Gartner estimates a 70% overspend on cloud resources by organizations who do not have a defined plan for cloud cost management. While cloud brings lower Total Cost of Ownership (TCO), an effective billing management and cost control mechanism is required to make sure you only pay for what you need, and it also empowers your team to experiment and scale up development without being chained to the unnecessary cost constraint. We recommend setting up your own cost control systems by focusing four main components: 1) granting the right permissions to users, 2) budgeting your spend with custom thresholds, 3) monitoring and analyzing how your cost progresses towards limits, and 4) take actions to reduce the unintentional cost.
User permission policies can be configured using AWS Identity and Access Management (IAM) at both the identity-based level and resource-based level. With identity-based policies, you define permissions to access certain resources or perform actions for an IAM entity, e.g. user, group, or role. With resource-based policies, you define for each service who can access that specific resource. Review the list of AWS services that work with AWS IAM. In addition, if you are managing permissions for organization units (OU) and accounts in your organization, you can consider using Service Control Policies (SCPs) to set limits for the identity-based permissions you have set.
Another way of governing user permissions is to pre-approve services for your users through AWS Service Catalog. As administrators, you will select and provision the services that are commonly used by your teams, so they can search and launch services on their own. and you can define the granular access control to Service Catalog for your administrators and end users.
The dynamic nature of cloud resources adds complexity to spend planning. However, you should still set expectations and quantify these expectations into budget limits, so you can keep your spend within a range and assess the accuracy of your forecasting and adjust if necessary. You can review your overall spend and configure billing and payment preferences in AWS Billing Console. Some customers use AWS CloudWatch Billing Alarm and be alerted when their bills go over the estimated charges. AWS Budgets provides the ability to create budget thresholds with granularity, such as service, linked account, region, cost allocation tags, Cost Categories, and forecasts your cost and usage amount so you can be more proactive in responding to potential cost overage. And starting Oct.15, you can now use AWS Budgets for free. You can create four types of budgets to track your AWS costs, usage, Reserved Instances, and Savings Plans.
Depending on how involved and frequently you plan to monitor your cost, you can choose to view the AWS Budgets variance metrics (current vs. budgeted, forecasted vs. budgeted) and understand how your cost and usage are trending towards the limits, or how your RI and Savings Plans’ utilization and coverage are performing against your efficiency targets. You can also schedule to receive regular Budget Reports at the cadence of daily, weekly, and monthly, without needing to log into your console. AWS Budgets also allow you to configure alert notifications, so you stay informed if any of your budget types falls out of your pre-configured thresholds. You can also build your own reports with Cost Intelligence Dashboard, a QuickSight solution built by AWS Solutions Architects, and compare your budgets with the actual cost and usage.
Sometimes costs can vary from expectations but may be well within your Budgets, and it is important to catch those early. With AWS Cost Anomaly Detection, we will investigate your spend trend, compare what you spent versus what was expected, and send you anomalous alerts with root cause analysis, so you can narrow down your analysis to specific accounts, service, regions, etc.
When your cost and usage go above the budget limit, you can use AWS Cost Explorer or AWS Cost & Usage Reports to understand the top cost drivers, e.g. services, region, business units via categories or tags, and evaluate whether these are necessary costs. When your RI and Savings Plans’ utilization rate drops below the target, you can access whether you’ve made the right commitment and may consider dialing it back if necessary, or if your coverage rate drops below the target, you may want to purchase additional RI or Savings Plans, so that you don’t leave money on the table.
The recent launch of AWS Budget Actions allows you to pre-configure actions that can trigger the implementation of IAM or SCP policies, or stop target EC2 or RDS running instances in your account. Depending on whether your Budget Actions require workflow approval or not, you will receive a notification about the execution of the action, or a pending action for you to approve on the Budget details page.
Take control of your costs and leverage AWS resources to set up the right guardrails and monitoring systems, get the insights you need to terminate activities that incurred your unnecessary cost.