AWS Account Management & Billing
Chapter 2: AWS Account Management & Billing
Section titled “Chapter 2: AWS Account Management & Billing”Mastering AWS Account Structure and Cost Management
Section titled “Mastering AWS Account Structure and Cost Management”2.1 Overview
Section titled “2.1 Overview”Understanding AWS account management and billing is crucial for DevOps engineers to maintain control over resources, security, and costs.
AWS Account Hierarchy+------------------------------------------------------------------+| || +------------------------+ || | Management Account | || | (Payer Account) | || | | || | - Consolidated Billing | || | - AWS Organizations | || | - Cost Explorer | || +-----------+------------+ || | || +-------------------+-------------------+ || | | | || v v v || +---------------+ +---------------+ +---------------+ || | Member Account| | Member Account| | Member Account| || | (Dev) | | (Test) | | (Prod) | || +---------------+ +---------------+ +---------------+ || | | | || v v v || +---------------+ +---------------+ +---------------+ || | OU-Dev | | OU-Test | | OU-Prod | || | (Dev Team) | | (Test Team) | | (Prod Team) | || +---------------+ +---------------+ +---------------+ || |+------------------------------------------------------------------+2.2 AWS Account Types
Section titled “2.2 AWS Account Types”Account Types Comparison
Section titled “Account Types Comparison”| Account Type | Purpose | Features |
|---|---|---|
| Standard | Individual/Small teams | Full AWS access, basic support |
| Organization | Enterprise | Consolidated billing, SCPs |
| GovCloud | US Government | FedRAMP compliance |
| China | China operations | Isolated infrastructure |
Account Type Architecture+------------------------------------------------------------------+| || Standard Account Organization Account || +----------------+ +------------------------+ || | | | Management Account | || | Single User | | | || | Single Bill | | +----------------+ | || | Basic IAM | | | Member Account 1| | || | | | +----------------+ | || +----------------+ | +----------------+ | || | | Member Account 2| | || | +----------------+ | || | +----------------+ | || | | Member Account N| | || | +----------------+ | || +------------------------+ || |+------------------------------------------------------------------+2.3 AWS Organizations
Section titled “2.3 AWS Organizations”Organization Structure
Section titled “Organization Structure” AWS Organizations Hierarchy+------------------------------------------------------------------+| || +------------------------+ || | Root | || | (Organization Root) | || +-----------+------------+ || | || +-------------------+-------------------+ || | | || v v || +---------------+ +---------------+ || | OU-Security| | OU-Workloads| || | | | | || | +---------+ | | +---------+ | || | |Security | | | |OU-Dev | | || | |Account | | | +---------+ | || | +---------+ | | +---------+ | || | +---------+ | | |OU-Test | | || | |Audit | | | +---------+ | || | |Account | | | +---------+ | || | +---------+ | | |OU-Prod | | || +---------------+ +---------------+ || || Key Concepts: || - Root: Top-level container || - OU (Organizational Unit): Group accounts || - SCP (Service Control Policy): Permission boundaries || - Member Accounts: Individual AWS accounts |+------------------------------------------------------------------+Service Control Policies (SCPs)
Section titled “Service Control Policies (SCPs)” SCP Inheritance Model+------------------------------------------------------------------+| || +------------------------+ || | Root SCP | || | (Full AWS Access) | || +-----------+------------+ || | || Inherited down the tree || | || +-------------------+-------------------+ || | | || v v || +------------------------+ +------------------------+ || | OU-Production SCP | | OU-Development SCP | || | | | | || | ALLOW: EC2, RDS, S3 | | ALLOW: EC2, Lambda | || | DENY: IAM Delete | | DENY: RDS, Redshift | || | | | | || +------------------------+ +------------------------+ || | | || v v || +------------------------+ +------------------------+ || | Prod Account | | Dev Account | || | Effective Policy: | | Effective Policy: | || | Root SCP + OU SCP | | Root SCP + OU SCP | || +------------------------+ +------------------------+ || |+------------------------------------------------------------------+SCP Example: Deny Specific Regions
Section titled “SCP Example: Deny Specific Regions”{ "Version": "2012-10-17", "Statement": [ { "Sid": "DenyNonApprovedRegions", "Effect": "Deny", "NotAction": [ "iam:*", "organizations:*", "route53:*", "support:*" ], "Resource": "*", "Condition": { "StringNotEquals": { "aws:RequestedRegion": [ "us-east-1", "us-west-2", "eu-west-1" ] } } } ]}SCP Example: Prevent Leaving Organization
Section titled “SCP Example: Prevent Leaving Organization”{ "Version": "2012-10-17", "Statement": [ { "Sid": "PreventLeaveOrganization", "Effect": "Deny", "Action": "organizations:LeaveOrganization", "Resource": "*" } ]}2.4 Consolidated Billing
Section titled “2.4 Consolidated Billing” Consolidated Billing Flow+------------------------------------------------------------------+| || Individual Billing (Without Organization) || +------------------------+ || | Account A: $500/month | || | Account B: $300/month | || | Account C: $200/month | || +------------------------+ || Total: $1000/month (separate bills) || || ============================================================ || || Consolidated Billing (With Organization) || +------------------------+ || | Management Account | || | (Payer Account) | || | | || | Account A: $500 | || | Account B: $300 | || | Account C: $200 | || | | || | Combined: $1000 | || | Volume Discount: -$50 | || | Final Bill: $950 | || +------------------------+ || || Benefits: || - Volume pricing discounts || - Single bill for all accounts || - Reserved Instance sharing || - Savings Plans sharing |+------------------------------------------------------------------+Volume Tiered Pricing Example
Section titled “Volume Tiered Pricing Example” S3 Pricing Tiers (Example)+------------------------------------------------------------------+| || Storage Tier Price per GB || +----------------+-------------------+ || | First 50 TB | $0.023 per GB | || | Next 450 TB | $0.022 per GB | || | Over 500 TB | $0.021 per GB | || +----------------+-------------------+ || || Example: 600 TB storage || || Without Consolidation: || Account A (200 TB): 50×0.023 + 150×0.022 = $4.35 || Account B (200 TB): 50×0.023 + 150×0.022 = $4.35 || Account C (200 TB): 50×0.023 + 150×0.022 = $4.35 || Total: $13.05 || || With Consolidation: || Combined (600 TB): || 50×0.023 + 450×0.022 + 100×0.021 = $13.20 || (Better rate for over 500TB) |+------------------------------------------------------------------+2.5 AWS Cost Management Tools
Section titled “2.5 AWS Cost Management Tools”Cost Explorer
Section titled “Cost Explorer” AWS Cost Explorer Dashboard+------------------------------------------------------------------+| || +----------------------------------------------------------+ || | Cost Over Time | || | | || | $$$$$ | || | $ $$ | || | $ $$ $$$ | || | $ $$ $$$ $$ | || | $ $$ $$$ $$ $$ | || | |----|----|----|----|----| | || | Jan Feb Mar Apr May | || +----------------------------------------------------------+ || || +--------------------------+ +--------------------------+ || | Top Services by Cost | | Top Accounts by Cost | || | | | | || | EC2 $2,500 | | Prod Account $3,000 | || | RDS $1,200 | | Dev Account $1,500 | || | S3 $800 | | Test Account $500 | || | Lambda $300 | | | || +--------------------------+ +--------------------------+ || || Features: || - View costs by service, account, region || - Forecast future costs || - Create custom reports || - Set up anomaly detection |+------------------------------------------------------------------+AWS Budgets
Section titled “AWS Budgets” AWS Budgets Configuration+------------------------------------------------------------------+| || Budget Types: || || 1. Cost Budget || +----------------------------------------------------------+ || | Budget Name: Monthly EC2 Budget | || | Budget Amount: $5,000 | || | Alert Thresholds: | || | - 70% ($3,500) -> Email to team | || | - 90% ($4,500) -> Email + SNS to Slack | || | - 100% ($5,000) -> Email + SNS + Auto Action | || +----------------------------------------------------------+ || || 2. Usage Budget || +----------------------------------------------------------+ || | Budget Name: S3 Storage Budget | || | Budget Amount: 10 TB | || | Alert Thresholds: | || | - 80% (8 TB) -> Email | || | - 100% (10 TB) -> Email + Auto Action | || +----------------------------------------------------------+ || || 3. RI/Savings Plans Budget || +----------------------------------------------------------+ || | Budget Name: RI Utilization | || | Target: 80% utilization | || | Alert: Below 70% utilization | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+Budget Actions
Section titled “Budget Actions”{ "ActionThreshold": { "ActionThresholdType": "PERCENTAGE", "ActionThresholdValue": 100 }, "ActionType": "APPLY_IAM_POLICY", "BudgetName": "Monthly-EC2-Budget", "Definition": { "IamActionDefinition": { "PolicyArn": "arn:aws:iam::aws:policy/AWSDenyAllEC2Actions", "Roles": ["EC2LaunchRole"], "Users": ["dev-user"] } }, "ExecutionRoleArn": "arn:aws:iam::123456789012:role/BudgetActionRole", "ApprovalModel": "AUTOMATIC"}2.6 Cost Optimization Strategies
Section titled “2.6 Cost Optimization Strategies”Strategy 1: Right-Sizing
Section titled “Strategy 1: Right-Sizing” Right-Sizing Analysis+------------------------------------------------------------------+| || Under-utilized Instance Detection || || +------------------------+ || | Instance: i-12345 | || | Type: m5.xlarge | || | Cost: $140/month | || | | || | CPU Utilization: 15% | <-- Under-utilized! || | Memory: 30% | || | Network: 5% | || +------------------------+ || || Recommendation: || +------------------------+ || | Downsize to: | || | m5.large | || | Cost: $70/month | || | Savings: $70/month | || +------------------------+ || || Tools: || - AWS Cost Explorer (Right-sizing recommendations) || - AWS Compute Optimizer || - CloudWatch Metrics |+------------------------------------------------------------------+Strategy 2: Reserved Instances & Savings Plans
Section titled “Strategy 2: Reserved Instances & Savings Plans” Pricing Models Comparison+------------------------------------------------------------------+| || On-Demand Pricing (Baseline) || +----------------------------------------------------------+ || | m5.xlarge (Linux) | || | $0.192/hour = $140.16/month = $1,681.92/year | || +----------------------------------------------------------+ || || Reserved Instance (1 Year, All Upfront) || +----------------------------------------------------------+ || | m5.xlarge (Linux) | || | $1,008/year = $84/month = $0.115/hour | || | Savings: 40% | || +----------------------------------------------------------+ || || Reserved Instance (3 Year, All Upfront) || +----------------------------------------------------------+ || | m5.xlarge (Linux) | || | $2,016/3-years = $56/month = $0.077/hour | || | Savings: 60% | || +----------------------------------------------------------+ || || Savings Plans (Compute) || +----------------------------------------------------------+ || | Commit $100/hour for 1 year | || | Applies to: EC2, Fargate, Lambda | || | Savings: Up to 72% | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+RI vs Savings Plans Decision Tree
Section titled “RI vs Savings Plans Decision Tree” Choose Your Savings Model+------------------------------------------------------------------+| || Start: Need Savings? || | || v || +---------------------+ || | Predictable | || | Workload? | || +----------+----------+ || | || +------------+------------+ || | | || v v || (Yes) (No) || | | || v v || +------------------+ +---------------------+ || | Single Service | | Use On-Demand | || | (EC2 only)? | | with Auto Scaling | || +--------+---------+ +---------------------+ || | || +--------+---------+ || | | || v v || (Yes) (No) || | | || v v || +--------+ +-------------+ || |Reserved| | Savings | || |Instance| | Plans | || +--------+ +-------------+ || | | || v v || +--------+ +-------------+ || |Up to 72%| | Up to 66% | || |savings | | (flexible) | || +--------+ +-------------+ || |+------------------------------------------------------------------+Strategy 3: Spot Instances
Section titled “Strategy 3: Spot Instances” Spot Instance Usage Patterns+------------------------------------------------------------------+| || Spot Instance Pool || +----------------------------------------------------------+ || | Region: us-east-1 | || | Instance Type: m5.xlarge | || | | || | On-Demand Price: $0.192/hour | || | Spot Price: $0.038/hour (80% off!) | || | | || | Interruption Rate: <5% (varies) | || +----------------------------------------------------------+ || || Best Use Cases: || +----------------------------------------------------------+ || | - Batch processing jobs | || | - CI/CD pipelines | || | - Data analysis | || | - Image/video processing | || | - Distributed computing | || +----------------------------------------------------------+ || || NOT Recommended For: || +----------------------------------------------------------+ || | - Databases (critical) | || | - Production web servers | || | - Stateful applications | || | - Long-running jobs without checkpointing | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+Spot Fleet Configuration
Section titled “Spot Fleet Configuration”{ "SpotFleetRequestConfig": { "IamFleetRole": "arn:aws:iam::123456789012:role/spot-fleet-role", "AllocationStrategy": "diversified", "TargetCapacity": 10, "SpotPrice": "0.10", "LaunchSpecifications": [ { "ImageId": "ami-12345678", "InstanceType": "m5.xlarge", "KeyName": "my-key-pair", "SubnetId": "subnet-12345678" }, { "ImageId": "ami-12345678", "InstanceType": "m5.2xlarge", "KeyName": "my-key-pair", "SubnetId": "subnet-12345678" } ] }}2.7 Cost Allocation Tags
Section titled “2.7 Cost Allocation Tags” Cost Allocation Tags Strategy+------------------------------------------------------------------+| || Tag Structure: || || +------------------------+ || | Key: Environment | || | Values: | || | - production | || | - staging | || | - development | || +------------------------+ || || +------------------------+ || | Key: Project | || | Values: | || | - project-alpha | || | - project-beta | || | - project-gamma | || +------------------------+ || || +------------------------+ || | Key: CostCenter | || | Values: | || | - cc-1001 | || | - cc-1002 | || | - cc-1003 | || +------------------------+ || || +------------------------+ || | Key: Owner | || | Values: | || | - team-backend | || | - team-frontend | || | - team-devops | || +------------------------+ || || Cost Report by Tags: || +----------------------------------------------------------+ || | Environment | Project | Cost | % of Total | || | ------------|--------------|---------|---------- | || | production | project-alpha| $5,000 | 50% | || | staging | project-alpha| $1,000 | 10% | || | development | project-beta | $2,000 | 20% | || | production | project-beta | $2,000 | 20% | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+Tagging Best Practices
Section titled “Tagging Best Practices”# AWS CLI - Tag Resourcesaws ec2 create-tags \ --resources i-1234567890abcdef0 \ --tags Key=Environment,Value=production Key=Project,Value=alpha Key=Owner,Value=team-backend
# AWS CLI - Activate Cost Allocation Tagsaws ce tag-resource \ --resource-arn arn:aws:ce::123456789012:tagpolicy/default \ --tags Key=Environment,Value=production
# List all tags for a resourceaws ec2 describe-tags \ --filters "Name=resource-id,Values=i-1234567890abcdef0"2.8 Billing Alarms & Alerts
Section titled “2.8 Billing Alarms & Alerts” CloudWatch Billing Alarm Setup+------------------------------------------------------------------+| || Step 1: Enable Billing Metrics || +----------------------------------------------------------+ || | Go to Billing Console -> Billing Preferences | || | Enable: "Receive Billing Alerts" | || +----------------------------------------------------------+ || || Step 2: Create CloudWatch Alarm || +----------------------------------------------------------+ || | Namespace: AWS/Billing | || | Metric: EstimatedCharges | || | Currency: USD | || | Statistic: Maximum | || | Period: 6 hours | || +----------------------------------------------------------+ || || Step 3: Set Threshold || +----------------------------------------------------------+ || | Threshold: $100 | || | Comparison: GreaterThanThreshold | || | Evaluation Periods: 1 | || +----------------------------------------------------------+ || || Step 4: Configure Notification || +----------------------------------------------------------+ || | SNS Topic: billing-alerts | || | Subscribers: | || | - finance@company.com | || | - devops@company.com | || | - Slack webhook | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+CloudWatch Billing Alarm (Terraform)
Section titled “CloudWatch Billing Alarm (Terraform)”# SNS Topic for billing alertsresource "aws_sns_topic" "billing_alerts" { name = "billing-alerts"}
resource "aws_sns_topic_subscription" "email" { topic_arn = aws_sns_topic.billing_alerts.arn protocol = "email" endpoint = "devops@company.com"}
# CloudWatch billing alarmresource "aws_cloudwatch_metric_alarm" "billing" { alarm_name = "billing-threshold-100" comparison_operator = "GreaterThanThreshold" evaluation_periods = "1" metric_name = "EstimatedCharges" namespace = "AWS/Billing" period = "21600" # 6 hours statistic = "Maximum" threshold = "100" alarm_description = "Billing exceeds $100" alarm_actions = [aws_sns_topic.billing_alerts.arn]
dimensions = { Currency = "USD" }}2.9 AWS Cost Anomaly Detection
Section titled “2.9 AWS Cost Anomaly Detection” Cost Anomaly Detection Flow+------------------------------------------------------------------+| || Normal Pattern: || +----------------------------------------------------------+ || | $$$$$ | || | $ $$ | || | $ $$ $$$ | || | $ $$ $$$ $$ | || | |---|---|---|---|---| | || | Mon Tue Wed Thu Fri | || +----------------------------------------------------------+ || || Anomaly Detected: || +----------------------------------------------------------+ || | $$$$$ | || | $ $$ | || | $ $$ $$$ | || | $ $$ $$$ $$ $$$$$$$$$$$$ <-- ANOMALY! | || | |---|---|---|---|---|---| | || | Mon Tue Wed Thu Fri Sat | || +----------------------------------------------------------+ || || Alert Flow: || +----------------------------------------------------------+ || | 1. Anomaly detected by ML model | || | 2. Alert sent to SNS topic | || | 3. Notification to email/Slack | || | 4. Investigation triggered | || | 5. Root cause identified | || | 6. Remediation applied | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+2.10 Practical Commands
Section titled “2.10 Practical Commands”AWS CLI - Billing & Cost Management
Section titled “AWS CLI - Billing & Cost Management”# Get current month's costaws ce get-cost-and-usage \ --time-period Start=2026-02-01,End=2026-02-28 \ --granularity MONTHLY \ --metrics BlendedCost
# Get cost by serviceaws ce get-cost-and-usage \ --time-period Start=2026-02-01,End=2026-02-28 \ --granularity MONTHLY \ --metrics BlendedCost \ --group-by Type=DIMENSION,Key=SERVICE
# Get cost forecastaws ce get-cost-forecast \ --time-period Start=2026-03-01,End=2026-03-31 \ --metric BLENDED_COST \ --granularity MONTHLY
# List budgetsaws budgets describe-budgets --account-id 123456789012
# List cost allocation tagsaws ce list-cost-allocation-tags
# Get reservation coverageaws ce get-reservation-coverage \ --time-period Start=2026-02-01,End=2026-02-28 \ --granularity MONTHLYPython/boto3 Example
Section titled “Python/boto3 Example”import boto3from datetime import datetime, timedelta
# Initialize Cost Explorer clientce = boto3.client('ce')
# Get cost for last 30 daysend_date = datetime.now().strftime('%Y-%m-%d')start_date = (datetime.now() - timedelta(days=30)).strftime('%Y-%m-%d')
response = ce.get_cost_and_usage( TimePeriod={ 'Start': start_date, 'End': end_date }, Granularity='DAILY', Metrics=['BlendedCost'], GroupBy=[ {'Type': 'DIMENSION', 'Key': 'SERVICE'} ])
# Print costs by servicefor result in response['ResultsByTime']: print(f"\nDate: {result['TimePeriod']['Start']}") for group in result['Groups']: service = group['Keys'][0] cost = group['Metrics']['BlendedCost']['Amount'] print(f" {service}: ${float(cost):.2f}")2.11 Best Practices Summary
Section titled “2.11 Best Practices Summary” Cost Management Best Practices+------------------------------------------------------------------+| || 1. Use AWS Organizations for consolidated billing || +----------------------------------------------+ || | Management Account -> Member Accounts | || | (Volume discounts, single bill) | || +----------------------------------------------+ || || 2. Implement tagging strategy from day one || +----------------------------------------------+ || | Required tags: Environment, Project, Owner | || | Enable cost allocation tags | || +----------------------------------------------+ || || 3. Set up budgets and alerts || +----------------------------------------------+ || | Monthly budget per environment | || | Alert at 70%, 90%, 100% | || +----------------------------------------------+ || || 4. Regular cost reviews || +----------------------------------------------+ || | Weekly: Review anomalies | || | Monthly: Review top costs | || | Quarterly: Review commitments | || +----------------------------------------------+ || || 5. Use Savings Plans/Reserved Instances || +----------------------------------------------+ || | For stable workloads: RI (up to 72% off) | || | For flexible workloads: Savings Plans | || +----------------------------------------------+ || |+------------------------------------------------------------------+2.12 Why This Matters in DevOps/SRE
Section titled “2.12 Why This Matters in DevOps/SRE”Cost management is a core responsibility for DevOps engineers and SREs. In many organizations, the DevOps team is the primary owner of cloud spending.
FinOps in DevOps/SRE+------------------------------------------------------------------+| || DevOps Engineer Cost Responsibilities: || || 1. Infrastructure Cost Ownership || +----------------------------------------------------------+ || | - You provision it, you own the cost | || | - CI/CD pipelines consume compute resources | || | - Dev/staging environments often waste money | || +----------------------------------------------------------+ || || 2. Cost-Aware Architecture || +----------------------------------------------------------+ || | - Choosing Spot vs On-Demand for CI runners | || | - Right-sizing monitoring infrastructure | || | - Automating environment teardown (dev/staging) | || +----------------------------------------------------------+ || || 3. FinOps Practices || +----------------------------------------------------------+ || | - Weekly cost reviews in team standups | || | - Tagging enforcement in CI/CD pipelines | || | - Automated cost anomaly alerts to Slack/PagerDuty | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+2.13 Linux Systems Perspective
Section titled “2.13 Linux Systems Perspective”Cost Monitoring from Arch Linux
Section titled “Cost Monitoring from Arch Linux”# Install AWS cost monitoring tools on Arch Linuxsudo pacman -S aws-cli-v2 jq python-boto3
# Quick daily cost check script# Save as ~/bin/aws-cost-today.sh#!/bin/bashset -euo pipefail
TODAY=$(date -u '+%Y-%m-%d')YESTERDAY=$(date -u -d 'yesterday' '+%Y-%m-%d')
echo "=== AWS Cost Report ==="echo "Date: $YESTERDAY"echo ""
# Get yesterday's cost by serviceaws ce get-cost-and-usage \ --time-period "Start=$YESTERDAY,End=$TODAY" \ --granularity DAILY \ --metrics BlendedCost \ --group-by Type=DIMENSION,Key=SERVICE \ --query 'ResultsByTime[0].Groups[*].[Keys[0],Metrics.BlendedCost.Amount]' \ --output text | \ awk '{printf "%-40s $%.2f\n", $1, $2}' | \ sort -t'$' -k2 -rn | head -10
echo ""echo "--- Month-to-Date Total ---"MONTH_START=$(date -u '+%Y-%m-01')aws ce get-cost-and-usage \ --time-period "Start=$MONTH_START,End=$TODAY" \ --granularity MONTHLY \ --metrics BlendedCost \ --query 'ResultsByTime[0].Total.BlendedCost.Amount' \ --output text | awk '{printf "Total: $%.2f\n", $1}'
# Set up as systemd timer for daily execution# /etc/systemd/system/aws-cost-report.service[Unit]Description=Daily AWS Cost Report
[Service]Type=oneshotExecStart=/home/akash/bin/aws-cost-today.shUser=akashEnvironment=HOME=/home/akash
# /etc/systemd/system/aws-cost-report.timer[Unit]Description=Run cost report daily at 9 AM
[Timer]OnCalendar=*-*-* 09:00:00Persistent=true
[Install]WantedBy=timers.targetAutomated Cost Alerting
Section titled “Automated Cost Alerting”# Cost alert script that sends to Slack/Discord#!/bin/bashTHRESHOLD=100 # Alert if daily cost exceeds $100SLACK_WEBHOOK="https://hooks.slack.com/services/YOUR/WEBHOOK/URL"
TODAY=$(date -u '+%Y-%m-%d')YESTERDAY=$(date -u -d 'yesterday' '+%Y-%m-%d')
COST=$(aws ce get-cost-and-usage \ --time-period "Start=$YESTERDAY,End=$TODAY" \ --granularity DAILY \ --metrics BlendedCost \ --query 'ResultsByTime[0].Total.BlendedCost.Amount' \ --output text)
# Compare cost with threshold (using bc for floating point)if (( $(echo "$COST > $THRESHOLD" | bc -l) )); then curl -X POST -H 'Content-type: application/json' \ --data "{\"text\":\"⚠️ AWS Cost Alert: Yesterday's spend was \$$COST (threshold: \$$THRESHOLD)\"}" \ "$SLACK_WEBHOOK"fi2.14 Real-World Production Scenarios
Section titled “2.14 Real-World Production Scenarios”Scenario 1: Runaway Costs from Forgotten Resources
Section titled “Scenario 1: Runaway Costs from Forgotten Resources” Cost Incident: Orphaned Resources+------------------------------------------------------------------+| || Situation: || - Developer spun up 10x m5.4xlarge for load testing || - Forgot to terminate after testing || - Running for 3 weeks unnoticed || - Cost: ~$4,600 wasted || || Root Cause: || - No auto-shutdown policies || - No cost alerts configured || - No resource tagging enforcement || || Prevention: || +----------------------------------------------------------+ || | 1. Tag all resources with expiry dates | || | 2. Lambda function to terminate expired resources | || | 3. AWS Budget alerts at 50%, 80%, 100% | || | 4. SCPs to limit instance types in dev accounts | || | 5. Weekly cost review in team standup | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+Scenario 2: Multi-Account Cost Strategy
Section titled “Scenario 2: Multi-Account Cost Strategy” Enterprise Account Strategy+------------------------------------------------------------------+| || Management Account (Payer) || +----------------------------------------------------------+ || | - Consolidated billing only | || | - No workloads deployed here | || | - Budget alerts and cost anomaly detection | || +----------------------------------------------------------+ || | || +----+----+----+----+ || | | | | | || v v v v v || || OU: Security OU: Production || - Audit account - Prod workloads || - Log archive - RI/Savings Plans purchased here || - Security tools - SCP: No deleting CloudTrail || || OU: Development OU: Sandbox || - Dev environments - Experimentation || - SCP: Max m5.xlarge - Hard budget cap: $500/month || - Auto-shutdown at 7PM- SCP: Deny expensive services || || Key Savings: || - RI sharing across accounts saves ~30% || - Dev auto-shutdown saves ~60% on compute || - Consolidated billing volume discounts: ~5-10% || |+------------------------------------------------------------------+2.15 Troubleshooting Guide
Section titled “2.15 Troubleshooting Guide”| Issue | Cause | Solution |
|---|---|---|
| Unexpected high bill | Forgotten resources, data transfer | Use Cost Explorer to identify, set up Budget alerts |
| Budget alerts not firing | Billing metrics delayed ~6-8 hours | Understand the delay; use CloudWatch for real-time |
| Cost allocation tags not showing | Tags not activated in billing | Activate tags in Billing console > Cost allocation tags |
| RI not applying to instances | Wrong AZ, instance type, or platform | Verify RI scope matches running instances |
| Cross-account RI sharing not working | RI sharing disabled | Enable RI sharing in management account |
| Cannot see other account’s costs | Missing permissions | Need ce:GetCostAndUsage permission |
# Debug billing issues from terminal
# Check if your tags are activatedaws ce list-cost-allocation-tags \ --status Active \ --query 'CostAllocationTags[*].[TagKey,Status]' \ --output table
# Find untagged resources (potential cost leaks)aws resourcegroupstaggingapi get-resources \ --region us-east-1 \ --query 'ResourceTagMappingList[?Tags==`[]`].ResourceARN' \ --output text | head -20
# Check RI utilizationaws ce get-reservation-utilization \ --time-period "Start=$(date -u -d '30 days ago' '+%Y-%m-%d'),End=$(date -u '+%Y-%m-%d')" \ --query 'UtilizationsByTime[0].Total' \ --output table2.16 Common Mistakes & Anti-Patterns
Section titled “2.16 Common Mistakes & Anti-Patterns” Billing Anti-Patterns+------------------------------------------------------------------+| || ❌ Mistake 1: No Budget Alerts || +----------------------------------------------------------+ || | Problem: No visibility into spending until bill arrives | || | Impact: Surprise bills of $10,000+ | || | Fix: Set alerts at 50%, 80%, 100% of budget | || +----------------------------------------------------------+ || || ❌ Mistake 2: Buying RIs Too Early || +----------------------------------------------------------+ || | Problem: Purchasing 3-year RIs before usage stabilizes | || | Impact: Paying for unused capacity | || | Fix: Run On-Demand for 3 months, analyze, then commit | || +----------------------------------------------------------+ || || ❌ Mistake 3: Not Tagging Resources || +----------------------------------------------------------+ || | Problem: Cannot attribute costs to teams/projects | || | Impact: No accountability, no optimization targets | || | Fix: Enforce tagging via SCPs and CI/CD pipelines | || +----------------------------------------------------------+ || || ❌ Mistake 4: Running Dev/Staging 24/7 || +----------------------------------------------------------+ || | Problem: Non-production environments running at night | || | Impact: Wasting 65% of compute cost (16hrs/day idle) | || | Fix: Auto-shutdown Lambda or Instance Scheduler | || +----------------------------------------------------------+ || || ❌ Mistake 5: Ignoring Data Transfer Costs || +----------------------------------------------------------+ || | Problem: Microservices chatting across AZs/regions | || | Impact: Data transfer can be 20-30% of total bill | || | Fix: Co-locate services, use VPC endpoints | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+2.17 Interview Questions
Section titled “2.17 Interview Questions”Conceptual Questions
Section titled “Conceptual Questions”-
Q: What is AWS Organizations and why would you use it?
- A: AWS Organizations lets you centrally manage multiple AWS accounts. Benefits: consolidated billing for volume discounts, SCPs for permission guardrails, centralized logging/auditing, and OU-based account organization. Essential for enterprises with separate dev/staging/prod accounts.
-
Q: Explain the difference between Reserved Instances and Savings Plans.
- A: RIs are tied to specific instance types and regions (up to 72% savings). Savings Plans are a commitment to hourly spend (up to 66% savings) but more flexible — they apply across instance families, regions, and even across EC2/Fargate/Lambda. Use RIs for predictable, single-service workloads; Savings Plans for varied workloads.
-
Q: How do you implement cost controls in a multi-account AWS environment?
- A: Use AWS Organizations with OUs. Apply SCPs to restrict expensive services in dev accounts. Set up AWS Budgets with auto-actions. Enforce tagging policies. Enable Cost Anomaly Detection. Share RIs across accounts via consolidated billing. Schedule dev environment shutdowns.
Scenario-Based Questions
Section titled “Scenario-Based Questions”-
Q: Your AWS bill jumped 40% this month. How do you investigate?
- A: Start with Cost Explorer to identify which service/account/region increased. Check Cost Anomaly Detection for flagged items. Look for untagged resources. Check for orphaned EC2 instances, EBS volumes, or elastic IPs. Review NAT Gateway data transfer. Check if a data pipeline or CI/CD job ran excessively.
-
Q: How would you reduce AWS costs by 30% without impacting production?
- A: (1) Right-size instances using Compute Optimizer (10-20% savings), (2) Purchase Savings Plans for stable workloads (30-40%), (3) Use Spot instances for CI/CD and batch (60-90%), (4) Shut down dev/staging at night (65%), (5) S3 lifecycle policies for cold data, (6) Delete unused EBS snapshots and unattached volumes.
2.18 Exam Tips
Section titled “2.18 Exam Tips”
- Consolidated Billing: Combines usage across accounts for volume discounts
- SCPs: Use to set permission boundaries, not grant permissions
- Reserved Instances: Best for steady-state workloads with 1-3 year commitment
- Savings Plans: More flexible than RIs, apply across EC2, Lambda, Fargate
- Spot Instances: Up to 90% discount, but can be interrupted
- Cost Allocation Tags: Must be activated to appear in billing reports
- Budget Actions: Can automatically restrict resources when budget exceeded
Next Chapter
Section titled “Next Chapter”Chapter 3: AWS Identity and Access Management (IAM)
Last Updated: March 2026
Last Updated: February 2026