Cost management in the cloud is a never-ending exercise for operation managers. Fortunately, there are some tools which can help companies get started in the right direction. Let’s take a closer look at them.
In part 1 of our three-part series, we introduced some of the AWS billing and reporting tools. We saw how those tools can be used to understand infrastructure spending at a more granular level. Some of the reports can be loaded into third-party analytical tools for further analysis.
As companies start to analyze their spending patterns from billing reports, they start thinking about optimization. The big questions they try to answer include the following broad categories:
- How can we keep our spending within a reasonable limit?
- How can we start optimizing costs? Where do we start?
- How can we forecast future spending?
In this part of the series, we will introduce some of the cost management tools already available from AWS that can help answer some of these important questions.
Creating Billing Alerts
One of the first things companies need to do after transitioning to AWS is enabling billing alerts. AWS billing alerts enable us to set a threshold for monthly spending and receive notifications when spending exceeds that threshold.
This is proactive cost monitoring. If there is a consistent pattern of billing alerts every month, it means either the threshold (and perhaps the infrastructure budget) is too low for the normal, expected workload, or there is a good argument for scaling back current resource consumption.
An early response to billing alerts means there are no nasty surprises at the end of the month when the company credit card is charged.
Billing alerts can be enabled from the AWS Billing and Cost Management console’s Preferences tab. Once enabled, it can’t be deactivated. In the image below, we have enabled this feature:
Once enabled, you can create an alert from the AWS CloudWatch console. Billing alerts can be created only from the US-East (North Virginia) region; however its monitoring would include costs from resources running in every region. If you try to create a billing alert from CloudWatch in any other region, you will receive a message like this:
In the image below, we are creating a billing alarm from the CloudWatch console in US-East region. As you can see, billing alarms can be based on:
- Estimated total charge for the current account.
- Estimated total charge for one or more linked accounts.
- Estimated charges for one or more AWS service consumed by the current account.
- Estimated charges for one or more AWS service consumed by one or more linked accounts.
Here, we are interested in the total estimated charge in USD for the current account. In the alert definition, we are setting up a threshold of US $1,000 and want CloudWatch to send us an alert when the current month’s spending goes above that limit.
We had to create an SNS topic called AWS_Billing_Notification first and confirm its subscription before creating the alarm. In this case, the SNS topic would send notifications to an e-mail subscription, which could be our accounts payable department.
Also, note how CloudWatch lets us perform an auto-scaling operation in response to the alarm. This can be useful for specific use cases. For example, if we are running a busy site during a particular campaign or promotion season, we could be using multiple servers in a farm to keep up with higher-than-normal traffic.
Not surprisingly, this would also mean extra spending. However, we would want to keep the spending within our limit as well. With billing alerts, we can use auto scaling actions where the number of servers in the farm would be reduced once the spending hits the US$ 1,000 mark.
Once set up, the monitoring is automatic. Every time the spending threshold is reached, an e-mail like the following would be sent to the address specified:
You are receiving this email because your estimated charges are greater than the limit you set for the alarm "AWS-EstimatedCharges-Alarm" in AWS Account XXXXXXXXXXXX. The alarm limit you set was $ 1000.00 USD. Your total estimated charges accrued for this billing period are currently $ 1020.26 USD as of Thursday 16 June, 2016 17:37:52 UTC. The actual charges you will be billed in this statement period may differ from the charges shown on this notification. For more information, view your estimated bill at: https://console.aws.amazon.com/billing/home#/bill?year=2016&month=6 More details about this alarm are provided below: --- Amazon CloudWatch Alarm "AWS-EstimatedCharges-Alarm" in the US East - N. Virginia region has entered the ALARM state, because "Threshold Crossed: 1 datapoint (1020.26) was greater than or equal to the threshold (1000.0)." at "Thursday 16 June, 2016 17:37:52 UTC". View this alarm in the AWS Management Console: https://console.aws.amazon.com/cloudwatch/home?region=us-east-1#s=Alarms&alarm=AWS-EstimatedCharges-Alarm Alarm Details: - Name: AWS-EstimatedCharges-Alarm - Description: CloudWatch Alarm for Estimated Charges - State Change: OK -> ALARM - Reason for State Change: Threshold Crossed: 1 datapoint (1020.26) was greater than or equal to the threshold (1000.0). - Timestamp: Thursday 16 June, 2016 17:37:52 UTC - AWS Account: XXXXXXXXXXXX Threshold: - The alarm is in the ALARM state when the metric is GreaterThanOrEqualToThreshold 1000.00 for 21600 seconds. Monitored Metric: - MetricNamespace: AWS/Billing - MetricName: EstimatedCharges - Dimensions: [Currency = USD] - Period: 21600 seconds - Statistic: Maximum - Unit: not specified State Change Actions: - OK: - ALARM: [arn:aws:sns:us-east-1:XXXXXXXXXXXX:AWS_Billing_Notification] - INSUFFICIENT_DATA:
Closely related to billing alerts are budgets. This is a comparatively new feature and also available from the Billing and Cost Management console. Budgets in AWS serve the same purpose as they do in our daily lives.
They’re a way to pre-allocate funding for your AWS spending and allow for monitoring the actual usage against the allocated value.
Like billing alerts, the budgeting feature needs to be enabled first (see below) and once enabled, you cannot turn it off.
In the image below, we are creating a budget for an AWS account. The wizard is fairly simple:
- We are budgeting for two specific services: namely, EC2 instances and EBS volumes.
- We are budgeting for the next six months (June to December).
- We have a budget of $1,500 per month to spend for these services.
- We would like to be notified when our actual spending has gone 2% over our budgeted amount.
- We would like to be notified when our forecasted spending goes 2% over our budgeted amount.
- The alarm notification should be sent to our accounts payable department’s e-mail address (behind the scene, AWS creates a CloudWatch alarm for this).
Once the budget is created, it’s visible from the Budget console. Notice how the status bar gives a visual representation of current spending against the budgeted value.
Individual AWS services apart, you can create budgets for the following categories:
- Specific API operation(s) against an AWS service: for example, you can budget for S3 PutObject requests.
- Availability Zone: For example, your primary data center in ap-southeast-2a should have more costs allocated than ap-southeast-2b and ap-southeast-2c. You can budget for low spending in those two AZs.
- Linked accounts: If each department or business unit in your company has a separate AWS account, you can link them all to a master account which pays the consolidated bill at the end of the month. Using this feature, you can set budgets for each linked account.
- Purchase option: With this type of budget you can decide how much you want to spend on on-demand instances and reserved instances.
- Tag: You can budget for resources with a specific tag. For example, if each resource used in your development environment has a type tag of “DEV”, you can use that tag in the budget. That way you can budget for your development infrastructure. Another example could be a tag which identifies the business owner of a resource, say the marketing department. Using that tag, you may want to budget for the marketing department’s resource usage during a campaign season.
A few more things to be mindful about budgets:
- By default, only two budgets are allowed per account. In our opinion, this is fairly restrictive.
- Once a budget is created, it can’t be modified, it can only be deleted. This is restrictive as well.
- With notification options (actual or forecasted spending against budgeted value), AWS creates necessary CloudWatch alarms and associated SNS topics behind the scene. However, these alarms are subject to AWS account limits. By default, an AWS account can have ten alarms per month for free. If you already have a large number of alarms configured, the budget alarms may actually cost you extra charges.
Cost Allocation Tags
While budgets and alerts can help keep costs down, cost allocation tags enable IT departments to apportion the total AWS bill to various internal and external customers. The traditional IT shop usually hosts a number of resources for different costs centers (sales, marketing, finance, corporate apps, HR etc.), projects or teams (application developers, business analysts, service desk or training). Specific tags can be added to each of these resources to identify or associate them with specific business owner or purpose.
For example, an EC2 instance can have two tags: “Owner” and “Environment” with values of say, “HR” and “Production” respectively. When cost allocation tags are enabled, AWS will generate a cost allocation report with the total monthly bill broken down by the enabled tags. This is a CSV file created in an S3 bucket. In this particular example, if both the “Owner” and “Environment” tags are enabled, the report can show what IT should be charging back HR for hosting their production server.
In the image below, we can see three tags are enabled for cost allocation report.
We have now seen how to create a threshold and a budget for limiting our spending in the AWS cloud and how to proactively recoup infrastructure costs from customers consuming IT services. As we will see in the next and final part of this series, there are more sophisticated tools available for identifying optimization opportunities and take advantage of price reductions from AWS.
Read part 3 now!
New Content: Platforms, Programming, and DevOps – Something for Everyone
This month our team of expert certification specialists released three new or updated learning paths, 16 courses, 13 hands-on labs, and four lab challenges! New content on Cloud Academy You can always visit our Content Roadmap to see what’s just released as well as what’s coming soon....
Mastering AWS Organizations Service Control Policies
Service Control Policies (SCPs) are IAM-like policies to manage permissions in AWS Organizations. SCPs restrict the actions allowed for accounts within the organization making each one of them compliant with your guidelines. SCPs are not meant to grant permissions; you should consider ...
New Content: Focus on DevOps and Programming Content this Month
This month our team of expert certification specialists released 12 new or updated learning paths, 15 courses, 25 hands-on labs, and four lab challenges! New content on Cloud Academy You can always visit our Content Roadmap to see what’s just released as well as what’s coming soon. Ja...
New Content: Get Ready for the CISM Cert Exam & Learn About Alibaba, Plus All the AWS, GCP, and Azure Courses You Know You Can Count On
This month our team of intrepid certification specialists released five learning paths, seven courses, 19 hands-on labs, and three lab challenges! One particularly interesting new learning path is Certified Information Security Manager (CISM) Foundations. After completing this learn...
Which Certifications Should I Get?
The old AWS slogan, “Cloud is the new normal” is indeed a reality today. Really, cloud has been the new normal for a while now and getting credentials has become an increasingly effective way to quickly showcase your abilities to recruiters and companies. With all that in mind, the s...
The 12 AWS Certifications: Which is Right for You and Your Team?
As companies increasingly shift workloads to the public cloud, cloud computing has moved from a nice-to-have to a core competency in the enterprise. This shift requires a new set of skills to design, deploy, and manage applications in cloud computing. As the market leader and most ma...
AWS Certified Solutions Architect Associate: A Study Guide
Want to take a really impactful step in your technical career? Explore the AWS Solutions Architect Associate certificate. Its new version (SAA-C02) was released on March 23, 2020. The AWS Solutions Architect - Associate Certification (or Sol Arch Associate for short) offers some ...
New Content: AWS Terraform, Java Programming Lab Challenges, Azure DP-900 & DP-300 Certification Exam Prep, Plus Plenty More Amazon, Google, Microsoft, and Big Data Courses
This month our Content Team continues building the catalog of courses for everyone learning about AWS, GCP, and Microsoft Azure. In addition, this month’s updates include several Java programming lab challenges and a couple of courses on big data. In total, we released five new learning...
Where Should You Be Focusing Your AWS Security Efforts?
Another day, another re:Invent session! This time I listened to Stephen Schmidt’s session, “AWS Security: Where we've been, where we're going.” Amongst covering the highlights of AWS security during 2020, a number of newly added AWS features/services were discussed, including: AWS Audit...
AWS re:Invent: 2020 Keynote Top Highlights and More
We’ve gotten through the first five days of the special all-virtual 2020 edition of AWS re:Invent. It’s always a really exciting time for practitioners in the field to see what features and services AWS has cooked up for the year ahead. This year’s conference is a marathon and not a...
WARNING: Great Cloud Content Ahead
At Cloud Academy, content is at the heart of what we do. We work with the world’s leading cloud and operations teams to develop video courses and learning paths that accelerate teams and drive digital transformation. First and foremost, we listen to our customers’ needs and we stay ahea...
Excelling in AWS, Azure, and Beyond – How Danut Prisacaru Prepares for the Future
Meet Danut Prisacaru. Danut has been a Software Architect for the past 10 years and has been involved in Software Engineering for 30 years. He’s passionate about software and learning, and jokes that coding is basically the only thing he can do well (!). We think his enthusiasm shines t...