Amazon Web Services is a simple, robust, agile, and easy-to-use cloud infrastructure platform. The technical support team is terrific and accommodating. AWS offers many specialized support options, including business support and free basic support. This also provides new users free credits so they can test this out first. The cost structure of this cloud platform is straightforward and offers discount offers and saving plans using which we manage to cut down the cloud cost. The flexibility is fantastic. You can buy instances at any time. The dashboard or the console of AWS is very lovely and offers all the advanced and basic details related to the AWS account. This article will review many billing and support concepts to be aware of when using Amazon Web Services.
AWS Organizations is an account management service that lets you consolidate multiple AWS accounts into an organization that you create and centrally manage. With Organizations, you can create member accounts and invite existing accounts to join your organization. The purpose of AWS Organizations is to Automate AWS account creation and management and provide resources with AWS CloudFormation Stack sets. An organization gathers billing information from all member accounts into a single AWS bill. Multiple organizations might be required if you have use cases where different sets of accounts require separate bills or payments. Ten is the maximum number of accounts allowed in an organization. You can request an increase using the Service Quotas console if you need more. An invitation sent to an account counts against this quota. AWS Organizations can help a large company that has multiple departments. Say each department has its own AWS account and each department has purchased Amazon EC2 Reserved Instances. Some departments do not use all the Reserved Instances that they purchased, and other departments need more Reserved Instances than they purchased. AWS Organizations helps the company manage the AWS accounts for all the departments so that the departments can share the Reserved Instances. For an application cannot sustain any interruption and experiences a predictable amount of usage, including some seasonal spikes that last only a few weeks at a time, a company can buy Reserved Instances for the predicted amount of usage throughout the year and allow any seasonal usage to run at an On-Demand rate for an application that runs on Amazon EC2 and Amazon RDS. Standard Reserved Instances is the most cost effective for a company that has a database server that is always running and hosts the server on Amazon EC2 instances. The instance sizes are suitable for the workload and will run for 1 year.
• Global service
• Allows managing multiple AWS accounts • The main account is the master account
• Cost Benefits:
• Consolidated Billing across all accounts – single payment method. Consolidated billing helps reduce costs for a company that has multiple AWS accounts because It aggregates usage across accounts so that the company can reach volume discount thresholds sooner.
• Pricing benefits from aggregated usage (volume discount for EC2, S3…) • Pooling of Reserved EC2 instances for optimal savings
• API is available to automate AWS account creation
• Restrict account privileges using Service Control Policies (SCP)
• Create accounts per department, per cost center, per dev/test/prod, based on regulatory restrictions (using SCP), for better resource isolation (ex: VPC), to have separate per-account service limits, isolated account for logging
• Multi Account vs. One Account Multi VPC
• Use tagging standards for billing purposes
• Enable CloudTrail on all accounts, send logs to the central S3 account
• Send CloudWatch Logs to the central logging account
Consolidated billing puts all AWS costs on a single invoice to simplify payment, and details the costs that each department is incurring when it has several departments, each with its own AWS accounts for their applications.
- Cloud Administration – AWS Organizations – Amazon (aws.amazon.com)
- What is AWS Organizations? – AWS Organizations (docs.aws.amazon.com)
- AWS Organizations – A Complete Guide | Towards the Cloud (towardsthecloud.com)
- What Is AWS Organizations? How It Works & Best Practices (www.bmc.com)
- AWS Organizations | AWS Cheat Sheet – Donuts (digitalcloud.training)
- AWS Account Structure: Think twice before using AWS Organizations (cloudonaut.io)
Service Control Policies
• Whitelist or denylist IAM actions
• Applied at the OU or Account level
• Does not apply to the Master Account
• SCP is applied to all the Users and Roles of the Account, including Root user
• The SCP does not affect service-linked roles
• Service-linked roles enable other AWS services to integrate with AWS Organizations and can’t be restricted by SCPs.
• SCP must have an explicit Allow (does not allow anything by default)
• Use cases:
• Restrict access to certain services (for example: can’t use EMR) • Enforce PCI compliance by explicitly disabling services
Service control policies (SCPs) can be used to limit access to AWS services for member accounts for a global media company that uses AWS Organizations to manage multiple AWS accounts. Service control policies (SCPs) manage permissions for AWS Organizations.
AWS Control Tower
AWS Control Tower is a service that enables you to enforce and manage governance rules for security, operations, and compliance at scale across all your organizations and accounts in the AWS Cloud. While AWS Organizations enables you to manage your environment across multiple accounts centrally, AWS Control Tower automates many steps required to build your domain and govern at scale. AWS Control Tower offers the easiest way to set up and manage a secure, multi-account AWS environment. It establishes a landing zone based on best-practices blueprints and enables governance using guardrails you can choose from a pre-packaged list.
• Easy way to set up and govern a secure and compliant multi-account AWS environment based on best practices
• Automate the setup of your environment in a few clicks
• Automate ongoing policy management using guardrails • Detect policy violations and remediate them
• Monitor compliance through an interactive dashboard
• AWS Control Tower runs on top of AWS Organizations:
• It automatically sets up AWS Organizations to organize accounts and implement SCPs (Service Control Policies)
- AWS Control Tower – govern a new secure, multi (aws.amazon.com)
- What Is AWS Control Tower? – AWS Control Tower (docs.aws.amazon.com)
- What is AWS Control Tower? – Donuts (digitalcloud.training)
- A Deep Dive into AWS Control Tower—An Innovative Multi (caylent.com)
- AWS Organizations vs. Control Tower – LinkedIn (www.linkedin.com)
- The Advantages of AWS Control Tower – missioncloud.com (www.missioncloud.com)
- Why you need AWS Control Tower for multiple AWS accounts (www.nclouds.com)
Amazon Cloud Pricing Models
There are three fundamental drivers of cost with AWS: compute, storage, and outbound data transfer. AWS offers you a pay-as-you-go approach for pricing for the vast majority of our cloud services. With AWS, you pay only for the individual services you need, for as long as you use them, and without requiring long-term contracts or complex licensing. Amazon EC2 is free to try. There are multiple ways to pay for Amazon EC2 instances: On-Demand, Savings Plans, Reserved Instances, and Spot Instances. You can also pay for Dedicated Hosts, which provide EC2 instance capacity on physical servers dedicated for your use.
• Pay as you go: pay for what you use, remain agile and responsive, and meet scale demands. AWS has the ability to achieve lower pay-as-you-go pricing by aggregating usage across hundreds of thousands of users thanks to High economies of scale.
• Save when you reserve: minimize risks, predictably manage budgets, comply with long-term requirements. If a company has a set of databases that are stored on premises and wants to bring its existing Microsoft SQL Server licenses when the company moves the databases to run on Amazon EC2 instances, they should use the Dedicated Hosts purchasing option to meet the requirements.
• Reservations are available for EC2 Reserved Instances, DynamoDB Reserved Capacity, ElastiCache Reserved Nodes, RDS Reserved Instance, Redshift Reserved Nodes
• Pay less by using more: volume-based discounts
• Pay less as AWS grows
AWS Savings Plan
Savings Plans is a flexible pricing model offering lower prices than On-Demand pricing in exchange for a specific usage commitment (measured in $/hour) for one or three years. AWS offers three types of Savings Plans – Compute Savings Plans, EC2 Instance Savings Plans, and Amazon SageMaker Savings Plans. Reserved Instances are based on the commitment to use an instance at a particular price over a specific period. Savings Plans are based on the promise to spend a specific dollar amount per hour over a certain period. EC2 Spot instances are discounted up to 90%, depending on which EC2 instance type, AWS region, and Availability Zone you select. On average, you’ll find savings between 50 and 70%. Spot instances are billed per second, with a minimum of one minute.
• Commit a certain $ amount per hour for 1 or 3 years
• Easiest way to setup long-term commitments on AWS
• EC2 Savings Plan
• Up to 72% discount compared to On-Demand
• Commit to the usage of individual instance families in a region (e.g., C5 or M5) • Regardless of AZ, size (m5.xl to m5.4xl), OS (Linux/Windows), or tenancy • All upfront, partial upfront, no upfront
• Compute Savings Plan
Spot Instances can provide a company with a cost-effective option when running its applications in an Amazon EC2 instance for short time periods if the applications can be interrupted.
• Up to 66% discount compared to On-Demand
• Regardless of Family, Region, size, OS, tenancy, compute options • Compute Options:EC2, Fargate, Lambda
• Machine Learning Savings Plan: SageMaker
• Setup from the AWS Cost Explorer console
Savings Plans are the most cost-effective instance purchasing option for a company launching an ecommerce application that must always be available and runs on Amazon EC2 instances continuously for the next 12 months. A company that needs to graphically visualize AWS billing and usage over time as well as needs information about its AWS monthly costs can use Cost Explorer for this task.
AWS Compute Optimizer
AWS Compute Optimizer is a service that analyzes the configuration and utilization metrics of your AWS resources. It reports whether your resources are optimal and generates optimization recommendations to reduce the cost and improve the performance of your workloads. AWS Compute Optimizer analyzes default CloudWatch metrics, such as CPU utilization, network packets per second, local storage throughput, and IOPS when generating EC2 instance-type recommendations.
• Reduce costs and improve performance by recommending optimal AWS resources for your workloads
• Helps you choose optimal configurations and right-size your workloads (over/under provisioned)
• Uses Machine Learning to analyze your resources’ configurations and their utilization CloudWatch metrics
• Supported resources
• EC2 instances
• EC2AutoScalingGroups • EBS volumes
• Lambda functions
• Lower your costs by up to 25%
• Recommendations can be exported to S3
- AWS Compute Optimizer (aws.amazon.com)
- What is AWS Compute Optimizer? – AWS Compute (docs.aws.amazon.com)
- AWS Compute Optimizer | Features & Limitations | Densify (www.densify.com)
- Introduction to AWS Compute Optimizer (2022) – nebash.com (nebash.com)
- AWS Compute Optimizer – Tutorials Dojo (tutorialsdojo.com)
- Granulate Blog – Introduction to AWS Compute Optimizer (granulate.io)
- compute-optimizer — AWS CLI 2.7.33 Command Reference (awscli.amazonaws.com)
- The Art & Science of Optimization: An In-depth Overview of AWS Compute … (community.ibm.com)
- AWS Compute Optimizer – A New SAA-C03 and SOA-C02 Exam (www.youtube.com)
Amazon Pricing Calculator
AWS Pricing Calculator allows you to explore AWS services based on your use cases and create a cost estimate. You can model your solutions before building them, examine the price points and calculations behind your assessment, and find the available instance types and contract terms that meet your needs. The AWS Pricing Calculator is not a quote tool and does not guarantee the cost for your actual use of AWS services. The cost estimated by the AWS Pricing Calculator may vary from your actual expenses for several reasons.
AWS Pricing Calculator can be used to forecast the cost of running a large application on AWS for a company running its workloads on premises. If a company plans to launch an application that will run in multiple locations within the United States and needs to identify the two AWS Regions where the application can operate at the lowest price, they can use the AWS Pricing Calculator to determine the Regions that offer the lowest price.
AWS Billing Dashboard
The AWS Billing Dashboard lets you view the status of your month-to-date AWS spending, pinpoint the services that account for the majority of your overall expenditure, and understand, at a high level, how your costs are trending.
AWS Cost Allocation Tags
You can use tags to organize your resources and cost allocation tags to track your AWS costs on a detailed level. After you activate cost allocation tags, AWS uses the cost allocation tags to organize your resource costs on your cost allocation report to make it easier for you to categorize and track your AWS costs. Tags enable you to categorize your AWS resources differently, for example, by purpose, owner, or environment. This is useful when you have many resources of the same type—you can quickly identify a specific resource based on the tags you’ve assigned.
Cost Allocation Tags
• Use cost allocation tags to track your AWS costs on a detailed level
• AWS-generated tags
• Automatically applied to the resource you create • Starts with Prefix aws: (e.g., aws: createdBy)
• User-defined tags
• Defined by the user
• Starts with Prefix user:
A company can use cost allocation tags to determine which business unit is using specific AWS resources.
Amazon Billing Alarms
A Billing Alarm will notify you by email when your AWS account charges for the month have exceeded the monetary amount you have set. This is a handy tool to stay on budget.
• Billing data metric is stored in CloudWatch us-east-1
• Billing data are for overall worldwide AWS costs
• It’s for actual cost, not for projected costs
• Intended a simple alarm (not as powerful as AWS Budgets)
AWS Budgets lets you set custom cost and usage budgets that alert you when your budget thresholds are exceeded (or forecasted to exceed). You can also create budgets to track your aggregate Reservation and Savings Plans utilization and coverage metrics. AWS Budgets allow you to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when your metrics drop below your defined threshold. AWS Cost and Usage Reports can help a company to generate reports that can break down cloud costs by product, by company-defined tags, and by hour, day, and month.
• Create a budget and send alarms when costs exceed the budget
• three types of budgets: Usage, Cost, Reservation
• For Reserved Instances (RI). All Upfront Reserved Instances are perfect for a company that has a workload that will run continuously for 1 year and cannot tolerate service interruptions.
• Track utilization
• Supports EC2, ElastiCache, RDS, Redshift
• Up to 5 SNS notifications per budget
• Can filter by Service, Linked Account, Tag, Purchase Option, Instance Type, Region, Availability Zone, API Operation, etc
• Same options as AWS Cost Explorer!
• two budgets are free, then $0.02/day/budget
AWS Trusted Advisor
AWS Trusted Advisor provides recommendations that help you follow AWS best practices. Trusted Advisor evaluates your account by using checks. These checks identify ways to optimize your AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas. AWS Trusted Advisor is an agent-less administration tool that recommends the best practices for effective resource utilization in the AWS environment. On the contrary, AWS Inspector is an agent-based administration tool that automatically evaluates user workloads to identify vulnerabilities.
• No need to install anything – high-level AWS account assessment
• Analyze your AWS accounts and provides recommendation on five categories
• Cost optimization
• Fault tolerance
• Service limits
- AWS Trusted Advisor (aws.amazon.com)
- AWS Trusted Advisor – AWS Support (docs.aws.amazon.com)
- What is AWS Trusted Advisor? – Hava (www.hava.io)
- AWS Trusted Advisor: A Comprehensive Guide | nOps (www.nops.io)
- AWS Trusted Advisor – AWS Best practices to Optimize (cloudkul.com)
- AWS Trusted Advisor – New Precedence Functionality (www.emailnator.com)
- AWS Trusted Advisor: Everything You Need to Know – N2WS (n2ws.com)
AWS Trusted Advisor evaluates AWS environments and provides best practice recommendations in five categories: cost, performance, service limits, fault tolerance, and security.
AWS Support Plans
There are four levels of AWS – basic, developer, business, and enterprise. Basic AWS support offers 24/7 access to customer support and support forums. It also gives AWS subscribers access to all documentation and whitepapers.
7 CORE CHECKS
Basic & Developer Support Plan
• S3 Bucket Permissions
• Security Groups – Specific Ports Unrestricted
• IAM Use (one IAM user minimum)
• MFA on Root Account
• EBS Public Snapshots
• RDS Public Snapshots
• Service Limits
Business & Enterprise Support plan • Full Checks available in the five categories
• Ability to set CloudWatch alarms when reaching limits
• Programmatic Access using AWS Support API
AWS Basic Support Plan
• Customer Service & Communities – 24×7 access to customer service, documentation, whitepapers, and support forums.
• AWS Trusted Advisor – Access to the seven core Trusted Advisor checks and guidance to provision your resources following best practices to increase performance and improve security.
• AWS Personal Health Dashboard – A personalized view of the health of AWS services and alerts when your resources are impacted.
AWS Developer Support Plan • All Basic Support Plan +
• Business hours email access to Cloud Support Associates • Unlimited cases / 1 primary contact
• Case severity/response times:
• General guidance: < 24 business hours • System impaired: < 12 business hours
AWS Developer Support is a good choice for a company that is starting to build its infrastructure in the AWS Cloud and wants access to technical support during business hours with general architectural guidance as teams build and test new applications for a low cost.
AWS Business Support Plan (24/7)
• Intended to be used if you have production workloads
• Trusted Advisor – Full set of checks + API access
• 24×7 phone, email, and chat access to Cloud Support Engineers • Unlimited cases / unlimited contacts
• Access to Infrastructure Event Management for an additional fee.
• Case severity/response times:
• General guidance: < 24 business hours
• System impaired: < 12 business hours • Production system impaired: < 4 hours • Production system down: < 1 hour
AWS Enterprise On-Ramp Support Plan (24/7)
• Intended to be used if you have production or business-critical workloads • All of Business Support Plan +
• Access to a pool of Technical Account Managers (TAM)
• Concierge support team (for billing and account best practices)
AWS Enterprise Support offers assistance from a dedicated technical professional who can suggest strategies regarding incidents, trade-offs, support, and risk management when a company has a complex AWS architecture.
• Infrastructure Event Management, Well-Architected & Operations Reviews
• Case severity/response times: •
• Production system impaired: < 4 hours
• Production system down < 1 hour
• Business-critical system down: < 30 minutes
• Intended to be used if you have mission-critical workloads
• All of Business Support Plan +
• Access to a designated Technical Account Manager (TAM)
• Concierge support team (for billing and account best practices) – The AWS Concierge Support team can help a company with AWS Enterprise Support to understand its monthly AWS bill and to implement billing best practices.
• Infrastructure Event Management, Well-Architected & Operations Reviews
• Case severity/response times:
• Production system impaired: < 4 hours
• Production system down < 1 hour
• Business-critical system down: < 15 minutes
AWS Enterprise Support includes AWS technical account manager (TAM) and Support of third-party software integration to AWS. AWS Enterprise Support is perfect for a company that wants to run production workloads on AWS, needs concierge service, a designated AWS technical account manager (TAM), and technical support that is available 24 hours a day, 7 days a week. AWS infrastructure event management can provide guidance about how a company should scale its architecture and operational support during an event. For example, a company that runs a web store only on AWS and has an AWS Enterprise Support plan is preparing to launch a new web store that is expected to receive high traffic for an upcoming event. AWS Concierge Support team provides a primary point of contact for AWS Billing and AWS Support. Designated support from an AWS technical account manager (TAM) is a benefit included with an AWS Enterprise Support plan. AWS Business Support offers access to technical support from engineers 24 hours a day, 7 days a week with access to the AWS Health API and contextual architectural guidance for business use cases.