By Mark Studer and Shaun Titus
If you missed Part 1 or Part 2 of our 3-part series for developers and IT professionals where we discussed the many challenges as well as the solutions, you can go back to read them here:
>> Part 1: Challenges
>> Part 2: Solutions
For our final blog post, we’ll discuss the benefits of a multi-account approach and why it’s important.
Benefits for a Multi-Account Approach
Security:
- Instant provisioning/deprovisioning
- No non-service account IAM users!
- Multi-factor for CLI
- User level auditing with generic roles
- AWS account Isolation
Streamlined Management:
- Use groups to provide AWS access
- Multiple account access via single group
- Distributed permissions assignments (by AWS account owners)
- Eases the burden on IT
Cost Transparency:
Cost transparency makes it easy to see which accounts are spending money.
Budgets
For budgeting, we have implemented a delegated ownership model with a centralized view. That means each of the teams are responsible for tracking their spending and budgeting for increases as needed. In addition, we have a centralized view of all spend and can easily see if teams are on track based on their budgets and follow up with them as needed.
The key to implementing this is providing the tools to the teams to easily monitor and track their spend. To help, we used a few out-of-the-box capabilities from AWS. First, we use cost categories to automatically roll up our accounts into projects, teams and departments. This allows users to track on a single number and then dive into the details as needed. We also provided the owners read access to the billing and management tools so they can see their budgets and explore their costs as well as anomaly detection, budgets, reports and alerts.
Cost Savings Opportunities
When we rolled out this new architecture a few years back and moved to the distributed team model, we ended up cutting our AWS bill in half over a couple of months. If you have cost-conscious employees, they care about waste but without the tooling they may not even know if there is a problem. With the extra tooling in place, it is easy to spot the problem areas and quickly address issues. In addition, simple automations provided from the centralized IT organization around scheduled EC2 shutdowns for development, test and support accounts leveraging tagging helped trim any remaining waste.
Lastly, we have reservations and savings plans. If you have a large AWS bill, we recommend that you look hard at these options. Even with distributed accounts, you can purchase the agreements in your parent account and automatically apply them to all the sub-accounts, as necessary. Using amortized billing metrics in AWS you can still assign those costs to the specific account based on usage while allowing you to manage those agreements centrally.
Summary
Our goal was to give you an behind the scenes view into managing AWS at scale. We looked at the common challenges, questions to identify these problems and then how to solve these problems, based on our experiences. At the end of the day, AWS offers tremendous scalability, versatility, security and cost-savings.
Click here to watch the webinar on-demand.
