Please enable JavaScript.
Coggle requires JavaScript to display documents.
🌐 16.AWS Account Management - Coggle Diagram
🌐 16.AWS Account Management
🔹
AWS Organizations
Global Service:
Manage multiple AWS accounts centrally.
Master Account:
Centralized control for billing/policies.
Cost Benefits:
Consolidated Billing:
One bill for all accounts.
Volume Discounts:
Aggregate usage across accounts.
Reserved Instance Sharing:
Pool for cost savings.
Security:
Restrict with
Service Control Policies (SCP).
🔹
Multi-Account Strategies
Approaches:
Department/Cost Center separation.
Dev/Test/Prod isolation.
Regulatory and resource isolation.
Benefits:
Security:
Separate logs and VPCs.
Cost Tracking:
Use tags for billing.
Logging Best Practice:
Enable
CloudTrail
across accounts.
Centralize
CloudWatch Logs
to one account.
🔹
Organizational Units (OU)
Purpose:
Group accounts by function.
Examples:
Business Unit:
Finance, HR, IT.
Environment:
Dev, Prod.
Project-Based:
Isolate by project.
🔹
Service Control Policies (SCP)
Definition:
Restrict actions at the account/OU level.
Key Features:
Whitelist/Blacklist:
Limit IAM actions.
Explicit Deny by Default.
Applied To:
Users, roles, root (except master account).
Use Cases:
Block Services:
Restrict EMR, DynamoDB, etc.
Compliance Enforcement:
Limit account permissions.
🔹
Consolidated Billing
Key Points:
One Bill:
Aggregated costs across accounts.
Shared Discounts:
Volume pricing applied.
RI Sharing:
Reserved Instances can be pooled.
Exceptions:
RI sharing can be disabled.
🔹
AWS Control Tower
Purpose:
Automates multi-account AWS setup.
Features:
Guardrails:
Enforce compliance.
Dashboard:
Monitor account governance.
Automated Account Setup.
🔹
AWS Resource Access Manager (RAM)
Definition:
Share AWS resources across accounts.
Examples:
Share VPC, Transit Gateway, and Subnets.
🔹
AWS Service Catalog
Purpose:
Self-service portal for deploying approved AWS resources.
Key Features:
Admins pre-define products (VMs, DBs, etc.).
Governance:
Control deployments by IAM.
🔹
AWS Pricing Models
Models:
Pay-as-you-go: Pay only for what you use.
Save When You Reserve: Reserved Instances (EC2, RDS) offer up to 75% savings.
Pay Less By Using More: More usage, lower unit price.
Pay Less as AWS Grows
Free Tier: Access free services (EC2, S3, EBS). Some services have time-limited free usage.
Savings Plans:
Commit to hourly usage (1-3 years).
Compute Savings Plan:
Flexible across EC2, Fargate, Lambda.
🔹
AWS Free Tier
Always Free:
IAM, VPC, Auto Scaling, CloudFormation.
12-Month Free Tier:
EC2 t2.micro (750 hours/month).
S3 (5 GB), RDS (750 hours/month), EBS (30 GB).
Usage Notes:
Charges apply beyond free limits.
🔹
AWS Savings Plans
Purpose:
Flexible pricing model for long-term AWS usage.
Types:
Compute Savings Plan:
Up to 66% discount on EC2, Fargate, and Lambda.
EC2 Savings Plan:
Up to 72% discount, specific to instance family/region.
Features:
Flexible across regions, OS, and tenancy.
1 or 3-year commitments with options: No upfront, Partial upfront, All upfront.
🔹
AWS Compute Optimizer
Purpose:
Recommends optimal AWS resources to reduce costs and improve performance.
Resources Analyzed:
EC2 instances, EBS volumes, Lambda functions.
Benefits:
Up to 25% cost reduction by right-sizing instances.
🔹
Cost Allocation Tags
Purpose:
Categorize and allocate AWS costs by tagging resources.
Types:
AWS-Generated Tags:
Prefixed with
aws:
(e.g.,
aws:createdBy
).
User-Defined Tags:
Custom tags for organizing resources.
Benefits:
Track costs by project, environment, or team.
Generate detailed cost and usage reports.
🔹
AWS Cost and Usage Reports (CUR)
Purpose:
Comprehensive billing dataset for deep cost analysis.
Details:
Lists AWS usage and costs across accounts.
Granularity: Hourly or daily.
Integration:
Analyze with Athena, Redshift, or QuickSight.
🔹
AWS Cost Explorer
Purpose:
Visualize, understand, and manage AWS costs over time.
Features:
Forecast future costs up to 12 months.
Filter by Service, Region, Tag, Linked Account.
View hourly, daily, or monthly cost granularity.
Simulate and plan for Savings Plans or Reserved Instances.
🔹
Billing Alarms (CloudWatch)
Purpose:
Monitor overall AWS spending using CloudWatch Alarms.
Details:
Stored in
us-east-1
region.
Tracks actual costs (not projected).
Sends SNS alerts when thresholds are exceeded.
🔹
AWS Budgets
Purpose:
Monitor and control AWS costs and usage.
Budget Types:
Usage Budgets:
Track service consumption (e.g., EC2 hours).
Cost Budgets:
Set limits on overall AWS spending.
RI Budgets:
Monitor Reserved Instance utilization.
Savings Plans Budgets:
Track savings plans adherence.
Features:
Filter by Service, Linked Account, Region, Tag.
Up to 5 SNS notifications per budget.
Two free budgets, $0.02/day for additional budgets.
🔹
AWS Cost Anomaly Detection
Purpose:
Detect unusual spending patterns using ML.
How it Works:
Monitors services, accounts, and tags.
Learns usage patterns and detects anomalies.
Sends SNS alerts when anomalies are detected.
🔹
AWS Service Quotas
Purpose:
Monitor service limits and request increases.
Features:
Set CloudWatch Alarms for quota thresholds.
Prevent service disruptions by tracking quotas.
🔹
AWS Trusted Advisor
Purpose:
Analyzes AWS environment for improvements.
Categories:
Cost Optimization
– Rightsizing recommendations.
Security
– Identify gaps in IAM, S3, etc.
Fault Tolerance
– High availability suggestions.
Performance
– Optimize AWS resources.
Service Limits
– Alerts when quotas are near limits.
🔹
Networking Costs in AWS
Region to Region:
$0.02 per GB for inter-region data transfer.
Within Same Region (Different AZs):
$0.01 per GB.
Within Same AZ:
Free if using private IP.
Best Practices:
Use private IPs within AZs to avoid charges.
Minimize cross-region transfers to reduce costs.
🔹
AWS Support Plans
Enterprise On-Ramp (24/7):
TAM, infrastructure event management.
< 30-minute response for critical issues.
Enterprise (24/7):
Designated TAM, 15-minute critical response.
Concierge Support Team.
Business:
24/7 chat, phone, and email support.
1-hour response for production down issues.
Developer:
Business-hour support.
General guidance in 24 hours.
🔹
AWS Billing and Cost Management – Summary
Pricing Calculator:
Estimate architecture costs.
Billing Dashboard:
Overview of monthly and overall spending.
Budgets:
Set cost limits and track adherence.
Cost Explorer:
Visualize and forecast AWS expenses.
Cost Anomaly Detection:
Alerts on irregular usage patterns.
Savings Plans:
Flexible long-term cost-saving strategies.
Cost and Usage Reports (CUR):
Comprehensive billing dataset for deep analysis.
CloudWatch Billing Alarms:
Real-time alerts on rising costs.
🔹
AWS Account Management Best Practices
Multi-Account Management:
Use Organizations for isolation.
Tagging:
Apply tags for billing and resource management.
SCP (Service Control Policies):
Restrict account actions.
Security:
Implement MFA, password policies, IAM least privilege.
Compliance:
Use Config and CloudTrail to audit configurations.
Billing Management:
Consolidate billing and monitor costs across accounts.