Finance in the cloud - cost allocation in the AWS cloud
Cloud cost management, like any process in an organization, involves making rational and informed purchasing decisions. Therefore, it is important to introduce team members to the subject of shared responsibility, which we have already written about on our blog.
Raising the team’s awareness of responsibility for cost generation is the first step in internal transparency. There are many approaches to developing a cost allocation model. However, it is worth referring to the best practices recommended by AWS.
AWS Cloud experts focused on 3 areas related to:
- the AWS account structure;
- the tagging;
- the common cost reporting.
AWS ACCOUNT STRUCTURE
The first issue is extremely important from the point of view of the hierarchy and well-designed organizational structure in AWS. Moreover, it is related to security. How to create an appropriate organizational structure of accounts is described in the AWS Multiple Account Security Strategy.
Services such as AWS Identity and Access Management (IAM), AWS Control Tower and AWS Organisations, help you configure AWS’s unique account structure with the security policies you want.
With AWS IAM we can create users, store and manage their identities, and define user access to certain AWS services and activities. AWS Control Tower allows you to quickly set up and share an environment with multiple accounts and apply best practice schemes, so you can configure parameters such as::
- federation access using AWS Single Sign-on,
- Centralized logging and account baseline deployment with network configuration.
AWS Organisations allows you to create a holistic view of your organization’s accounts to reflect your business needs. In addition, it allows for central account management, resource sharing and billing consolidation.
TAGGING
Tagging allows you to assign metadata to AWS resources. Thanks to this, you can easily create the key and tag value of a given resource, which enables efficient filtering, searching and resource management. The best practices are described in the linked whitepaper.
It is possible and/or one to add, edit or delete tags in the service console or API interface. An alternative is to use the AWS Tag editor, which allows the previously mentioned configuration for multiple resources at the same time. After creating the resource tags, we can activate the cost allocation tags in the Billing and Cost Management console.
Here, the tags can be classified in 2 ways:
- user-defined,
- automatically generated by AWS.
What can we gain by such tagging? Better mapping of information on costs and use in the organizational structure, moreover, such tagging allows for logical grouping of accounts and resources.
It is important to start the tagging process from the very beginning of infrastructure development. In order to maintain control over the process, AWS Organizations Service Control Policies (SCPs) can be used to enforce the use of tags and maintain consistency in their use.
COMMON COST REPORTING
The last issue is reporting shared costs. It is helpful to use AWS Cost Categories, which is a great way to group shared resources.
Additionally, it is worth implementing tools such as AWS Cost Explorer and AWS Cost and Usage Reports, which will provide information on costs and consumption at the appropriate level of detail. To optimize costs in the AWS cloud, you should also consider consulting an AWS certified partner.
AWS has prepared a number of studies related to and finance in the cloud. By constantly supporting its clients, it helps in better organization and creating reports on costs incurred. Thanks to the best practices and tricks prepared by AWS, each cloud user can adjust the allocation of costs to their needs. To better understand the topic, we also encourage you to visit a specially dedicated blog AWS Cost Management, where you will find answers to many questions related to costs in the AWS cloud.
You can also take advantage of our help, a partner in Advanced status and the Well-Architected program, by sending a question to kontakt@lcloud.pl.