AWS FinOps Best Practices – Cost Control and Governance at Scale

In the YouTube video Cost Control and Governance at Scale Bina Khimani, Global Business Leader for AWS Insights, explains and demonstrates some AWS tools that will help you optimize your cloud spend.

She is joined by Katelyn Decraene, Senior Cloud Finance Manager for Morningstar, who takes us through the company’s journey in establishing the cost control and governance while growing their business in AWS.

This article will walk through the tools and practices that will help you optimize and manage your cloud spend.

Governance and Control

From 11m:35s. To get started, there’s a need to know the difference between governance and control.

• Governance means the policies, processes, and definitions of how technologies are being consumed and who can consume them.
• Control is the implementation of these policies i.e control operationalizes the governance.

Bina states that with AWS optimization, guardrails can be placed to ensure they are not slowing down the builders and at the same time making sure that costs are in line with the broader financial and business goals.

Customers worry about going over their budget because it is difficult for them to estimate how much money they will spend on the cloud. As a result, they search for strategies to enhance cloud cost visibility and predictability. Cloud cost control and governance are useful in this situation.

Though the business change and agility that the cloud offers CFOs and finance professionals is exciting, but they are also apprehensive about the billing surprises. Therefore we must rethink how we plan, manage, and monitor our IT investment if we are to effectively control and govern cloud costs.

However, avoiding billing surprises is just one aspect of it (the sudden price change).

It is also about the modernization of governance and control at scale which is totally over the traditional command and control mechanism. In the traditional command and control mechanisms, the governance is more of a manual process requiring human approval and reviews which takes a lot of time and slows down the pace of innovations. In addition, too much governance and control could lead to decreased agility.

But all things in the cloud require a new mindset and a modern approach. Using the same manual process used in the traditional model to cloud won’t work in the modern consumption.

In the speed of innovation and governance at scale, when you are responsible for defining the governance and policies, enforcing those policies within your organization, and also when a builder works through the approval process before being able to access a particular resource he needs to be able to build, all these will definitely slow down the pace of innovation.

But with AWS you can get the visibility and tools you need to be able to effectively implement governance and controls without really slowing down the pace of innovation within the organization.

Furthermore, with AWS you don’t have to choose between agility and control, you can have both for your level of maturity, complexity, and scale.

In evolving cost control to be cloud-native there are 3 building blocks to be addressed:

• Governance and Control.
• Reporting and monitoring.
• Automation.

AWS Services

From 14m:05s – When it comes to processes there’s a need to adapt and augment the processes that have already existed within your organization. There’s a need to adapt the existing budgeting and forecasting processes to account for the variable cost model that the cloud is going to bring. This is to ensure that each application you board to the cloud is compliant with your organizational policies.

With all the right processes and checks in place, it will be easy to operationalize the governance. Moreso, to automate and scale the governance and control across the entire organization, the right tools and technologies are needed. Here are some fundamental tools of AWS:

• AWS Identity and Access Manager
• AWS Organization
• AWS Control Tower
• AWS Config

AWS Identity and Access Manager

It provides granular control to manage your user across AWS services and resources. It enables you to set permission on who can access what.

AWS Organization

This allows you to programmatically manage and create groups of accounts called organizational units and then apply policies to these groups that centrally control the use of AWS resources down to the API level. With this, you can apply and create targeted governance boundaries for your organizational units.

AWS Control Tower

It makes it easier to eat up and govern a secure multi-cloud AWS environment called the landing zone, especially for customers with multiple AWS accounts and teams. It will help you build governance as well as best practices.

AWS Config

This helps in discovering resources in your account to track the configuration changes and maintain a history for up to seven years. It helps in getting an aggregate view of your resources and configuration with compliance status across many accounts in many regions.

Billing at Scale

From 22m:35s – This will help us with getting visibility and predictability in AWS spend and usage to ensure there are no-cost surprises. Tools needed in this area are:

• Billing console.
• AWS cost Category.
• AWS Budget.
• AWS Cost Anomaly Detection.

Billing Console

With this, people can view what resources as well as the bill. You can analyze and understand your spending usage patterns and trends by looking across your accounts and resources. Here you can also set the rules and guardrails across your organization.

AWS Cost Category

With cost categories, a custom grouping mechanism can be defined based on an account, tag, specific service usage, or different charge type. It helps in driving the culture of cost awareness and consciousness. It makes it easy to drive accountability.

AWS Budget

This tool or software is used to track and predict cost and usage. It allows you to set custom budgets or thresholds that alert you when the cost or usage exceeds a certain budgeted amount. It alerts you when it is likely to exceed the forecasted spend. It will help you set reservations in savings plan utilization and coverage thresholds and also set and track budget on daily, monthly, and yearly granularity.

It is free to use and capable of integrating with other AWS services such as chatbot, cost Explorer, service catalog, etc.

AWS is prime when it comes to notification, but apart from this notification, you need to act and do it at scale in which AWS Budget Action comes in. The Budget Action helps to configure actions that can be automatically executed once a budget threshold has been reached.

AWS cost Anomaly Detection

This is a machine learning-backed service that practically detects cost and usage anomalies. The ML-based models here monitor your spend and usage continuously and notify you when something is abnormal.
It provides you the ability to root cause analysis to resolve issues quickly such as preventing unintended send among others. It is free and easy to configure.

Automation

It helps in implementing these whole processes to achieve control and scale automatically. With all these, your builders can continue to build and innovate without really causing any cost surprises. This is the modern of automating control and governance at scale without compromising on speed up innovation.

Katelyn Decraene, A Senior Cloud Finance Manager at Morningstar

From 36m:00s Bina hands over to Katelyn, who then talks about how Morningstar benefited from AWS and their journey in establishing cost controls and governance in the public cloud while growing their business in AWS.

In North America, Europe, Australia, and Asia, Morningstar is a top provider of impartial investment research. To develop tools that enable investors, they draw on their dayton research key strengths. They employ more than 8000 people and operate in 29 different countries. They began in the year 2017 with just one team using AWS. Less than 20 accounts were available at that time. However, as a result of the answers, AWS found to their challenges back then, they currently have over 1000 active accounts in AWS.

The company’s account structure was based on a team account structure. Each team had two AWS accounts, a good prod, and a non-prod account. And there are also other multiple teams in which the business units combined, will roll up under the entire organization and get Morningstar total.

AWS tools used by Morningstar

AWS cost categories

This helped the organization map the accounts up to the team level, then to the P&L level, and then to the overall business unit level. This as a result report the core service team’s total spent.

AWS uses the scanning to cut JIRA tickets to identify resources that are not compliant or missing tags to help the company enforce compliance.

AWS Budget and budgets report

At Morningstar, AWS Budget was utilized to confirm that spend is tracking to what has been planned. Alert are being received when spend is either approaching or it’s projected to exceed what the original plan was.
Katelyn is also impressed and believes that AWS Cost Anomaly Detection is a fantastic tool.

It was quite helpful for the POC setup. She also wished she had known to adopt agile in order to fully profit from the public cloud. Secondly, also ensuring that a tagging strategy is put into place and followed. She then suggests consistent automating too, these are the only strategies for surviving in the cloud at scale.

It significantly aided in efficiency and helped create a balance between cost controls and innovation.

Conclusion

Bina introduces additional resources at the end of the video, including Peer Connect Events, where you can learn more about how other customers have implemented cost control and governance at scale, the Cloud Financial Management Blog where new developments in the field are shared, and Cloud Financial Management Kiosk to connect with the AWS team and four additional cloud financial management sessions at the re: invent.