fbpx

A Cloud Journey with AWS – Step One – AWS Organizations

Sometime, sooner or later, if it hasn’t happened already, someone is going to ask, “How did my AWS costs get so high?”

Followed by

“I don’t understand what all these charges are for!”
“Someone needs to explain them to me” 

If that someone, is you, then this series of articles is for you.

I quickly discovered that without some preplanning and thought, resources in AWS (and their costs) quickly become unmanageable.

Everyone in the Organization can create whatever resources they desire. Without any consideration to how much they cost, where they exist, for how long they exist, are they fit for purpose.

 

Its more than probable that some amount time/effort is expended on itemizing the biggest cost that is being incurred, but this effort is not going to get you to a satisfactory place as your asked again and again,

“How did my AWS costs get so high?”
“I don’t understand what all these charges are for!”
“Someone needs to explain them to me”

Best practice of Cost Optimization.

It’s all laid out for you in the AWS Documentation. Here’s the link, see you back here in a couple of months while you digest that.

Or you could start with AWS Well-Architected Framework link more months to digest that.

Or you could just read the Cost Optimization Pillar link. Where you will learn about

• Practice Cloud Financial Management
• Expenditure and usage awareness
• Cost effective resources
• Manage demand and supply resources
• Optimize over time

I have to say that that is all very valuable information, but the very first thing that you need to do is reorganize your AWS resources into a new account structure, guided by AWS Organizations

Benefits of AWS Organizations (which are not just for Cost Optimization)

• Manage costs and optimize usage
• Quickly scale your workloads
• Provide custom environments for different workloads
• Centrally secure and audit your environment across accounts
• Simplify permission management and access control
• Efficiently provision resources across accounts

Use cases for AWS Organizations

• Cost Optimization
• Automate the creation of AWS accounts and categorize workloads using groups
• Implement and enforce audit and compliance policies
• Provide tools and access for your security teams while encouraging development
• Share common resources across accounts

This may seem to be a retrograde step but provides you with capability to…

• Have an account just for Cost reporting and reporting on all accounts from the Cost Reporting account (it has no other resources)
• Allocate resources to an account and have reporting dedicated to that one account
• Assigning users and roles to specify accounts
• Putting Cost caps on the monthly spend on an account (DEV, POC or a single user account)
• Create an account for a specific project

So, how do we get started?

Every AWS Organization needs to suit the needs of the specific Organization. No two will/should be the same. Look closely at your own OU structure and map it out to suit you needs, there are, however, some accounts that are needed outside of the OU structure that you decide on. There needs to be at least an account that is the parent or payer account, an account for security and infrastructure and finally for cost management. Having created the accounts that, you deem necessary to match your company structure. It becomes necessary to link the accounts to the parent account

There is plenty of AWS documentation that describes the process (link).

Once you have your accounts in the structure you want we need to be able to capture the cost data via the cost account, the cost account only has access to the cost data in each of the other accounts. Its purpose to reporting only.

 

AWS has complete lab series on the how to achieve this.

The Well-Architected Labs it a great resource on how to go about achieving AWS Best Practice.

That’s it for this article. Next up

A Cloud Journey with AWS – Step Two – Best Practice Account Reporting

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.