Cloud Cost Governance Automation - How to get started & building continuous feedback loops
0 likes29 views
The document outlines a guide for cloud cost governance automation, detailing how to start and build continuous feedback loops across the software development lifecycle (SDLC). It covers AWS services for budgeting, cost control, and implementing guardrails using tools such as AWS Budgets, Cost Explorer, and Service Control Policies. Key takeaways emphasize leveraging existing data, investing in cost visibility, and establishing preventative measures to optimize cloud expenditures.
![25
SCP - Making sense out of the error message
◆ CLI (e.g. Cloud Shell):
aws sts decode-authorization-
message --encoded-message
encoded-message
{ "DecodedMessage":
"{"allowed":false,"explicitDeny":true,
"matchedStatements":
{"items":[{"statementId":"Statement1",
"effect":"DENY", ....
"actions":{"items":[{"value":"ec2:RunInstances
"}]},
"resources":{"items":[{"value":"arn:aws:ec2:*:*:*/
*"}]},
"conditions":{"items":[{"key":"ec2:InstanceTyp
e",
"values":
{"items":[{"value":"nano"},{"value":"micro"},
{"value":"small"},{"value":"medium"},
{"value":"large"}
.....
}](https://image.slidesharecdn.com/finops2023-230705101753-5985470e/85/Cloud-Cost-Governance-Automation-How-to-get-started-building-continuous-feedback-loops-25-320.jpg)
Cloud Cost Governance Automation - How to get started & building continuous feedback loops
- 1. Cloud Cost Governance Automation How to get started & building continuous feedback loops
- 2. 2 Agenda ◆ Intro ◆ Cost governance & SDLC ◆ AWS services grouped by SDLC phase ◆ Key takeaways Estimations & Business Case Investment Governance Consumption Chargeback Optimisation Value Realisation Budget & Forecasting Focus Focus
- 3. 3 ◆ Name: Gerald Bachlmayr ◆ Role: Principal Cloud Architect at Cuscal ◆ Industry: Financial Services ◆ Background: Software engineering ◆ AWS: 9 years experience ◆ LinkedIn: https://www.linkedin.com/in/bachlmayr/ Intro
- 4. Cost Governance & SDLC
- 5. 5 Software Development Life-cycle: Iterative ◆ Plan ◆ Design ◆ Implement ◆ Test ◆ Deploy ◆ Maintain Source: https://aws.amazon.com/what-is/sdlc/
- 6. 6 SDLC & FinOps relevant AWS Services Plan & Design Implement & Test Deploy Maintain & Improve AWS Pricing Calculator Tagging AWS Organizations AWS Config AWS Budget + Alerts Cost Allocation Tags SCPs AWS Cost Explorer AWS Savings Plan Tag Policies Trusted Advisor Cost Anomaly Detection Rightsizing Rec.
- 7. 7 How to Get Started? ◆ Identify existing data points ○ E.g. your AWS invoice ◆ Identify cost inefficiencies ○ E.g. with Trusted Advisor ○ E.g. AWS Config ◆ Implement guardrails ○ E.g. budget alerts ○ Third party tools ◆ Measure & improve ○ E.g. improve granularity → tags $
- 9. 9 AWS Pricing Calculator - Service Selection
- 10. 10 AWS Pricing Calculator - TGW Example
- 11. 11 AWS Pricing Calculator - Share Link Share !
- 12. 12 AWS Budgets ◆ How does it work: ○ Define Budget ○ Define alerts → percent or forecast
- 13. 13 AWS Budgets - Templates
- 14. 14 AWS Budgets - Budget Types ◆ Fixed ○ Same amount every period ◆ Planned ○ Budget amount for up to 12 months or 4 quarters. ◆ Auto-adjusting ○ Dynamic amount based on history More info: https://docs.aws.amazon.com/cost-management/latest/userguide/budget- methods.html
- 15. 15 Savings Plan ◆ Types: ○ Compute ○ EC2 ○ SageMaker ◆ Limitation: ● Refresh up tp to three times/day for consolidated billing
- 16. Implement
- 17. 17 Tags - Resource Level ◆ Meta data for AWS resources ○ E.g. costcentre ○ CloudFormation ○ Terraform ◆ Syntax example - YAML: Tags: - Key: "keyname1" Value: "value1" - Key: "keyname2" Value: "value2"
- 18. 18 Cost Allocation Tags - Billing Console ◆ Activate tags for cost allocation ○ Not all tags are useful for billing ◆ Related Services: ○ Tag Editor ○ Resource Groups
- 19. 19 Tag Policies - AWS Organizations ◆ Tag enforcement ○ E.g. list of values ◆ Target definition: ○ E.g. OU-level
- 20. Deploy
- 21. 21 AWS Organizations & Guardrails ◆ Preventive guardrails: Service Control Policies (SCPs) ◆ Detective guardrails: AWS Config
- 22. 22 AWS Service Control Policy (SCP) What are SCPs? ◆ SCPs do not grant permissions to users, but ◆ Make sure certain actions cannot be performed within a given scope, e.g. a region or OU ◆ Fine-grained permissions are possible for AWS resources Cost control use cases ◆ Enforce tagging → Cost break-down ◆ Enforce smaller instances in development / test ◆ Deny certain resource types Examples: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_poli cies_scps_examples.html
- 23. 23 SCP - Limit instance type ◆ Preventive guardrails: Service Control Policies (SCPs) ◆ Detective guardrails: AWS Config
- 24. 24 SCP - Error when provisioning 2Xlarge
- 25. 25 SCP - Making sense out of the error message ◆ CLI (e.g. Cloud Shell): aws sts decode-authorization- message --encoded-message encoded-message { "DecodedMessage": "{"allowed":false,"explicitDeny":true, "matchedStatements": {"items":[{"statementId":"Statement1", "effect":"DENY", .... "actions":{"items":[{"value":"ec2:RunInstances "}]}, "resources":{"items":[{"value":"arn:aws:ec2:*:*:*/ *"}]}, "conditions":{"items":[{"key":"ec2:InstanceTyp e", "values": {"items":[{"value":"nano"},{"value":"micro"}, {"value":"small"},{"value":"medium"}, {"value":"large"} ..... }
- 26. Maintain & Continuous Improvement
- 27. 27 AWS Config - What is it? ◆ Recording ◆ Timelines ◆ Compliance Rules ◆ Conformance Pack ◆ Auto-remediations ◆ Aggregation (regions, accounts)
- 28. 28 AWS Config - Examples ◆ List of Guardrails ◆ Non-compliant accounts ◆ Non-compliant rules
- 29. 29 AWS Cost Explorer ◆ Features: ○ Dashboards ○ Customised forecast ○ Programmatic access ○ Single view across regions & accounts
- 30. 30 AWS Trusted Advisor ◆ Recommendation on: ○ Cost optimisation ○ Performance ○ Security ○ Fault tolerance ○ Service limits ◆ Check Levels ○ No Problem detected ○ Investigation recommended ○ Action recommended
- 31. 31 AWS Cost Anomaly Detection ◆ Cost Monitor ○ E.g. Linked accounts, or ○ Cost Allocation Tag ◆ Subscription ○ Frequency ○ Threshold
- 32. 32 Rightsizing Recommendations ◆ Automatic review of historical data ◆ Recommendations based on utilisation
- 33. Key Takeaways
- 34. 34 Key Takeaways ◆ Leverage existing data points ○ E.g. your AWS cost explorer ◆ Invest in cost visibility ○ E.g. with Trusted Advisor (Business Plan +) ◆ Establish guardrails & provide transparency ○ E.g. budget alerts; stop instances ◆ Consider a DEV instance for AWS Organizations ○ Controlled testing of guardrails ◆ Measure & improve ○ Improve granularity → tags ○ Leverage automation, including IaC $
- 35. Thank you! Questions? We are hiring