Category: AWS Cloud Financial Management

This post was co-authored by Amy McVey and Jarrod Lewis from AER As AWS usage within a business increases over time, it can become difficult to track the AWS resources that have been created (e.g. EC2 instances, S3 buckets) and who is responsible for them. This can lead to unnecessary costs from resources that are […]

In a previous blog post, we discussed how AWS Service Catalog AppRegistry lets you create a repository of your applications and associated resources. Then, you can define and manage your application metadata. This lets you understand the context of your applications and resources across your environments. This post will demonstrate how to utilize your application […]

I’m pleased to announce the start of a multi-part series for CloudWatch Billing in which I will explore the techniques for proactively managing your AWS costs. This series kicks off with a walkthrough of setting up CloudWatch Billing Alarms from the AWS console. This walkthrough demonstrates how to enable Billing Alerts, create an Amazon CloudWatch […]

Often when working with customers, we guide them by using AWS Budgets and related tools in the AWS platform in order to create cost and utilization guardrails. These tools can be used to conduct advanced, automated, and hands-free actions within your AWS environment – even across multiple accounts. This post will walk you through a […]

AWS provides a flexible and secure environment where you can experiment, innovate, and scale more quickly. As you build and deploy your workloads, you need mechanisms to isolate your resources (for example, a resource container). You can use multiple AWS accounts for this purpose. An AWS account provides natural security, access, and billing boundaries for […]

In the first post of this two-part series, we showed you two approaches for preventing cost overruns in a centralized budget management pattern: Applying a restrictive service control policy (SCP) to an organizational unit (OU). Moving the account to another OU with restrictive SCPs. In this post, we share how you can prevent cost overruns […]

AWS customers enable the VPC Flow Logs feature in their accounts for security, governance, and auditing. They often have several teams who create VPC flow log subscriptions for their workloads and publish the data  to the same Amazon Simple Storage Service (Amazon S3) bucket as part of a centralized logging architecture. Customers need a way […]

This blog post was contributed by Kanishk Mahajan, AWS and Kalpana Roge, McAfee The AWS Migration Acceleration Program (MAP) is a cloud migration program that helps enterprises achieve business benefits by migrating existing workloads to Amazon Web Services. MAP provides consulting support, training, and credits on AWS services to reduce risk, build a strong operational […]

AWS CloudTrail can be used for security, monitoring restricted API calls, notification of threshold breaches, operational issues, filtering mechanisms for isolating data, faster root cause identification, and speedy resolution. CloudTrail can also be used for various compliance and governance controls, by helping you achieve compliance by logging API calls and changes to resources. Event selectors […]

Organizations use multiple environments, each with different security and compliance controls, as part of their deployment pipeline. Following the principle of least privilege, production environments have the most restrictive security and compliance controls. They tightly limit who can access the environment and which actions each user (or principal) can perform. Development and test environments also […]