A good FinOps approach helps to manage cloud economics and avoid cost surprises. Putting the wrong guardrails in place will slow down the development process and put your business at risk. On the other hand, having no controls in place is a guaranteed cost shock. During this presentation, Gerald from Cuscal Payments will discuss how you can find the right balance in AWS for your organisation.
5. 5
Software Development Life-cycle: Iterative
◆ Plan
◆ Design
◆ Implement
◆ Test
◆ Deploy
◆ Maintain
Source: https://aws.amazon.com/what-is/sdlc/
6. 6
SDLC & FinOps relevant AWS Services
Plan & Design Implement & Test Deploy Maintain & Improve
AWS Pricing Calculator Tagging AWS Organizations AWS Config
AWS Budget + Alerts Cost Allocation Tags SCPs AWS Cost Explorer
AWS Savings Plan Tag Policies Trusted Advisor
Cost Anomaly Detection
Rightsizing Rec.
7. 7
How to Get Started?
◆ Identify existing data points
○ E.g. your AWS invoice
◆ Identify cost inefficiencies
○ E.g. with Trusted Advisor
○ E.g. AWS Config
◆ Implement guardrails
○ E.g. budget alerts
○ Third party tools
◆ Measure & improve
○ E.g. improve granularity → tags
$
14. 14
AWS Budgets - Budget Types
◆ Fixed
○ Same amount every period
◆ Planned
○ Budget amount for up to
12 months or 4 quarters.
◆ Auto-adjusting
○ Dynamic amount based on history
More info:
https://docs.aws.amazon.com/cost-management/latest/userguide/budget-methods.html
15. 15
Savings Plan
◆ Types:
○ Compute
○ EC2
○ SageMaker
◆ Limitation:
● Refresh up tp to three
times/day for consolidated
billing
17. 17
Tags - Resource Level
◆ Meta data for AWS resources
○ E.g. costcentre
○ CloudFormation
○ Terraform
◆ Syntax example - YAML:
Tags:
- Key: "keyname1"
Value: "value1"
- Key: "keyname2"
Value: "value2"
18. 18
Cost Allocation Tags - Billing Console
◆ Activate tags for cost allocation
○ Not all tags are useful for
billing
◆ Related Services:
○ Tag Editor
○ Resource Groups
19. 19
Tag Policies - AWS Organizations
◆ Tag enforcement
○ E.g. list of values
◆ Target definition:
○ E.g. OU-level
21. 21
AWS Organizations & Guardrails
◆ Preventive guardrails:
Service Control Policies (SCPs)
◆ Detective guardrails:
AWS Config
22. 22
AWS Service Control Policy (SCP)
What are SCPs?
◆ SCPs do not grant permissions
to users, but
◆ Make sure certain actions
cannot be performed within a
given scope,
e.g. a region or OU
◆ Fine-grained permissions are
possible for AWS resources
Cost control use cases
◆ Enforce tagging
→ Cost break-down
◆ Enforce smaller instances in
development / test
◆ Deny certain resource types
Examples:
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policie
s_scps_examples.html
23. 23
SCP - Limit instance type
◆ Preventive guardrails:
Service Control Policies (SCPs)
◆ Detective guardrails:
AWS Config
34. 34
Key Takeaways
◆ Leverage existing data points
○ E.g. your AWS cost explorer
◆ Invest in cost visibility
○ E.g. with Trusted Advisor (Business Plan +)
◆ Establish guardrails & provide transparency
○ E.g. budget alerts; stop instances
◆ Consider a DEV instance for AWS Organizations
○ Controlled testing of guardrails
◆ Measure & improve
○ Improve granularity → tags
○ Leverage automation, including IaC
$