AWS Supports You - Establishing Your Centralized Cost Visibility

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hello i am padma malik arjunan i am an enterprise support manager at aws and i'm based out of austin texas welcome to aws supports you where we share best practices and troubleshooting tips from aws support joining me today is tony sanchez sabrina capricio and rob igerrada from aws can you give us a quick introduction let's start with you tony hi i'm tony and i am an aws organization optimization specialist based in madrid spain my role which happens to be also my passionate mission is to enable aws customers so they can manage and optimize their aws spend in the most safe sustainable and efficient way awesome and hi everyone my name is sabrina caparuccio i'm also an optimization specialist based out of detroit michigan and i support customers in understanding best practices for monitoring and optimizing spend on aws happy to be here and i'm ron pagarida i'm an enterprise support lead and technical account manager located in austin texas and i help customers routinely work on their cost optimization as well aws so i'm interested here to share some information and insights with y'all thank you for the introductions everyone and thanks for joining from across time zones everyone today we will be introducing you to some ways to centralize your cost visibility in aws we will specifically focus on best practices to visualize billing and costs using aws services before we get into the details a quick note to our attendees online please use the chat window on the right hand side of your screen to share your thoughts and ask your questions throughout the episode we look forward to hearing from you tony can you go just walk through what we are going to be talking about today absolutely thank you padma and hello everyone and thank you for watching so today we will cover the following topics we'll first take a look at how to set your constellated billing through aws organizations and how to create and allow users to see the organizations spent through identity access management or iam my colleague sabrina will take will then take the stage and drive you through the main features you can find in the aws console to manage your costs how to classify and tack costs to enable cost tracking and finally how to visualize your costs with aws cost explorer over the next three aws support u episodes will cover stages of half of the aws cloud financial management portfolio today today's focus will be on c stage where we'll review tools to deliver more actionable cost insights and optimization opportunities make sure to tune in to our upcoming webinars where we'll cover the remaining stages so without further ado let's kick it off with aws organizations now if you wonder how can aws support you in the event you have to manage a large number of accounts in aws well the answer is aws organizations this service allows you to create an organization which will provide you the tools to centrally govern and manage your cloud environment like easily create new or invite existing accounts or manage costs and identify cost saving measures for your whole organization there is no cost for using aws organizations you're just build for the services you're running on your accounts by creating an aws organization you enable the constellated billing so that the charges from multiple accounts are rolled up into one simple bill for the paying account constellated billing offers four primary benefits it provides one bill you get one bill for multiple accounts making management of payments more efficient it provides easy tracking of usage you can track the charges across multiple accounts and download the combined cost and usage data it provides volume discounts as your service spend grows and you reach volume disk and thresholds unit costs begin to decrease giving you a lower overall price whenever possible and there's no extra fees constellated billing is over it's offered at no additional cost for you now we have here our enterprise support lead rob and i would like to ask europe do you receive any common questions on bill consulated billing that you can share with us i'm sure so we get a lot of questions just overall like when customers are going to uh you know if they'll be able to get all of their sub accounts you know information like you mentioned by leveraging organizations that consolidate a billing it helps them get that single pane like look into their overall organizational spend so it's really handy for that uh being able to see it it's just in one place like you mentioned and helps them to really get that better picture painted of what they're spending across accounts so nice little perfect perfect thanks actually uh sabrina will also show the audience uh some of these features uh later in this in this session so now that you have your aws organization all set up and running let's talk about access and permissions let's now assume you have a member of your finance team to whom you want to provide access so that person can retrieve bills export calls and usage reports or set up a budget alarm whereas lack the ability to view or edit running resources well you can actually use iem to secure control access to aws resources you can create iim identities and attach iam policies to those identities to authorize what actions can be performed in aws when you first log in to your aws account you do that as a root user which provides you full access to all resources in the account for this reason it is a best practice to limit the root user credentials just to the account owner and use an iim user with appropriate permissions to perform tasks and access aws resources however there are specific tasks that are restricted to the aws account root user such as closing the account changing the email account name or password and modifying the support plan for all the tasks an iam user should be used like we mentioned earlier im users can be assigned aws managed policies that determine access permissions the administrator access policy grants you full access to services and resources whereas a billing access policy provides you a read-only capability of billing information let's recap then how can we delegate access to billing data as a prerequisite to delegate access to billing data first you have to have an iam user created and it has to be part of an iam user group as we will show you in the demo in just a minute other than that there are four simple steps step one activate iam access to billing data if you create a single aws account only the iws account owner the aws account root user has access to view and manage billing information iam users cannot access billing data until the root user activates iam access and also attaches policies that provide billing actions to the user or role if you create a member account using aws organizations this feature is enabled by default step 2 create an iam policy that grants permissions to billing data after enabling billing access on your account you must still explicitly grant access to billing data to specific iem users or user groups you can grant this access with an existing aws managed policy or create a customer managed policy step 3 attach billing policy to iam user group when you attach a policy to a user group all members of that user group receive the complete set of access permissions that are associated with that policy in this scenario you attach the new billing policies to user groups containing only those users who require doubling access and step 4 test access to the billing console after you've completed the core tasks you're ready to test the policy testing ensures that the policy works the way you want it to okay so with this conclude the first part of the presentation but before we jump on to a demo patma are there any questions from the audience hi tony thank you for the presentation uh yes we do have one question from the audience well thank you for your question ray underscore db222 now the question here is will this presentation cover the json editor how to use it and when i can take that one uh welcome back ray db282 um so we'll be covering in detail the json editor that falls a little bit more into some of the i am policies themselves creation but if you're wondering when to use the actual json editor it's when you really want to analyze and look at the details of something maybe that someone created with the visual editor if you're like me i like the nice visual editor and i am so that i can easily click um and you say like i'm gonna delegate s3 access to this thing or a specific you know i am policy to it i like the nice clicking point but if you want to go through and review what the policy actually looks like that would be a good chance when you'd actually use the json editor itself to be able to go back and review what your policy actually looks like okay thank you back to you thank you rob and thank you batman so uh as we discussed we're gonna show a demo of how to actually implement all these uh changes that we just uh and actions that we just described so i'm in my aws.com and i'm going to access today's console remember the first time you access you will do that as a real user because you just created your account let's type here the characters and our password and let's sign in perfect so now we are in the console and we're going to head up to aws organizations we can do that by recently visited services just by checking all services or we can use the search tool and just type organizations it will be there okay we're going to head to organizations and as we land here we can see that first option we have pretty clear create an organization so we're going to go ahead and create our first organization once the organization is created our uh root account or not the payer account the account we use to create the organization becomes the management account of the whole organization as you can see here you can see the organizational structure as you create or invite accounts they will show up in this structure and you can organize them as you wish so we're gonna show you how to add an aws account for that we just click on add an aws account and we'll see that there's two options you can create an aws account from scratch for that you need to give it a name you have to give it an email address that will become the root user of that account that you create and you just simply create account the other way is you're going to invite an existing account for that you need either the root user of that existing account so the email associated with that account or the 12 digit number of the account you can include your message as they will receive an email notifying that you want to invite them to your organization and once you are done you can click on send invitation good so let's now head to the iem service or identity access management you can search using the tool iem here we are and once you land here you'll see that you have different in the navigation panel you have these different options you have user groups users roles and policies so for the sake of simplicity let me zoom this in a little bit so you can see better again these are the options that you have what we're going to do now we're going to start with creating a group so we're going to go ahead create we're going to create that group and for b for sake of being [Music] simple as well let's name it aws billing group remember in this group we're going to add the users that will only have um access to the uh billing information right now we don't have any users so don't worry uh the next step will be to create those users and attach it to this group now we're gonna search for the policy that we want to apply to this user group and this is going to be billing which will provide them with the access that they require to perform all the tasks related to billing now that we have our group let's go ahead and create those users this new user can be a name or an email so we can call it poll or we can call just paul at your company.com or whatever is your company now remember that if you create a user and you provided an email address does not mean that we are going to send them any information it's just for purposes of signing into logging into the aws account so let's keep it simple let's call it paul let's give him some programmatic access and let's provide him a custom password make sure that they don't have to reset the password afterwards and let's go with the permissions now this is the part where we can provide the permissions to the users there's three ways of doing this and because we already created a group with the right permissions we're just gonna add this user to the existing group so we're going to provide them the task of add poll to the aws billing group now that we have paul created let's review the tasks we're going to add it to that group that's exactly what we want and let's do that okay we before we test this new iem user let's remember as we explained in the presentation that we need to go into our account so into my account section down to the iem user and roll access to the information and we need to make sure that it's activated if it if it's not remember by default it will not unless it's created the account through aws organizations fair enough let's copy the account number let's sign out and let's test this iem user so we're gonna log again but this time instead of using the root user let's use the iam user let's put out 12 digit aws id here we go let's let's write the iem username which was paul and the password that we provided let's sign in and fair enough as you will see if everything goes well let's head to the billing console and let's see if we have access and indeed as you can see we have all the access that this iem user needs so with that concludes the demo padma back to you thank you for that uh demo attorney i'm looking at the screen here we don't have any audience questions everyone please feel free to post your questions over here i do have a question for you though um can you uh talk about uh whether we can apply iam policies to an aws organizational unit and i can take that one um so yeah essentially so we have a different contract that we call a service control policy or an scp uh that starts with the openly permissive basically kind of not blocking everything kind of way to work through when you kind of set us people can do whatever they need in the account but with the benefit of an scp is you can apply that at an organization level or at your ou level for an organizational unit under your main board and allow you to give kind of granular access to control and limit access to services or regions and such so very handy additional construct that's available in the organization's uh feature set rather than just having the consolidated billing there's there's quite a bit more that you can do got it thank you rob and back to you call your serena awesome thanks tony thanks padman rob um hi everyone so um next up i'd like to cover the aws billing and cost management dashboard so the aws billing and cost management dashboard is the service for paying bills monitoring usage and analyzing and controlling costs you can take a look at the breakdown for past and current bills apply credits modify purchase orders um all which i'll go through in our demonstration after and the menu on the left-hand side contains several sections that can be grouped into three different topics so we have billing cost management and preferences and each section will be helpful as you navigate through your cloud journey three sections i'd like to take a deeper look at next are cost allocation tags cost categories and cost explorer but before we move on rob is there anything you'd like to add common things you're seeing customers doing on this page yeah so one of the other elements on this page there is our cost usage reports um so if you're not using cost and youtube reports they're really handy to be able to generate really detailed information about your aws spend and so if you've seen your bill and cost explorer you can see quite a bit of information but if you wanted to find resource level like information about an ec2 instance and how much data it sent out to another region or to the internet cost and usage reports can really help you dig into that so i always like to call it out here because it's a really uh detailed feature that's available to your aws building absolutely and if you are interested in learning more about the cost and usage reports we are holding another webinar in two weeks so that's october monday october 18th titled monitoring your cost management health so if you are interested in learning a bit more about what rob mentioned we will be reviewing that in a bit closer detail two weeks from now great so um moving on to cost allocation tags so a tag is a label that you or aws assigns to an aws resource each tag consists of a key and an optional value and a key can have more than one value you can use tabs to organize your resources and activate specific tags for cost allocation to track your aws costs on a detailed level after you activate cost allocation tags aws uses those tags to organize your resource costs to make it easier for you to categorize and track spend aws provides two different types of cost allocation tags so there's aws generated tags and then user-defined tags aws will define create and apply the aws generated tags for you whereas you would be the one to define create and apply the user-defined tags you must activate both types of tags separately before they can appear in any uh sort of like report or cost explorer common cost allocation tags include tags for a specific application project call center or user now that we've covered cost allocation tags let's take a closer look at cost categories so you can use aws cost categories to map your cost and usage information to your unique internal business structures aws cost categories enable users to define category rules to group costs using multiple billing dimensions such as accounts services and tags for example if you wanted to track spend for an application across development and production environments you could group those aws accounts into a single cost category after defining category rules the system will organize your costs starting at the beginning of the month if you create or update your cost category in the middle of the month it retroactively takes effect on cost and usage from the beginning of the month you can visualize and monitor spend by viewing these categories in aws cost explorer which we'll take a look at now but before we do so um rob can you shed some light on the benefits of creating cost categories based on your experience with customers yeah thanks sabrina uh so yeah definitely being able to tag i always tell customers tag all the things that they can uh because being able to build something like a chargeback model for your organization because you have everything consolidated into your one bill if you want to be able to build and shed some transparency and light into a specific workload and how it's consuming your costs if you can leverage these tags and cost categories will really help you to do so uh so you can say you know decide specifically what account like or what workload is taking up a majority of your spend in a month so if you want to start building that chargeback model to make sure that they forecast their budgets appropriately we'll cover some other features i think in one of the future shows about like setting up budgets and tagging can help with that so having these different items in there is really what helps my customers be able to get that detailed granularity and visibility that they need to really you know help manage their aws spend absolutely thanks rob um so moving on now to cost explorer so aws cost explorer has an easy to use interface that lets you to visualize understand and manage your aws costs and usage over time so cost explorer provides pre-configured views that display at a glance information about your cost trends and give you a head start on customizing views that suit your needs you can view data both in a graph and a chart for up to the last 12 months and also forecast how much you're likely to spend for the next three or 12 months you can use cost explorer to identify areas that need further inquiry and see trends that you can use to understand your costs in cost explorer you have the ability to group and filter data change the time range and granularity and even save reports now that we've covered the billing and cost management dashboard cost allocation tags cost categories and cost explorer i'd like to run through a demo of how those different offerings would look in the console but before we do that rob is there anything on your end you'd like to add i think you'll see you know as sabrina gets into showing some things in cost explorer there's a lot to it a lot of different filters that you can apply a lot of different ways that you can kind of get a different visualization and if you have enterprise support like definitely don't hesitate to reach out to your technical account manager uh because they'd be happy to walk you through some of the common ways that we uh analyze spend using cost explorer because it is a tool that we use a lot to also help get some visibility into our customer spend so definitely don't read don't hesitate to reach out to your tam to get some assistance on some of our kind of common filters that we use thanks brian thank you and padmas or anything before we move on um questions from the audience there is one question from the audience that just came in thank you for your question rella cheji can you talk about the differences between what you presented right now on the cost explorer and how it is different from aws budgets uh i could take that one as well uh so slight difference between the two of them right cost explorer is going to be your way to visualize live spend within your account that you can use and budgets are going to help you to say build reports that you can leverage within your teams to understand cost set up budget alerts and i think we have an episode that's going to cover that a lot more in depth as well coming up uh but overall we've got a plethora of say of different features that you can leverage within budgets to give you uh insights notifications say on forecasting uh for your say growth on ec2 if you anticipated like three percent growth per month you could put that in and get different alerts on it so uh it's very helpful but different because it's more of a reporting mechanism than necessarily a live view of your spend got it thank you rob and that's all the questions from the audience back to you sabrina awesome thank you so with that we can jump into a demo um showcasing those different offerings i mentioned in the second half of the presentation yeah let's give it a minute it's loaded right yep okay in the meantime uh feel free to post your questions uh everyone uh we have our experts tony sabrina and rob to answer those as well um and as far as the uh episodes that are coming up i will be sure to post the landing page so you can follow and you know what our future episodes are and you can join them so when we are waiting for sabrina to bring up the demo um rob can you cover a little bit about we talked about uh aws bills right uh there are several ways to receive the aws bills can you talk a little bit about how can we get the bill emailed to us yeah absolutely um so by default when you set up the actual aws account and you have your billing it's just going to go to that email address for your account but say you wanted to have it also additionally sent to uh like your finance team that's going to actually take care of some of the bill uh you can go through and actually leverage uh alternate contacts within it and when you set up an alternate contact you can have it enabled so that it will send a pdf email to that distribution list as well and that way you can actually get your aws monthly build to you uh to be able to you know easily be able to send it to like i said your finance team or for you to digest it yourself in that pdf format got it thank you so much for that rob sabrina great awesome so we have um the aws management console here so to walk through we're just going to go to the search bar and type in billing and you'll just select the first option there that'll take you to the billing and cost management dashboard so you can see that panel on the left hand side that i mentioned we'll start by going to the bills section on the left and you can see here there are a couple different ways to view your bill but to start we'll do the drop down you can select the current month spill or a prior month then with that there are two different views so there's bill details by service or bill details by account and the bill details by service is going to show a breakdown of every aws service that is running um so if you wanted to see the charge there you could click into it we'll look at the ec2 here click into the region and with that you'll see the rate for the service then the quantity and then multiplied together is going to give you the charge on your bill there is an expand all button so if you wanted to click that all that's going to do is it's going to click on the drop downs for all the different services and all the regions running so next we'll take a look at bill details by account so this is for if you had set up you know aws organizations you had more than one account and you wanted to see what the bill was for that specific account you would go to bill details by account and then once you click into the account it's going to do the same thing as the bill details by service it'll have the list of the different services which you can click into so use the drop down select the region and then you'll see the rate quantity and charge so with that we'll move on to payments so the payments section has four different tabs at the top payment stew is where you'll have anything any current bills that are due unapplied funds is when you would see if you had any credit memos or funds to be applied they would be shown here transactions is going to be a really important tab to view if you wanted to take a look at prior statements um so you can see here if we scroll down and to the right here you'll see the amount per billing period and you can actually click in and download the specific prior invoices if you'd like moving on to advanced pay so this is an optional field but if you wanted to add funds to be allocated to future invoices you would register and apply the funds here moving on to credits um so if you had any credits from aws you wanted to apply the credit code you would redeem the credit um either at the button at the bottom right there or at the upper right just clicking into redeem credit and then taking a look at purchase orders so if you had a specific po number purchase order number that you wanted on your invoice you could just add the purchase order there and you can see in this account i have a couple that are active and also one that's expired so purchase orders do have an optional expiration date so if you wanted a po number to end at a certain time you can specify that here as well so moving on next thing i next topic i covered was cost allocation tags so we'll just click into that on the left and here you can see there are user-defined cost allocation tags and aws generated cost allocation tags um and with both types of tags they need to be activated so to activate you would select the check box and click activate and same thing if you had active tags that you no longer wish to use you would just select them and then click deactivate and then same exact process for aws generated just select what you wanted to either activate or deactivate and then click the box in the upper right hand side so that's how cost allocation tags work moving on here to cost categories so to create a cost category you would just select create cost category orange button you would name your cost category we'll just call this one webinar for example seek and then you'll click next this is where you would define category rules so um adding the different characteristics here adding the dimensions adding the rules everything that you wanted in terms of characteristics for the cost category you would just enter the information on this page and then scroll to the bottom and just hit next um i'll cancel it for right now but that's how you would go ahead and create the cost category and then um the last piece i touched on was cost explorer so same page we're just going to go to the left hand side here and click click cost explorer and then you're going to select the orange button to launch cost explorer now if this is the first time that you have accessed or tried accessing cost explorer it is going to take about 24 hours just to have all that information and data propagate through the system so just be aware of that and then once you're here we're going to go back into cost explorer on the left click there and then this is where you can see that cost explorer page so you can see here there's the group by section at the top and that's going to break down the information and then we also have the filter area on the right that's going to limit the information that's in view so you can see you have the the graph here at the top showing a spend month over month and then you have the chart at the bottom that contains the spend that's associated with the usage and also the graph at the top um so scrolling back up here um you can use the drop down here to specify a certain time period um so if you wanted you could use the auto select option if you wanted you know three months six months um something that's already pre-configured for a time frame or you can select a specific custom time frame and hit apply perfect so now here you can see um we can change the granularity so right now we were looking at monthly and we can change that to daily to see what it would look like for that week each day in terms of spend awesome and then um scroll down you can see um the different uh services because that's what we're grouped by i'm gonna cancel that by clicking the x here and here you can see this is just to spend each day and then now if i go in and add a filter ec2 for example we'll just type it in click the check box and hit apply now this is going to show every day the ec2 instance spends it's going to limit your view to just seeing ec2 you can see it's roughly 3.50 cents per day now i can go in and actually select group by instance type so now we have um over the past week um we have this the filter by instance type and then the group excuse me the filter by service ec2 instance and then we have the group by for instance type so you can use both filters and group eyes in order to kind of narrow down the information to your specific view you can see that information there you can see you know each instance how much the charges are for that specific day and that's all also in that chart below so one thing you can do as well is the save button in the upper left if you liked a specific view you had the filters group as that you liked you could title the report and then hit save and then it'll be available to view later in that report section on the left yep and then finally um last piece i'd like to uh to touch on is that we do have a show forecasted values section in the lower uh right hand side of the screen so that's selected right now so now if i go on up and i select a different time frame something in the future um you know farther out than the current day um and then hit apply you'll get a pop-up box you'll just select okay for that and all that's saying is that now it's taking a look at the spend in the in the past and it's making a estimated forecast for what your spend would be in the future so another neat feature part of cost explorer if you're looking to get an estimation on forecasted spend in your account so with that that concludes our demo um we can i guess we'll we'll pause um if there's anything rob you'd like to add or padma questions uh from viewers we can we can take a look at that now we don't have any questions from the viewers so everyone please feel free to post questions here for us back to you sabrina perfect thank you padma [Music] just a sec you can add as we're like going back to the deck itself what sabrina was showing in that cost explorer view she had that great filter that showed by per instance type um that view there's really helpful for multiple things you can do it for ec2 and rds instances and see the instance type so if you're going to leverage things like reserved instances or savings plans and you want to get an idea like if you're doing an ec2 like savings plan you can actually use that to see exactly where your usage is on what you're going to make purchases so it's a helpful way to view and see some additional insights and information if you're trying to plan out what you're going to do for reserved instances or savings plans as well great point thanks rob um awesome so um moving on um finally we have uh put together a checklist with best practices to follow based on the topics that were mentioned throughout this webinar so first up some some actions based on the topics that tony covered would be to set up consolidated billing by creating that aws organization activating im access to billing and the cost management console creating user groups and then attaching billing policies for those and then finally creating i am users to then add into the i am user group for billing um and then moving on to my half of the presentation that i had just covered some recommended best practices would be to activate tags for cost allocation and then create cost categories to customize spend tracking go ahead and enable cost explorer so that way you can be able to visualize your costs go in and you know use different group eyes or filters to create views that really support you and you know understanding your bill and your charges and then finally finally just creating a report saving it getting some practice there would be a recommended best practice um so with that um just want to say thank you so much for attending our webinar on establishing your centralized cost visibility we hope you found this to be helpful and if you have any additional questions or would like to set up time with your specific optimization specialist to you know talk through any of these topics in greater detail or answer any questions you may have feel free to email aws supports you at amazon.com and also just wanted to put a reminder out there that we do have our next session one week from today so that's uh monday october 11th and in that session we will review how to minimize your storage and compute costs um so if you're interested feel free to tune in um and thanks again padma back to you thank you sabrina uh that brings us to the end of today's uh presentation uh so before we go uh rob anything else you want to add i know so primarily we covered a lot of different great information on cost explorer the cost categories um and everything and really just recommend like said before tag those resources that you can get this additional granularity to your visibility so you can build out those cost categories and then have different ways to view things uh one i think we didn't cover in cost explorer is we showed the chart that was down below there but that chart if you saw there's a download csv button so if you're spread like a spreadsheet junkie and you like to look at spreadsheets and data to be able to manipulate your own way you can actually download that csv of whatever you filter by uh since you can add like create your own charts if you want to as well so there's some additional things that are kind of there um so i mentioned before if you have questions you can definitely reach out to your tam um because we can help out with uh getting you there and also bringing some of the cost optimization special sex arena and tony as well to help all right thank you also everyone today we looked at best practices to visualize billing and costs using aws services if there are questions that were not answered today you can post them on forums.aws.amazon.com or email us send us any feedback to aws supports you at amazon.com we look forward to hearing from you tell us what else you would like to see on this show thank you for joining us today at aws supports you and happy cloud computing thank you welcome you know thank you you

Info

Channel: Amazon Web Services

Views: 833

Rating: 5 out of 5

Keywords: AWS, Amazon Web Services, Cloud, AWS Cloud, Cloud Computing, Amazon AWS

Id: yistc5tOWvk

Channel Id: undefined

Length: 44min 31sec (2671 seconds)

Published: Mon Oct 04 2021