Blog AWS Financial Management Cloud Enablement
Last updated on February 4th, 2023 at 2:47pm
Amazon Web Services (AWS) is the largest cloud provider by market share in the world. With over 200 fully featured services, extensive global cloud infrastructure, and millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies - there is little surprise that AWS was named a Magic Quadrant Leader for Cloud Infrastructure & Platform Services.
Like many cloud providers, AWS offers a “pay-as-you-go” approach for pricing on most of their cloud services. This provides flexibility for customers because you only pay for the individual services you need for as long as you use them. It also avoids long-term contracts or complex licensing agreements. It is similar to how you pay for utilities like water or electricity.
This model is excellent because it lowers the barrier to entry for companies of any size to begin building and innovating on AWS. The risk to many organizations is that without proper mechanisms in place, it can be difficult to predict your AWS costs and adhere to set budgets. We’re going to look at several ways to prevent exceeding your budget or getting hit with a surprise bill you didn’t expect.
How to Prevent Overspend Using AWS Native Tools
AWS has several means to prevent overspending your budget by using AWS Budgets and Amazon CloudWatch, namely billing alerts and billing alarms.
AWS Billing Alerts
AWS Budgets allows you to configure billing alerts. Billing alerts will enable you to set up an alert to be notified automatically via e-mail when estimated charges reach your chosen threshold. You will also need to meet specific requirements regarding permissions and conditions, like being signed in using account root user credentials or as an IAM user that has been given permission to view billing information. You can read the full list of required conditions from AWS.
To enable billing alerts:
- Open the AWS Billing console at https://console.aws.amazon.com...
- In the navigation pane, choose Billing Preferences.
- Choose Receive Billing Alerts.
- Choose Save preferences.
AWS Billing Alarms
Amazon CloudWatch enables you to be more proactive in monitoring your cloud spend via billing alarms. While more complicated to configure, billing alarms can be much more granular in the conditions for triggering a notification. For example, billing alarms can be set to a static value as a threshold, or you can set a band as a threshold to monitor for abnormal spikes in estimated AWS charges. Get a detailed walkthrough of using Amazon CloudWatch for billing alarms.
Here’s a brief overview for a simple billing alarm:
- Open the CloudWatch console at https://console.aws.amazon.com...
- If necessary, change the Region to US East (N. Virginia). Billing metric data is stored in this region and reflects worldwide charges.
- In the navigation pane, choose Alarms, Create Alarm.
- Choose Select metric, Billing, Total Estimated Charge.
- If you don't see Billing or the Total Estimated Charge metric, you might need to enable billing alerts.
- Select the checkbox next to Estimated Charges and choose Select metric.
- in the 'Whenever my total AWS charges for the month exceed' field, specify the monetary amount (for example, 200) that must be exceeded to trigger the alarm and send an email notification. Then choose Next.
- For 'send a notification to', do one of the following:
- Choose Select an existing SNS topic and then select the topic to notify under Send a notification to.
- Choose Create a new topic and then type a name for the new SNS topic and enter the email addresses that are to receive the notifications. Separate the email names with commas.
- Choose Create Alarm.
AWS Free Tier Usage Alerts
AWS Free Tier Usage Alerts leverage AWS Budgets to send alerts. AWS Budgets automatically notifies you via email when you exceed 85% of your Free Tier limit for each service. For additional tracking, you can set up AWS Budgets to track your usage to 100%of the Free Tier limit for each service. By default, AWS sends an email to the email address you used to create your account.
To change the email address for AWS Free Tier Usage Alerts:
- Sign in to the AWS Management Console and open the Billing console at https://console.aws.amazon.com...
- Under Preferences in the navigation pane, choose Billing preferences.
- Under Cost Management Preferences, under Receive AWS Free Tier Usage Alerts in the Email Address dialog box, enter the email address where you want to receive the usage alerts.
- Scroll to the end of the page and choose Save preferences.
When properly configured, you will receive an email notification like this:
Using Kion’s Proactive Financial Enforcement Actions
The native services offered by the cloud service providers are excellent for monitoring cloud spend and alerting potential overages, but sometimes alerts aren't enough. Many organizations want to automatically enforce budget limits by preventing excess spending in the first place. This is exactly what Kion provides via financial enforcement actions. Financial enforcement actions are configurable actions you can set on a funding source, project, or OU when a spending threshold is surpassed. This spending threshold is determined by triggers and events you can customize at each level.
While you can set enforcement actions at the funding source level, we recommend setting enforcements at the project level for more granular control.
Financial enforcement actions are made up of the following customizable variables:
- Enforcement Type allows you to select whether the enforcement applies at the project/OU level or the service level.
- Triggers determine the time and funds spent/remaining that will set off the action. Triggers include the Timeframe for measurement, the Spend Option (to specify the trigger based on Spend, Remaining, or Spend Rate), a dollar or percentage value, and, if you selected Service Enforcement, the Service to which the enforcement applies.
- Events are the actions you want to occur when a trigger's conditions are met.
- Notifications allow you to select which users and groups will be notified when a financial enforcement action is triggered.
To add a financial enforcement action to a project:
- In the left navigation menu, click Projects > All Projects.
- Click the name of the project to which you would like to add a financial enforcement action.
- Click the Enforcements tab.
- Click Add.
- Select Project to apply an enforcement based on the project as a whole, or Service to apply an enforcement based on the value of a single cloud service.
- Select a timeframe to determine the length of time that is taken into account by the enforcement.
- If you selected Enforcement Type: Service, select the Service to monitor.
- If you selected Enforcement Type: Project, choose what to monitor.
- In the Amount dropdown, enter a specific amount to use as a threshold, or select Last month's spend to use the total spend for the previous month.
- Under Events, select a cloud rule to run when the enforcement is triggered.
- Set the Overburn toggle to ON to add a badge to the OU when the trigger's conditions are met.
- Select any users and user groups to notify when the enforcement is triggered.
- (Optional) Enter a description.
- Click Save.
More Than Financial Enforcements
Proactively preventing going over budget or rogue spending spikes is a vital part of operating in AWS, but it isn't the only way Kion can help you. Kion is the best way to establish and scale a well-governed, multi-account AWS environment and is the only single platform for complete management and governance of AWS.
Automation & Orchestration tools make configuring financial, security, and compliance guardrails across multiple accounts easy and reduce what usually takes weeks of manual configuration to hours.
Financial Management features help you visualize your AWS spend and understand where and why money is being spent. Also, you can receive recommendations for rightsizing resources and identifying zombie instances to stop wasting your cloud spend.
Kion’s Continuous Compliance engine gives real-time visibility into your compliance posture, even as your environment changes, and provides easy-to-use jumpstarts, mapped to popular compliance frameworks to help you get and stay secure and compliant faster.
If you would like to see the best single platform for establishing and scaling a well-governed, multi-account AWS environment or understand how Kion would work for your specific use case, you can see a live demo from a cloud engineer by registering here.