Learn about the tools for service cost control.
- [Instructor] In this section, we're going to take a look at Core AWS Tools for Service Cost Control. We've seen some of them already. We looked at AWS Organizations, which, among other things, allows for consolidated billing across multiple AWS accounts and is super useful in many production situations where you have separate accounts for DevTest and Prog for example. We also looked at AWS Trusted Advisor, which provides recommendations to reduce costs and it has two levels, a free level and a premium level associated with a premium service account.
The core service that we're going to add to this mix is looking at the AWS billing dashboard. It provides detailed information about service costs. So here is a view of an AWS Billing Dashboard main screen. Lots of information, very useful, and lots of drilled on information. So we'll be quickly heading over to the console but just to take a look here you can see that you got your Spend Summary for the current month, the previous month and the forecast.
You have a Month-to-Date Spend by Service with the top spend services being shown in a graph and also numerically. And then you have a number of other options. So you're probably eager to take a look at this in the console so let's go over there. So you may remember that we're logged in with an administrator account that is not the root account and you're going to be maybe a little bit surprised when we try to access the billing information, but I'll show you what is the default here because I get a lot of questions from people about this.
So if I click on My Billing Dashboard and before I even do that, just let me go over to IAM and show you, in case you've forgotten or you haven't watched this, that the user that we're logged in as, which is admin1, is part of the admins group, and if we go to the admins group, we have Administrator Access which has full control in our account. Or does it? So if we close out of here, and we go back, and we go to the admin1 and we go to My Billing Dashboard we get an IAM Access Denied and you might say, "Well this is just really confusing, "because don't I have access to everything? "And am I not supposed to be using the root account? "And how does this really work?" So notice it's telling you what to do here.
You don't have permission to access billing on this account, contact your AWS administrator if you need help. This might be confusing to you because you're going to say, "I am the AWS administrator." So here it tells you if you are the administrator you can provide permissions for users or groups for making sure that this account allows IAM and federated users to access billing information and you have the required permissions. So this is by design. The thinking is that you will have basically the equivalent of a network admin, it's the Amazon admin, if you will, and then you will have a separate account that has billing control.
And the idea is checks and balances that you're going to have one person or one group in charge of service allocation and allotment and provisioning and another group in charge of cost control. And this really is the best practice. So by default, even though you have full control on the Amazon account, you have to explicitly enable permission to access billing information for any non-root user. Now of course if I sign out and I sign back into the console and I want to sign in as root then of course I have access to everything.
I can see the Billing and Cost Management Dashboard. Although I'm going to continue on just for the purposes of time as root, I will tell you that the best practice is of course to assign the permissions as linked on that previous console to a non-administrator account, so separate out a Billing Administrator from a Service Administrator.
- Security and governance approaches
- Service cost predictability
- Protecting data in-flight and at-rest
- IAM best practices
- Security via AWS Inspector, AWS Trusted Advisor, and AWS KMS
- Console tools for cost control
- Total service costs for AWS
- Using the AWS billing dashboard
- Third-party security and governance tools
- Approaches to security and cost control