10 Common AWS Mistakes & How to Avoid Them

Massive migration to the public cloud is changing architecture patterns, operating principles, and governance models. That means new approaches are vital to get a handle on soaring cloud spend. Because the cloud’s short-term billing cycles call for financial discipline, you must empower end-users to monitor the financial impact of their decisions and give them the tools to optimize for cost and good governance.  

Making the Right Decisions on AWS Using Data-Driven Approaches

On Wednesday, February 13, 2019, HyperGrid™ and CloudAcademy will host a webinar “Best Practices to Optimize Costs and Govern AWS at Scale” (register here in advance). We will take a closer look at key strategies to help you manage costs, continuously optimize, and govern AWS. We will also be addressing the common mistakes and how to use data-driven approaches to answer the questions we’ve outlined here in this post.

Upcoming Webinar Key Takeaways:
  • Get a close look at the top 10 common mistakes to avoid on AWS
  • How to implement strategies and best practices to continuously optimize, reduce costs, increase ROI, and avoid security and governance pitfalls
  • How to make data-driven decisions that take advantage of arbitrage opportunities within AWS

Let’s look at the top 10 mistakes made when managing resources on AWS:

1. Are you provisioning the capacity you need—no more, no less?

According to 451Research at HCTS Conference this year, it’s been reported that cost is the top enterprise pain point when operating in the cloud. We know that AWS EC2 instance types are sized and priced exponentially. With millions of sizing options and pricing points, choosing the wrong instance type can mean a major pricing premium—or worse, a substantial performance penalty!We see many organizations choose an instance type based on generic guidelines that do not take their specific requirements into account.

2. Do you continuously re-look at instance usage and costs?

AWS expands its choices regularly, so you need to dynamically re-evaluate as your business evolves. The cloud presents many arbitrage opportunities including instance families, generations, types, and regions—but trying to do this manually is a recipe for time-consuming frustration. Don’t fall victim to Instance Inertia: even though the process of making a change is simple enough, it can be difficult to accomplish without having any conclusive evidence of either cost gains or performance improvements.

3. Are there better alternatives to EC2 that can help you save?

AWS Serverless Computing (Lambda) gives you a DevOps-friendly, provision-free, highly scalable, and available ecosystem without having to build a supporting infrastructure in EC2. However, pricing uncertainty can make Lambda daunting for large-scale deployments and a poorly architected Lambda can cost more than its EC2 equivalent! So how do you analyze and optimize Lambda costs? For example, running 30 transactions per second —with each transaction having a runtime of one second consuming 1024MB of memory —will cost $1304.94 on Lambda. A c5.4xlarge instance could most likely run the same workload with similar performance and cost about a third of Lambda ($489.6 monthly).

4. Do you have unused reserved capacity on AWS?

Reservations can be the simplest way to optimize your AWS costs. But accuracy is key because unused reservations are an easy way to lose money in AWS. Worse: if you try to sell an unused RI on the Marketplace, AWS charges a fee, which can make up-front RIs more expensive to sell! Reservations are not guaranteed to be applied towards your bill and apply only if your utilization matches the terms of the reservation. They can only be purchased in 1- and 3-year variants; it can be hard to plan that accurately and that far in advance.

5. Are you regularly surprised with off-budget cloud bills?

Applications need to be modeled in their entirety, not mapped roughly to instances. Their interactions and network traffic between components must be captured and analyzed before making recommendations on placement. Lack of a holistic view of costs before deploying the whole application can lead to unwelcome pricing surprises. Cloud application-planning means taking into account such factors as network and data transfer costs and data durability. How can you ensure a durable deployment architecture without those pricing “wake-up calls” plus gain a placement that factors in details like data and network transfer costs and storage tiers?

6. Do you have an RI strategy?

Purchasing an RI is only the beginning; you should have a process in place to continuously monitor RI utilization and modify unused RIs (split/join or exchange convertible RIs) to maximize their usage. A common AWS billing model is a centralized account with consolidated billing, linked to autonomous accounts so individual accounts can purchase RIs based on their individual usage patterns. But when RIs purchased in an individual account—and not utilized by this account—can’t be reused, you’re risking wastage. Individual accounts may not be linked to each other. Price breaks due to reservations are isolated in individual accounts or accounts that are linked to it. This means unused RIs cannot be shared between accounts in this topology. How do you solve this impasse?

7. Are your developers aware of the financial impact of their decisions?

A new tool called AWS Organizations enables you to manage accounts on organizational boundaries. But many customers already have an account structure based on previous best practices. AWS customers use accounts as units of autonomy and as a security boundary between environments. But often, accounts are linked to VPCs and not to organizational or business units. This makes it hard to create a linkage between spend and business initiatives. How can you ensure that your users have a path to the most cost-efficient choices?

8. Are you managing costs proactively—or risking a shock?

Managing costs is a challenge when spend can balloon past initial projections—and yet be overlooked until it’s too late. If you wait until the end of the monthly AWS billing cycle to see utilization, you may be unpleasantly surprised, and lose the ability to address problems as they occur. Customers who rely on the AWS billing cycle are almost guaranteed to be shocked by the bill when it arrives. Proactive cost management is critical to the ability to maintain good cost governance in the cloud. And that means empowering your users to monitor the financial impact of their decisions, as well as giving them the tools to optimize costs. So how can you manage costs proactively?

9. Are you enforcing end-user accountability?

AWS Cost Governance Best Practices state, “Your organization should emphasize the creation of clear, effective policies and governance mechanisms around cloud deployment, usage, and cost responsibility.”But this can often be at odds with the autonomy that individual users expect to procure, enable, and disable resources at will, without first having to go through a central process for approval. Focusing on cost management and accountability is “back end policy,” after the spend has been incurred. But good cloud governance means enforcing proactive “front end policy” as well, to ensure that any deviations from the norm are addressed as early as possible.For good cloud governance, your end-users need to be accountable for their own costs, plus they need the tools to optimize. AWS Budgets helps you assign budgets, but it’s a monitoring solution and not an enforcement tool. How do you enforce proactive policies and address deviations from the norm as early as possible?

10. Do you share responsibility organization-wide for security with your end users?

By giving your users autonomy to operate in the cloud, but without sharing the responsibility of security with them, you are creating the same security bottlenecks as found in on-premise data centers. A centralized team, far removed from the details of the applications, will inevitably create a perimeter-based security model—which we know is not applicable to the cloud. AWS operates on a shared responsibility model. But end-users are often unaware of security concerns and rely on centralized audits to highlight issues. That lack of awareness is a major roadblock in achieving a shared security model. For transparency and compliance, your end-users need visibility into the security impact of their activities. Can you give them the right tools for that?

A well-thought-out AWS strategy is crucial to your long-term cloud gains.

Register for the webinar to learn best practices for AWS and how to avoid common mistakes

Get a deeper dive into how you can achieve successful, cost-effective cloud operations. Webinar attendees will also receive a complimentary copy of our eBook, 10 Strategies to Manage Costs and Optimize AWS. Come with questions regarding AWS cost and governance we may help answer. We look forward to seeing you then!   

Register Now for the Webinar on Wed., Feb. 13, 2019 at 10 A.M. Pacific Time

About Badri Venkatachari

Badri Venkatachari leads product management and product marketing at HyperGrid. He joined HyperGrid from Microsoft where he managed the StorSimple business, which was a highly successful acquisition that Microsoft made in 2012. His team was responsible for rapidly growing the hybrid cloud storage business and expanding its market reach to more than 60 countries. His responsibilities included product management & marketing, business strategy, GTM, ISV/resale partnerships, and supply-chain planning and fulfillment. Prior to Microsoft, he led product and partner marketing at StorSimple through its acquisition and led post-acquisition integration efforts coordinating across multiple teams. He has also held senior roles in corporate strategic & financial advisory, product management and R&D for distributed systems in Turin Networks, ADC and Novell. Badri has an MBA from Kellogg School of Management. He also holds Masters degrees in Computer Science from Worcester Polytechnic Institute and in Physics from BITS, Pilani, India.

Badrinath Venkatachari

Written by

Badrinath Venkatachari

Badri Venkatachari leads product management and product marketing at HyperGrid. He joined HyperGrid from Microsoft where he managed the StorSimple business, which was a highly successful acquisition that Microsoft made in 2012. His team was responsible for rapidly growing the hybrid cloud storage business and expanding its market reach to more than 60 countries. His responsibilities included product management & marketing, business strategy, GTM, ISV/resale partnerships, and supply-chain planning and fulfillment. Prior to Microsoft, he led product and partner marketing at StorSimple through its acquisition and led post-acquisition integration efforts coordinating across multiple teams. He has also held senior roles in corporate strategic & financial advisory, product management and R&D for distributed systems in Turin Networks, ADC and Novell. Badri has an MBA from Kellogg School of Management. He also holds Masters degrees in Computer Science from Worcester Polytechnic Institute and in Physics from BITS, Pilani, India.


Related Posts

Avatar
Stuart Scott
— October 16, 2019

AWS Security: Bastion Host, NAT instances and VPC Peering

Effective security requires close control over your data and resources. Bastion hosts, NAT instances, and VPC peering can help you secure your AWS infrastructure. Welcome to part four of my AWS Security overview. In part three, we looked at network security at the subnet level. This ti...

Read more
  • AWS
Avatar
Sudhi Seshachala
— October 9, 2019

Top 13 Amazon Virtual Private Cloud (VPC) Best Practices

Amazon Virtual Private Cloud (VPC) brings a host of advantages to the table, including static private IP addresses, Elastic Network Interfaces, secure bastion host setup, DHCP options, Advanced Network Access Control, predictable internal IP ranges, VPN connectivity, movement of interna...

Read more
  • AWS
  • best practices
  • VPC
Avatar
Stuart Scott
— October 2, 2019

Big Changes to the AWS Certification Exams

With AWS re:Invent 2019 just around the corner, we can expect some early announcements to trickle through with upcoming features and services. However, AWS has just announced some big changes to their certification exams. So what’s changing and what’s new? There is a brand NEW ...

Read more
  • AWS
  • Certifications
Alisha Reyes
Alisha Reyes
— October 1, 2019

New on Cloud Academy: ITIL® 4, Microsoft 365 Tenant, Jenkins, TOGAF® 9.1, and more

At Cloud Academy, we're always striving to make improvements to our training platform. Based on your feedback, we released some new features to help make it easier for you to continue studying. These new features allow you to: Remove content from “Continue Studying” section Disc...

Read more
  • AWS
  • Azure
  • Google Cloud Platform
  • ITIL® 4
  • Jenkins
  • Microsoft 365 Tenant
  • New content
  • Product Feature
  • Python programming
  • TOGAF® 9.1
Avatar
Stuart Scott
— September 27, 2019

AWS Security Groups: Instance Level Security

Instance security requires that you fully understand AWS security groups, along with patching responsibility, key pairs, and various tenancy options. As a precursor to this post, you should have a thorough understanding of the AWS Shared Responsibility Model before moving onto discussi...

Read more
  • AWS
  • instance security
  • Security
  • security groups
Avatar
Jeremy Cook
— September 17, 2019

Cloud Migration Risks & Benefits

If you’re like most businesses, you already have at least one workload running in the cloud. However, that doesn’t mean that cloud migration is right for everyone. While cloud environments are generally scalable, reliable, and highly available, those won’t be the only considerations dri...

Read more
  • AWS
  • Azure
  • Cloud Migration
Joe Nemer
Joe Nemer
— September 12, 2019

Real-Time Application Monitoring with Amazon Kinesis

Amazon Kinesis is a real-time data streaming service that makes it easy to collect, process, and analyze data so you can get quick insights and react as fast as possible to new information.  With Amazon Kinesis you can ingest real-time data such as application logs, website clickstre...

Read more
  • amazon kinesis
  • AWS
  • Stream Analytics
  • Streaming data
Joe Nemer
Joe Nemer
— September 6, 2019

Google Cloud Functions vs. AWS Lambda: The Fight for Serverless Cloud Domination

Serverless computing: What is it and why is it important? A quick background The general concept of serverless computing was introduced to the market by Amazon Web Services (AWS) around 2014 with the release of AWS Lambda. As we know, cloud computing has made it possible for users to ...

Read more
  • AWS
  • Azure
  • Google Cloud Platform
Joe Nemer
Joe Nemer
— September 3, 2019

Google Vision vs. Amazon Rekognition: A Vendor-Neutral Comparison

Google Cloud Vision and Amazon Rekognition offer a broad spectrum of solutions, some of which are comparable in terms of functional details, quality, performance, and costs. This post is a fact-based comparative analysis on Google Vision vs. Amazon Rekognition and will focus on the tech...

Read more
  • Amazon Rekognition
  • AWS
  • Google Cloud Platform
  • Google Vision
Alisha Reyes
Alisha Reyes
— August 30, 2019

New on Cloud Academy: CISSP, AWS, Azure, & DevOps Labs, Python for Beginners, and more…

As Hurricane Dorian intensifies, it looks like Floridians across the entire state might have to hunker down for another big one. If you've gone through a hurricane, you know that preparing for one is no joke. You'll need a survival kit with plenty of water, flashlights, batteries, and n...

Read more
  • AWS
  • Azure
  • Google Cloud Platform
  • New content
  • Product Feature
  • Python programming
Joe Nemer
Joe Nemer
— August 27, 2019

Amazon Route 53: Why You Should Consider DNS Migration

What Amazon Route 53 brings to the DNS table Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service offered by AWS. It is named by the TCP or UDP port 53, which is where DNS server requests are addressed. Like any DNS service, Route 53 handles domain regist...

Read more
  • Amazon
  • AWS
  • Cloud Migration
  • DNS
  • Route 53
Alisha Reyes
Alisha Reyes
— August 22, 2019

How to Unlock Complimentary Access to Cloud Academy

Are you looking to get trained or certified on AWS, Azure, Google Cloud Platform, DevOps, Cloud Security, Python, Java, or another technical skill? Then you'll want to mark your calendars for August 23, 2019. Starting Friday at 12:00 a.m. PDT (3:00 a.m. EDT), Cloud Academy is offering c...

Read more
  • AWS
  • Azure
  • cloud academy content
  • complimentary access
  • GCP
  • on the house