AWS Account Management, Billing, and Support

AWS Account Management, Billing, and Support | We will see AWS Organizations, AWS Control Tower, AWS RAM, AWS Service Catalog, AWS Trusted Advisor and related services.

AWS Organizations

AWS Organizations is a global service that helps you manage multiple AWS accounts. Here are the key points:-

Global Service: AWS Organizations operate on a global scale.
Account Management: It allows you to manage multiple AWS accounts within a single organization.
Master and Child Accounts: The main account is called the master account or root account, while other accounts are referred to as child accounts.
Automation: An API is available to automate the creation of AWS accounts.
Access Control: We can use Service Control Policies (SCP) to restrict account privileges and manage permissions centrally.
Cost Benefits:
Consolidated Billing: All accounts can use a single payment method, simplifying billing.
Aggregated Usage Discounts: Benefit from volume discounts for services like EC2 and S3 due to aggregated usage across accounts.
Pooling of Reserved Instances Savings: Reserved EC2 instances are pooled for optimal savings across accounts.

This structured approach helps to streamline account management, optimize costs, and enforce policies across all your AWS accounts.

Multi-Account Strategies in AWS

Create Accounts Based on Various Factors:
- Department/Cost Center: Separate accounts for each department or cost center for better tracking and management.
- Environment: Different accounts for development, testing, and production environments to ensure isolation and manage resources effectively.
- Regulatory Restrictions: Use Service Control Policies (SCP) to enforce regulatory compliance and restrict permissions.
- Resource Isolation: Use separate accounts for better resource isolation, such as VPCs.
- Service Limits: Manage and control service limits more effectively with isolated accounts.
- Logging: Isolated accounts can be used specifically for logging purposes.
Multi-Account vs. One Account Multi VPC: Evaluate the need for multiple accounts versus using a single account with multiple VPCs based on your organization’s requirements for isolation, management, and compliance.
Tagging Standards: Implement tagging standards for resources to facilitate billing, management, and reporting purposes.
Enable CloudTrail: Enable AWS CloudTrail on all accounts and send logs to a central S3 account for centralized logging and monitoring.
Centralized Logging: Send AWS CloudWatch Logs from all accounts to a central logging account for easier monitoring and analysis.

These strategies help in managing and securing your AWS environment effectively, providing better resource allocation, cost management, and compliance.

Examples of Organizational Units (OUs) in AWS Organizations

Organizational Units (OUs) are used to group AWS accounts within an AWS Organization, enabling you to manage and apply policies to those groups more efficiently. Here are some examples of how you might structure OUs:

By Environment:

Development: Contains all accounts related to development activities.
Testing: Includes accounts used for testing purposes.
Production: Contains production accounts where live applications run.

By Department:

Engineering: Accounts used by the engineering team for software development and infrastructure management.
Marketing: Accounts related to marketing activities, such as data analytics and campaign management.
Finance: Accounts used for financial data processing and reporting.

By Project:

Project Alpha: Accounts dedicated to a specific project or initiative.
Project Beta: Separate accounts for another project, ensuring isolation and resource allocation.

Root OU
├── Development OU
│   ├── Dev Account 1
│   ├── Dev Account 2
├── Testing OU
│   ├── Test Account 1
│   ├── Test Account 2
├── Production OU
│   ├── Prod Account 1
│   ├── Prod Account 2
├── Engineering OU
│   ├── Eng Account 1
│   ├── Eng Account 2
├── Marketing OU
│   ├── Mkt Account 1
│   ├── Mkt Account 2
└── Compliance Group A OU
    ├── Compliance Account 1
    ├── Compliance Account 2

This structure helps you manage accounts efficiently by grouping them based on specific criteria, making policy application and resource management easier.

Service Control Policies (SCP)

Service Control Policies (SCP) are a powerful feature in AWS Organizations that allow you to manage permissions for accounts in your organization. Here’s a breakdown:-

Whitelist or Blacklist IAM Actions: SCPs can explicitly allow (whitelist) or deny (blacklist) certain IAM actions.
Applied at the OU or Account Level: SCPs can be applied to Organizational Units (OUs) or individual accounts within your AWS Organization.
Does Not Apply to the Master Account: The master account (root of the organization) is not affected by SCPs.
Scope: SCPs affect all users and roles in an account, including the root user.
Exemption for Service-Linked Roles: SCPs do not impact service-linked roles, which are roles required for AWS services to integrate with AWS Organizations. These roles cannot be restricted by SCPs.
Explicit Allow Required: By default, SCPs do not allow any actions. They must have an explicit allow statement to enable actions.

Use Cases:

Restrict Access to Certain Services: For example, you can use SCPs to prevent the use of specific services like Amazon EMR.
Enforce Compliance: SCPs can be used to enforce compliance standards such as PCI by explicitly disabling certain services or actions.

Service Control Policies provide a centralized way to manage and restrict permissions across multiple AWS accounts, ensuring consistent security and compliance practices.

It looks very similar to IAM policies. Example of allow and deny:-

{
    "Version": "2024-12-12",
    "Statement": [
        {
            "Sid": "AllowsAllActions",
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        },
        {
            "Sid": "DenyDynamoDB",
            "Effect": "Deny",
            "Action": "dynamodb:*",
            "Resource": "*"
        }
    ]
}

Example of whitelisting only a certain type of service.

{
    "Version": "2024-12-12",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:*",
                "cloudwatch:*",
            ],
            "Resource": "*"
        }
    ]
}

See more Service control policy examples.

There is no cost to use AWS Organizations.

AWS Organizations – Consolidated Billing

Consolidated billing in AWS Organizations offers several benefits, including:

Combined Usage: It combines the usage across all AWS accounts within the AWS Organization. Benefits: Share volume pricing discounts, Reserved Instances, and Savings Plans discounts across all accounts.
One Bill: We can receive a single, unified bill for all AWS accounts in the AWS Organization. Benefits: Simplifies financial management and billing processes.
Reserved Instances Discount Management: The management account has the flexibility to turn off Reserved Instances discount sharing for any account in the AWS Organization, including itself. Benefits: Allows for more controlled and strategic use of Reserved Instances discounts.

This setup helps streamline billing processes and optimize cost savings across multiple AWS accounts within an organization.

AWS Control Tower

AWS Control Tower is an easy way to set up and govern a secure and compliant multi-account AWS environment based on best practices. Here are the key points:

Purpose: Simplifies the creation and management of a secure, compliant AWS environment.
Integration: Runs on top of AWS Organizations.

Benefits:

Automated Setup: Set up your environment quickly with just a few clicks.
Policy Management: Automate ongoing policy management using guardrails.
Policy Violation Detection: Detect policy violations and remediate them effectively.
Compliance Monitoring: Monitor compliance through an interactive dashboard.

How It Works:

Integration with AWS Organizations: AWS Control Tower automatically sets up AWS Organizations to organize accounts and implement Service Control Policies (SCPs).

AWS Resource Access Manager (AWS RAM)

AWS Resource Access Manager (AWS RAM) enables you to share AWS resources with other AWS accounts, both within your organization and beyond. Here are the key points for better understanding:

Resource Sharing: Share AWS resources that you own with other AWS accounts, avoiding duplication of resources.
Flexibility: Share resources with any account or within your AWS Organization.

Supported Resources:

Aurora: Share Amazon Aurora databases.
VPC Subnets: Share VPC subnets with other accounts.
Transit Gateway: Share Transit Gateways for network management.
Route 53: Share Route 53 hosted zones and DNS configurations.
EC2 Dedicated Hosts: Share EC2 Dedicated Hosts for optimized resource utilization.
License Manager Configurations: Share license configurations for software management.

AWS RAM helps you manage and share resources efficiently, reducing costs and improving collaboration across accounts.

AWS Service Catalog

AWS Service Catalog is designed to help organizations manage and deploy pre-approved cloud resources, simplifying the process for users who are new to AWS and ensuring compliance and consistency across the organization. Key Points:-

Simplified Options: Users who are new to AWS can become overwhelmed by the multitude of choices and might create non-compliant stacks. AWS Service Catalog addresses this by offering a curated list of approved products.
Self-Service Portal: It provides a self-service portal where users can easily launch a set of authorized products predefined by administrators. This includes virtual machines, databases, storage options, and more.
Compliance and Consistency: By using the AWS Service Catalog, organizations can ensure that all deployed resources comply with internal policies and best practices.

AWS Service Catalog streamlines the deployment process, enabling quick and consistent access to the resources users need while maintaining control and compliance for administrators.

Pricing Models in AWS

AWS offers four main pricing models to cater to various needs and optimize costs:

Pay as You Go:

Pay only for the resources you use, allowing you to remain agile, responsive, and able to meet scaling demands.
Benefit: No upfront costs, and you only pay for what you consume.

Save When You Reserve:

Save money by reserving resources in advance, which helps minimize risks, predictably manage budgets, and comply with long-term requirements.
Available For: EC2 Reserved Instances, DynamoDB Reserved Capacity, ElastiCache Reserved Nodes, RDS Reserved Instances, Redshift Reserved Nodes.
Benefit: Significant savings compared to on-demand pricing.

Pay Less by Using More:

Receive volume-based discounts as your usage increases.
Benefit: Lower costs per unit of usage, making it cost-effective to scale up your operations.

Pay Less as AWS Grows:

Benefit from reduced prices as AWS continues to grow and optimize its infrastructure.
Benefit: Automatic cost savings over time as AWS reduces its prices.

These pricing models provide flexibility and cost efficiency, allowing you to choose the best approach for your specific needs.

Free services in AWS:-

IAM
VPC
Consolidated Billing

The following services are free in AWS but you have to pay for the resources created:-

Elastic Beanstalk
CloudFormation
Auto Scaling Groups

(Free Tier)[https://aws.amazon.com/free/] in AWS provides:-

EC2 t2.micro instance for a year
S3, EBS, ELB, AWS Data transfer

Compute Pricing – EC2

AWS EC2 pricing is designed to charge you based on actual usage. Here’s a breakdown of the factors that influence EC2 pricing:

Usage-Based Charges:

Number of Instances: The total number of EC2 instances you run.
Instance Configuration:
- Physical Capacity: The underlying hardware resources, such as CPU and RAM.
- Region: The geographical location where your instance is hosted.
- Operating System and Software: The OS and additional software running on the instance.
- Instance Type: The specific EC2 instance type (e.g., t2.micro, m5.large).
- Instance Size: The size of the instance within its type family.

Additional Charges:

Elastic Load Balancing (ELB): Time your load balancers are running and the amount of data they process.
Detailed Monitoring: Additional charges for detailed monitoring beyond the basic CloudWatch metrics.

EC2 Pricing Models

Amazon EC2 offers several pricing models to suit different use cases and budget requirements:

On-Demand Instances:

Billing: Minimum of 60 seconds.
Rates: Pay per second (Linux/Windows) or per hour (other).

Reserved Instances:

Discount: Up to 75% off compared to On-Demand hourly rates.
Commitment: Options for 1-year or 3-year commitments.
Payment Options: All upfront, partial upfront, or no upfront.

Spot Instances:

Discount: Up to 90% off compared to On-Demand hourly rates.
Usage: Bid for unused EC2 capacity.

Dedicated Host:

Billing: On-Demand.
Commitment: Reservation for 1-year or 3-year commitments.
Savings Plans: Alternative option for savings on sustained usage.

Compute Pricing – Lambda & ECS

AWS Lambda:

Pay per Call: Charges are based on the number of requests.
Pay per Duration: Charges are based on the execution time of your code, measured in milliseconds.

Amazon ECS:

EC2 Launch Type Model: No Additional Fees. You only pay for the AWS resources (e.g., EC2 instances, EBS volumes) that you use to run your applications.

Fargate:

Fargate Launch Type Model: Pay for the vCPU and memory resources allocated to your containers, offering a serverless way to run containers.

Storage Pricing – S3

Amazon S3 pricing is influenced by several factors, including the storage class, the number and size of objects, the type of requests, and data transfer activities. Here’s a breakdown:

Storage Class:
- S3 Standard: General-purpose storage for frequently accessed data.
- S3 Infrequent Access (IA): For data that is accessed less frequently.
- S3 One-Zone IA: Lower-cost option for infrequently accessed data that doesn’t require multiple Availability Zone resilience.
- S3 Intelligent Tiering: Automatically moves data to the most cost-effective access tier.
- S3 Glacier: For long-term archival storage with retrieval times ranging from minutes to hours.
- S3 Glacier Deep Archive: The lowest-cost storage for data that is rarely accessed and needs long-term retention.
Number and Size of Objects: Pricing can be tiered based on the volume of data stored.
Number and Type of Requests: Charges vary depending on the number and type of requests (e.g., GET, PUT, LIST requests).
Data Transfer OUT of the S3 Region: Charges apply for data transferred out of the S3 region.
S3 Transfer Acceleration: Faster data transfers using AWS edge locations, with additional costs.
Lifecycle Transitions: Costs associated with moving objects between different storage classes based on lifecycle policies.

Similar Service:

Amazon EFS (Elastic File System): Pay-per-use service with options for infrequent access and lifecycle rules similar to S3.

Storage Pricing – EBS

Amazon Elastic Block Store (EBS) pricing is influenced by several factors, such as volume type, storage volume, IOPS, snapshots, and data transfer. Here’s a detailed breakdown:

Volume Type:
- General Purpose SSD (gp2/gp3): Suitable for a broad range of workloads. Pricing includes a baseline performance level.
- Provisioned IOPS SSD (io1/io2): Designed for I/O-intensive applications. Pricing is based on the amount of IOPS provided.
- Magnetic (standard): Older generation storage; pricing is based on the number of requests.
Storage Volume:
- Charges: Based on the amount of storage provisioned, measured in GB per month.
IOPS (Input/Output Operations Per Second):
- General Purpose SSD: IOPS is included in the volume pricing.
- Provisioned IOPS SSD: Charges are based on the amount of IOPS provided.
- Magnetic: Charges are based on the number of I/O requests.
Snapshots:
- Cost: Charged based on the additional data stored per GB per month.
Data Transfer:
- Outbound Data Transfer: Charges apply and are tiered for volume discounts.
- Inbound Data Transfer: Free of charge.

Database Pricing – RDS

Amazon RDS (Relational Database Service) pricing includes several components based on usage, configuration, and deployment options:

Per Hour Billing:

Charges are based on the number of hours your database instances are running.

Database Characteristics:

Engine: Different database engines (e.g., MySQL, PostgreSQL, Oracle) have different pricing.
Size: The size of the database instance.
Memory Class: The amount of memory allocated to the database instance.

Purchase Type:

On-Demand: Pay for compute capacity by the hour with no long-term commitments.
Reserved Instances: Save up to 75% compared to On-Demand rates by committing to a 1-year or 3-year term, with payment options including all upfront, partial upfront, and no upfront.

Backup Storage:

No additional charge for backup storage up to 100% of your total database storage for a region.
Additional storage is charged per GB per month.

Input/Output Requests:

Charges are based on the number of input and output requests per month.

Deployment Type:

Single AZ (Availability Zone): Storage and I/O pricing for a single availability zone deployment.
Multiple AZs: Storage and I/O pricing for multi-availability zone deployments, which provide higher availability and failover support.

Data Transfer:

Outbound Data Transfer: Charges apply and are tiered for volume discounts.
Inbound Data Transfer: Free of charge.

Content Delivery – CloudFront

Amazon CloudFront pricing varies based on several factors, including geographic region, data transfer, and request volume. Here’s a quick overview:

Geographic Regions: Pricing varies across different geographic regions.
Edge Locations: Costs are aggregated for each edge location and then applied to your bill.
Data Transfer Out: Charges are based on the volume of data transferred out, with volume discounts available.
HTTP/HTTPS Requests: Charges are also based on the number of HTTP and HTTPS requests processed.

Per Month	United States & Canada	Europe & Israel	South Africa, Kenya, & Middle East	South America	Japan	Australia	Singapore, South Korea, Taiwan, Hong Kong, & Philippines	India
First 10TB	$0.085	$0.085	$0.110	$0.110	$0.114	$0.114	$0.140	$0.170
Next 40TB	$0.080	$0.080	$0.105	$0.105	$0.089	$0.098	$0.135	$0.130
Next 100TB	$0.060	$0.060	$0.090	$0.090	$0.086	$0.094	$0.120	$0.110

Simplified Networking Costs in AWS (per GB)

Use Private IP Instead of Public IP:
- Savings: Utilizing private IPs instead of public IPs can lead to significant cost savings.
- Performance: Improved network performance.
Use Same Availability Zone (AZ):
- Savings: Maximum savings are achieved when resources communicate within the same AZ.
- Trade-Off: This might come at the cost of high availability.

These strategies can help you optimize your AWS networking costs and enhance performance.

AWS Savings Plan

Overview:

Commitment: Pledge a certain $ amount per hour for 1 or 3 years.
Purpose: Simplifies setting up long-term commitments on AWS.

Types of Savings Plans:

EC2 Savings Plan:

Discount: Up to 72% off compared to On-Demand pricing.
Commitment: Usage of individual instance families within a region (e.g., C5 or M5).
Flexibility: Valid across all Availability Zones, sizes (e.g., m5.xlarge to m5.4xlarge), OS (Linux/Windows), and tenancy.
Payment Options: All upfront, partial upfront, or no upfront.

Compute Savings Plan:

Discount: Up to 66% off compared to On-Demand pricing.
Flexibility: Valid regardless of instance family, region, size, OS, tenancy, or compute options.
Compute Options: Applicable to EC2, Fargate, and Lambda.

Machine Learning Savings Plan:

Usage: Specifically for SageMaker.

Setup:

AWS Cost Explorer: Set up and manage Savings Plans from the AWS Cost Explorer console.
Pricing Estimates: Estimate pricing at AWS Savings Plans Pricing.

These savings plans help you optimize costs and ensure predictable billing for your AWS usage.

AWS Compute Optimizer

AWS Compute Optimizer helps you reduce costs and improve performance by recommending optimal AWS resources for your workloads. It is a valuable tool for managing and optimizing your AWS resources, ensuring that you get the best performance and cost efficiency.

Key Features:

Cost Reduction & Performance Improvement: It recommends optimal AWS resources to help you reduce costs and enhance performance.
Rightsizing Workloads: It assists in choosing the best configurations and right-sizing your workloads to avoid over-provisioning or under-provisioning.
Machine Learning Analysis: It utilizes machine learning to analyze your resources’ configurations and their utilization using CloudWatch metrics.

Supported Resources:

EC2 Instances: Recommends optimal instance types and sizes.
EC2 Auto Scaling Groups: Provides suggestions for scaling policies and instance types.
EBS Volumes: Helps optimize storage configuration.
Lambda Functions: Offers recommendations for function memory settings and execution times.

Additional Benefits:

Cost Savings: Potential to lower costs by up to 25%.
Exportable Recommendations: Export recommendations to S3 for further analysis or integration with other tools.

Billing and Costing Tools in AWS

These tools provide comprehensive ways to estimate, track, and monitor your AWS costs, ensuring you have the information you need to manage your cloud spending effectively.

Estimating Costs in the Cloud:

AWS Pricing Calculator: It helps you estimate the cost of your solution architecture / AWS services and plan your resource needs accordingly.

Tracking Costs in the Cloud:

Billing Dashboard: Provides a comprehensive view of your AWS spending and usage.
Cost Allocation Tags: It allow you to categorize and track your AWS costs by applying tags to your resources.
Cost and Usage Reports: Offer detailed insights into your AWS usage and costs, helping you analyze spending patterns.
Cost Explorer: A powerful tool to visualize, understand, and manage your AWS costs and usage over time.

Monitoring Against Cost Plans:

Billing Alarms: Set up alarms to monitor your AWS spending and receive notifications when your costs exceed predefined thresholds.
Budgets: Create budgets to track your costs and usage against your planned spending, helping you stay within budget.

Cost Allocation Tags
Cost allocation tags in AWS help you track your AWS costs on a detailed level. There are 2 types of tags:-

AWS Generated Tags: These tags are automatically applied to the resources you create. They start with the prefix aws: (e.g., aws:createdBy).
User-Defined Tags: These tags are defined by the user and can be customized to fit your tracking needs. They start with the prefix user:.

Using these tags, you can categorize your costs and gain more granular insights into your AWS spending, helping you manage and optimize your budget effectively.

Tagging and Resource Groups in AWS

Tags are essential for organizing and managing your AWS resources effectively. Here are some key points:

Organized Resources:
- EC2: Instances, images, load balancers, security groups, etc.
- RDS, VPC Resources, Route 53, IAM Users: Other AWS resources that can be tagged.
CloudFormation:
- Resources created by AWS CloudFormation are tagged in the same manner.
Free Naming:
- You can freely name your tags. Common examples include:
  - Name
  - Environment
  - Team

Resource Groups

Tags can be used to create resource groups, which help in managing collections of resources that share common tags. Key features include:

Creation and Maintenance: Create, maintain, and view a collection of resources that share common tags.
Tag Editor: Use the AWS Tag Editor to manage these tags efficiently.

This tagging strategy allows for better organization, management, and visibility of your AWS resources, making it easier to handle complex environments.

AWS Cost and Usage Reports

AWS Cost and Usage Reports provide detailed insights into your AWS costs and usage. Here’s a more detailed look:

Comprehensive Data:
- The AWS Cost & Usage Report contains the most comprehensive set of AWS cost and usage data available.
- Includes additional metadata about AWS services, pricing, and reservations (e.g., Amazon EC2 Reserved Instances (RIs)).
Detailed Listing:
- Lists AWS usage for each service category used by an account and its IAM users.
- Data is available in hourly or daily line items.
- Includes any tags you have activated for cost allocation purposes.
Integration Options:
- Can be integrated with:
  - Athena: Query your cost and usage data using SQL.
  - Redshift: Load and analyze your data warehouse.
  - QuickSight: Visualize your cost and usage data.

AWS Cost Explorer

AWS Cost Explorer is a powerful tool designed to help you visualize, understand, and manage your AWS costs and usage over time. Here’s what it offers:

Visualization and Understanding:
- Purpose: Provides an intuitive interface to visualize your costs and usage patterns.
- Analysis: Enables you to create custom reports that analyze cost and usage data at various levels.
Data Granularity:
- High-Level Analysis: View total costs and usage across all accounts.
- Granular Analysis: Drill down to monthly, hourly, or resource-level granularity for detailed insights.
Savings Plans:
- Optimization: Helps you choose an optimal Savings Plan to lower your overall bill.
Forecasting:
- Usage Forecast: Predicts your future usage for up to 12 months based on historical data.

Billing Alarms in CloudWatch

Billing Alarms in CloudWatch are designed to help you monitor your AWS spending and receive notifications when costs exceed certain thresholds. Here’s a quick overview:

Location of Billing Data Metric: The billing data metric is stored in CloudWatch in the us-east-1 region.
Scope of Billing Data: The billing data represents overall worldwide AWS costs.
Cost Type: The alarms are based on actual costs, not projected costs.
Purpose and Power: Billing alarms are intended to provide a simple alert mechanism and are not as comprehensive as AWS Budgets.

Key Features:

Simple Alert Mechanism: Set up basic alarms to notify you when your AWS spending exceeds specific thresholds.
Cost Monitoring: It helps you keep track of your actual expenses in real time.

Though billing alarms are useful for immediate cost alerts, for more advanced tracking and forecasting, AWS Budgets offers more powerful features and flexibility.

AWS Budgets

AWS Budgets is a robust tool that helps you create and manage budgets, sending alarms when your costs exceed predefined thresholds. Here’s a more detailed look:

Budget Creation:
- Set budgets to monitor your AWS costs and usage.
- Receive alerts when spending exceeds your set budget.
Types of Budgets:
- Usage: Monitor how much of a particular AWS resource you’re using.
- Cost: Track your spending.
- Reservation: Monitor Reserved Instances (RI) usage and costs.
- Savings Plans: Track your savings plans and ensure you’re making the most of them.

For Reserved Instances (RI):

Utilization Tracking:
Keep an eye on the utilization of your Reserved Instances.
Supports EC2, ElastiCache, RDS, and Redshift.

SNS Notifications. Up to 5 Simple Notification Service (SNS) notifications per budget.

Filtering Options (Customizable Filtering):-

Filter budgets by service, linked account, tag, purchase option, instance type, region, availability zone, API operation, and more.
Similar filtering options as AWS Cost Explorer.

Pricing:

The first two budgets are free.
Additional budgets are charged at $0.02 per day per budget.

AWS Budgets is a powerful tool that allows you to stay on top of your spending, ensuring you can manage and optimize your AWS costs effectively.

AWS Cost Anomaly Detection

AWS Cost Anomaly Detection uses machine learning to continuously monitor your cost and usage patterns, helping you detect unusual spending and take action. Here are the key features:

Continuous Monitoring:
- Benefit: Uses machine learning to detect unusual spending.
- No Thresholds Needed: Learns your unique, historic spend patterns to detect one-time cost spikes or continuous cost increases without needing predefined thresholds.
Monitoring Capabilities: Monitors AWS services, member accounts, cost allocation tags, or cost categories.
Anomaly Detection Reports: Provides root-cause analysis with anomaly detection reports.
Notifications: Receive individual alerts or daily/weekly summaries using Amazon SNS (Simple Notification Service).

AWS Cost Anomaly Detection helps you stay on top of your AWS expenses by identifying unexpected cost increases and providing detailed analysis.

AWS Service Quotas

AWS Service Quotas help you manage your resource limits efficiently. Here are the key features:

Threshold Notifications: Notifies you when you’re close to a service quota value threshold, ensuring you don’t accidentally exceed your limits.
CloudWatch Alarms: Create CloudWatch Alarms on the Service Quotas console to monitor specific resources, such as Lambda concurrent executions.
Quota Management: Request a quota increase from AWS Service Quotas or take proactive measures to shut down resources before reaching the limit.

AWS Trusted Advisor

AWS Trusted Advisor is an essential service that provides high-level assessments of your AWS account without the need for any installation. Here’s a closer look at what it offers:

No Installation Required: Offers assessments without any installation needed.
AWS Account Analysis: Analyzes your AWS accounts and provides recommendations.

Recommendation Categories:

Cost Optimization: Helps you reduce costs by identifying underutilized resources.
Performance: Suggests ways to improve your system’s performance.
Security: Provides tips to secure your AWS environment.
Fault Tolerance: Offers advice to increase the fault tolerance of your applications.
Service Limits: Alerts you when you are approaching AWS service limits.
Operational Excellence: Gives recommendations to improve operational practices.

Using Business & Enterprise Support Plan you can access to the full set of checks is available with these support plans. It also provides Programmatic Access. You can access Trusted Advisor programmatically using the AWS Support API.

AWS Trusted Advisor is a powerful tool that helps you optimize your AWS environment across multiple dimensions, ensuring cost efficiency, security, performance, and more.

AWS Support Plans Pricing

Basic Support: free
Developer
Business
Enterprise On-Ramp
Enterprise

AWS Basic Support Plan

Customer Service & Communities – 24×7 access to customer service, documentation, whitepapers, and support forums.
AWS Trusted Advisor – Access to the 7 core Trusted Advisor checks and guidance to provision your resources following best practices to increase performance and improve security.
AWS Personal Health Dashboard – A personalized view of the health of AWS services, and alerts when your resources are impacted.

AWS Developer Support Plan

All Basic Support Plan Included.
Business hours email access to Cloud Support Associates.
Unlimited cases / unlimited contacts.
Case severity/response times:
- General guidance: < 24 business hours
- System impaired: < 12 business hours

AWS Business Support Plan (24/7)

Intended to be used if you have production workloads.
Trusted Advisor – Full set of checks + API access.
24×7 phone, email, and chat access to Cloud Support Engineers.
Unlimited cases / unlimited contacts.
Access to Infrastructure Event Management for an additional fee.
Case severity/response times:
- General guidance: < 24 business hours
- System impaired: < 12 business hours
- Production system impaired: < 4 hours
- Production system down: < 1 hour

AWS Enterprise On-Ramp Support Plan (24/7)

Intended to be used if you have production or business critical workloads
All of Business Support Plan Included
Access to a pool of Technical Account Managers (TAM)
Concierge Support Team (for billing and account best practices)
Infrastructure Event Management, Well-Architected & Operations Reviews
Case severity/response times:
- …
- Production system impaired: < 4 hours
- Production system down: < 1 hour
- Business-critical system down: < 30 minutes

AWS Enterprise Support Plan (24/7)

Intended to be used if you have mission-critical workloads.
All of the Business Support Plan Included.
Access to a designated Technical Account Manager (TAM).
Concierge Support Team (for billing and account best practices).
Infrastructure Event Management, Well-Architected & Operations Reviews.
Case severity/response times:
- …
- Production system impaired: < 4 hours
- Production system down: < 1 hour
- Business-critical system down: < 15 minutes

AWS Account Best Practices – Summary

Operate Multiple Accounts: Use AWS Organizations to manage multiple accounts efficiently.
Service Control Policies (SCP): Restrict account permissions using SCPs.
AWS Control Tower: Easily set up multiple accounts with best practices using AWS Control Tower.
Tags & Cost Allocation Tags: Use tags for easy management and billing.
IAM Guidelines: Implement MFA, least-privilege, strong password policies, and regular password rotation.
AWS Config: Record all resource configurations and compliance over time.
AWS CloudFormation: Deploy stacks across accounts and regions.
AWS Trusted Advisor: Get insights and recommendations; select a support plan that suits your needs.
Logging: Send service logs and access logs to S3 or CloudWatch Logs.
AWS CloudTrail: Record API calls made within your account.
Account Compromise: Change the root password, delete and rotate all passwords/keys, and contact AWS support if your account is compromised.
AWS Service Catalog: Allow users to create pre-defined stacks defined by administrators using AWS Service Catalog.

Billing and Costing Tools – Summary

Compute Optimizer: Recommends optimal resource configurations to reduce costs.
Pricing Calculator: Estimates the cost of AWS services.
Billing Dashboard: Provides a high-level overview and a free tier dashboard.
Cost Allocation Tags: Allows tagging of resources to create detailed cost reports.
Cost and Usage Reports: Offers the most comprehensive billing dataset available.
Cost Explorer: Enables viewing of current detailed usage and forecasting of future usage.
Billing Alarms: Set up in us-east-1 to track overall and per-service billing.
Budgets: Advanced tool for tracking usage, costs, and Reserved Instances (RI), with alert capabilities.
Savings Plans: Provides an easy way to save costs based on long-term usage of AWS services.
Cost Anomaly Detection: Machine learning is used to detect unusual spending patterns.
Service Quotas: Notifies you when you’re close to reaching a service quota threshold.

These tools help you effectively manage and optimize your AWS costs and usage, ensuring you stay within budget and make the most out of your AWS resources.

If you enjoyed this post, share it with your friends. Do you want to share more information about the topic discussed above or do you find anything incorrect? Let us know in the comments. Thank you!