AWS Cloud Operations & Migrations Blog

Category: AWS Cloud Financial Management

How Projects Can be Tracked on AWS to Increase Accountability and Reduce Cost

This post was co-authored by Amy McVey and Jarrod Lewis from AER As AWS usage within a business increases over time, it can become difficult to track the AWS resources that have been created (e.g. EC2 instances, S3 buckets) and who is responsible for them. This can lead to unnecessary costs from resources that are […]

Read More

Visualize application costs using AWS Service Catalog AppRegistry and Amazon QuickSight

In a previous blog post, we discussed how AWS Service Catalog AppRegistry lets you create a repository of your applications and associated resources. Then, you can define and manage your application metadata. This lets you understand the context of your applications and resources across your environments. This post will demonstrate how to utilize your application […]

Read More

Setting up an Amazon CloudWatch Billing Alarm to Proactively Monitor Estimated Charges

I’m pleased to announce the start of a multi-part series for CloudWatch Billing in which I will explore the techniques for proactively managing your AWS costs. This series kicks off with a walkthrough of setting up CloudWatch Billing Alarms from the AWS console. This walkthrough demonstrates how to enable Billing Alerts, create an Amazon CloudWatch […]

Read More

Control developer account costs with AWS CloudFormation and AWS Budgets

Often when working with customers, we guide them by using AWS Budgets and related tools in the AWS platform in order to create cost and utilization guardrails. These tools can be used to conduct advanced, automated, and hands-free actions within your AWS environment – even across multiple accounts. This post will walk you through a […]

Read More
How to manage cost overruns in your AWS multi-account environment – Part I

How to manage cost overruns in your AWS multi-account environment – Part 1

AWS provides a flexible and secure environment where you can experiment, innovate, and scale more quickly. As you build and deploy your workloads, you need mechanisms to isolate your resources (for example, a resource container). You can use multiple AWS accounts for this purpose. An AWS account provides natural security, access, and billing boundaries for […]

Read More
How to manage cost overruns in your AWS multi-account environment – Part II

How to manage cost overruns in your AWS multi-account environment – Part 2

In the first post of this two-part series, we showed you two approaches for preventing cost overruns in a centralized budget management pattern: Applying a restrictive service control policy (SCP) to an organizational unit (OU). Moving the account to another OU with restrictive SCPs. In this post, we share how you can prevent cost overruns […]

Read More
Feature Image for blog titled Using AWS Cost and Usage Reports and Cost Allocation Tags to understand VPC Flow Logs data ingestion costs in Amazon S3

Using AWS Cost and Usage Reports and Cost Allocation Tags to understand VPC Flow Logs data ingestion costs in Amazon S3

AWS customers enable the VPC Flow Logs feature in their accounts for security, governance, and auditing. They often have several teams who create VPC flow log subscriptions for their workloads and publish the data  to the same Amazon Simple Storage Service (Amazon S3) bucket as part of a centralized logging architecture. Customers need a way […]

Read More

Automating custom cost and usage tracking for member account owners in the AWS Migration Acceleration Program

This blog post was contributed by Kanishk Mahajan, AWS and Kalpana Roge, McAfee The AWS Migration Acceleration Program (MAP) is a cloud migration program that helps enterprises achieve business benefits by migrating existing workloads to Amazon Web Services. MAP provides consulting support, training, and credits on AWS services to reduce risk, build a strong operational […]

Read More
Figure 1: CloudTrail Process Flow

How to optimize AWS CloudTrail costs by using advanced event selectors

AWS CloudTrail can be used for security, monitoring restricted API calls, notification of threshold breaches, operational issues, filtering mechanisms for isolating data, faster root cause identification, and speedy resolution. CloudTrail can also be used for various compliance and governance controls, by helping you achieve compliance by logging API calls and changes to resources. Event selectors […]

Read More

Best practices for creating and managing sandbox accounts in AWS

Organizations use multiple environments, each with different security and compliance controls, as part of their deployment pipeline. Following the principle of least privilege, production environments have the most restrictive security and compliance controls. They tightly limit who can access the environment and which actions each user (or principal) can perform. Development and test environments also […]

Read More