuses on creating Organizations in AWS Cloud and Managing cost within your organization. I will be covering the fundamentals of AWS Organizations, AWS Billing Dashboard, AWS Cost Explorer and AWS budgets.
As you begin to expand with multiple accounts, it will become increasingly more difficult to manage them as separate entities. The more accounts you have, the more distributed your environment becomes and the associated security risks and exposures increase and multiply.
AWS Organizations provide a means of centrally managing and categorizing multiple AWS accounts that you own, bringing them together into a single organization, which helps to maintain your AWS environment from a security, compliance, and account management perspective.
AWS Organizations uses the following components to help you manage your accounts:
- An Organization is an element that serves to form a hierarchical structure of multiple AWS accounts=
- The Root object is simply a container that resides at the top of your Organization. All of your AWS accounts and Organizational units will then sit underneath this Root. Within any Organization, there will only be one single Root object.
- Organizational Units (OUs) provide a means of categorizing your AWS Accounts. This allows you to create a hierarchical structure.
- Accounts, they are your AWS accounts that you use and create to be able to configure and provision AWS resources.
- Service control policies(SCPs) allow you to control what services and features are accessible from within an AWS account.
Q.What benefits can this bring to your AWS environment?
The ability to centrally manage multiple Accounts from a single AWS account, known as the master account. You can start by inviting your existing accounts to an Organization and then create new accounts directly from the Master Account. Along with the following benefits,
- Greater control of your AWS environment.
- Consolidated Billing.
- Categorization and grouping of accounts.
Q.How to set it up?
Setting up an organization is a very simple process that starts from a master AWS account. It’s best practice to use this AWS account solely as a master account, and not to use it to provide any other resources such as EC2 instances. This allows you to restrict access to the master account at a greater level.
Once you have selected your AWS account to be used as a master account, you can create an organization. From here, you have two choices when creating an organization type:
- Enable all features or enable only consolidated billing. If you want to set up service control policies, then you need to select enable all features.
- The second option allows you to control payments and manage costs centrally from that master account across all associated AWS accounts within the organization.
Q.How are SCPs different from both identity-based and resource-based policies?
The SCP would serve to prevent that service from being used within the AWS account and so have the overriding precedence and determine the maximum level of permissions allowed.
Characteristics of Service Control Policies.
- SCPs do not affect resource-based policies.
- SCPs affect all users and roles, in addition to the root user.
The following elements are not affected by SCPs:
- Any actions performed by the master account, SCPs do not affect service-linked roles, and managing Amazon CloudFront keys.
For more information about Organizations in AWS Cloud,
Cost and Management:
AWS offers multiple cost management services that can help you migrate to AWS, check recent costs, analyze your long-term spending trends, monitor or limit your spending, or simplify your billing process. There are also several customer support plans to assist you, depending on your level of need. The different plans offer
- Access to online resources,
- Minor technical assistance,
- Assistance maintaining your business’s production environments,
- Troubleshooting business-critical production environments.
1.Total Cost of Ownership (TCO) Calculator:
The TCO Calculator is a free service to help compare on-premise and AWS costs. With the TCO Calculator, you can quickly compare the costs of on-premise hardware to running your production environments on the AWS Cloud.
The TCO Calculator creates a report after you complete a very short questionnaire. Once you have provided this information, the TCO Calculator creates a report with the following: an overall estimate of savings by using AWS, a comparison of your potential on-premise and AWS systems, and detailed cost comparison between the two systems.
The Billing Dashboard provides graphs that show the overall cost and usage for the previous month, as well as the current month to date. There are separate graphs,
- Spend Summary Graph. It shows the costs for the previous month, the current month to date, and estimates your total spent for the current month-end.
- The other graphs are month-to-date service by spend and month-to-date spend by service.
3.AWS Cost Explorer:
Cost Explorer also provides spending and usage data but for a longer period of time and with a wider selection of graphs to review the data. Cost Explorer provides several different services,
- It graphs historic data for up to 12 months.
- It provides forecasts for up to three months in the future.
- It provides Reserved Instance Recommendations.
AWS Budgets allow you to set service limits and alert you if you exceed them. There are three types of budgets available.
- Cost budgets, which set a cost limit for a service.
- Usage budgets, which limit service usage.
- Reserved Instance Utilization Budgets, these budgets ensure your reserved instances are operating at their desired levels.
For more information about Cost and Management in AWS Cloud,
Let me know where i could improve?