1-888-317-7920 info@2ndwatch.com

Cloud Cost Complexity: Bringing the unknown unknowns to light

When first speaking to mid-size and large enterprises considering embracing the Amazon Web Services (AWS) cloud, the same themes come up consistently.  Sometimes it comes out explicitly and sometimes it is just implied, but one item that nearly all are apprehensive about is their discomfort with “unknown unknowns” (the stuff you don’t even know that you don’t know). They recognize that AWS represents a paradigm shift in how IT services are provisioned, operated, and paid for, but they don’t know where that shift might trip them up or where it will create gaps in their existing processes.  This is a great reason to work with an AWS Premier Partner, but that is a story for another day.

Let’s talk about one of the truly unknown unknowns – AWS Cost Accounting.  The pricing for Amazon Web Services is incredibly transparent.  The price for each service is clearly labeled online and publicly available.  Amazon’s list prices are the same for all customers, and the only discounts come in the form of volume discounts based on usage, or Reserved Instances (RIs).  So if all of this is so transparent, how can this be an unknown unknown?  The devil is in the details.

The scenario nearly always plays out the same way.  An enterprise starts by dipping a toe into the AWS waters.  It starts with one account, then two or three. Six months later they have 10 or 20 AWS accounts.  This is a good thing. AWS is designed to be easy to consume – Nothing more than a credit card is required to get started.  The challenge comes when your organization moves to consolidated invoice billing.  Your organization may be doing this because you want central procurement to manage the payments, you want to pool your volume for discounts, or it may be as simple as wanting it off your credit card. Either way, you now have an AWS bill that might not be what was expected (the unknown unknown).

If you have ever seen an AWS bill, you know they contain a phenomenal amount of useful information.  Amazon provides a spreadsheet monthly with every line item that was billed for the period with amazing detail and precision.  The down side of this wealth of information is that once you start accumulating several AWS accounts on the same consolidated bill, the bill becomes exponentially more difficult to rationalize and track your costs.

In contrast to the unknown unknown, the ability to accurately attribute per-workload costs is one of AWS’ best features and a strong attractor to AWS.  For many organizations, the ability to provide showback or chargeback bills to business units is extraordinarily valuable.  Once a business unit can see the direct costs of their IT resources they can make more informed business decisions.  It is amazing how often HA and DR requirements get adjusted when a business unit can calculate the cost / benefit of each option.

Along with the apprehension of unknown unknowns, many organizations are both excited and a little scared of going to a truly variable cost model.  They are used to knowing what their costs are (even if they are over provisioned).  The idea that they won’t know what the workload will cost until it is up and running on AWS can be a scary one.  This fear can be flipped into a virtue – try it!  Run a quick POC and the workload for performance, cost etc.  See if it works for your use case.  If it does, great; if not, it didn’t cost much to find out.

Managing your costs in AWS means more than just deciphering your bill this month.  It also means the ability to track historical spend by service and interpret the results.  Business units need to understand why their portion of the bill is going up or down and what is driving the change.

The solution to the cost accounting challenge is to use a cost accounting tool specific to AWS.  As Amazon is quick to point out, the pricing model, while transparent, is also fluid.  They have dropped pricing on various services more than 50 times in the last few years.  To effectively manage AWS costs, users want a comprehensive solution that can take a consolidated bill and make it easy to generate real insights.  Most on-premise or co-located solutions cannot match the granularity and accuracy of AWS with a properly implemented cost accounting tool.  With the right tool you can take one of the unknown unknowns and make it a powerful advantage for your journey to the public cloud!

2nd Watch offers software and services that simplify your cloud billing as part of our Managed Billing solution.  This solution expands upon our industry-leading cloud accounting platform with a trained concierge to help facilitate billing questions, making analyzing, budgeting, tracking, forecasting and invoicing the cost of the public cloud easier. Our Managed Billing Service lets you accurately allocate deployment expenses to your financial reporting structure and provides business insights through detailed usage analytics and budget reporting. We offer these services for free to our Managed Services customers.  Find out more at www.2ndwatch.com/Managed-Cloud.

-By Marc Kagan, Managed Cloud Specialist


Cloud Cost Optimization with AWS

AWS regularly cuts customer cost by reducing the price of their services.  This happened most recently with the price reduction of C4, M4 and R3 instances.  These instances saw a 5% price cut when running on Linux.  This was their 51st price reduction.  Customers are clearly benefiting from the scale that AWS can bring to the market.  Spot Instances and Reserved Instances are another way customers can significantly reduce the cost to run their workloads in the cloud.

Sometimes these cost savings are not as obvious, but they need to be understood and measured when doing a TCO calculation.  AWS recently announced Certificate Manager.  Certificate Manager allows you to request new SSL/TLS certificates and then manage them with automated renewals.  The best part is that the service is free!  Many vendors charge hundreds of dollars for new certificates, and AWS is now offering it for free.  The automated renewal could also save you time and money while preventing costly outages.  Just ask the folks over at Microsoft how costly a certificate expiring can be.

Another way AWS reduces the cost to manage workloads is by offering new features in an existing service.  S3 Standard – Infrequent Access is an example of this.  AWS offered the same eleven 9s of durability while reducing availability from four 9s to three.  Customers who are comfortable going from 52 minutes of downtime a year to 8.5 hours of downtime per year for objects that don’t need the same level of availability can save well over 50%, even at the highest usage levels.  When you add features like encryption, versioning, cross-region replications and others, you start to see the true value.  Building and configuring these features yourself in a private cloud or in your own infrastructure can be costly add-ons.  AWS often offers these add-ons for free or only charges for the associated use, like the storage cost for cross-region replication.

Look beyond CPUs, memory, and bytes on disk when calculating the savings you will get with a move to AWS.  Explore the features and services you cannot offer your business from within your own datacenter or colocation facility.  Find a partner like 2nd Watch to help you manage and optimize your cloud infrastructure for long-term savings.

-Chris Nolan, Director of Product


Accurate Enterprise Cloud Cost Tracking & Allocation

AWS enables enterprises to trade capital expense for variable expense, lower operating costs and increase speed and agility. As enterprises begin to deploy cloud services across their business, it is critical to have a standardized approach to allocate usage costs to the appropriate department or cost center. By tracking costs at the cost center level, Enterprises gain visibility throughout their organization – and specifically who is spending precious IT funds.

To allocate costs, usage must first be grouped.  AWS provides two methods to group usage; Resources Tags and AWS accounts. Each method is useful but also comes with downsides.

Using AWS Tagging to group usage

  • Grouping by tag enables enterprises to run all of their workloads (applications) in a single AWS account, simplifying management within the AWS console.
  • A tagging schema needs to be created, universally deployed and tightly controlled.
  • Care has to be taken to ensure all individual AWS resources are tagged properly as any mistake in tagging will cause a resource to be left out of the group and not reported properly.
  • Many AWS resources are un-tagable, which will require the creation and maintenance of a separate cost distribution scheme to allocate those costs across the enterprise.
  • Reserved Instance (RI) discounted usage pricing cannot be linked to a single tag group and can result in significant costing inaccuracies.

Using Multiple AWS Accounts to group usage

  • Using individual AWS accounts for each workload provides the most accurate and detailed reporting of costs and usage.
  • By creating a separate AWS account for each workload, enterprises can track all associated costs (including RIs) and allocate them to cost centers, departments and/or business units.
  • When using AWS accounts to group usage, each account must be manually set up.
  • There is no method of sharing resources, such as databases, with multiple workloads as each workload is located in separate AWS accounts.

Given the challenges of both “account based” and “tag based” grouping, we have found that the tracking methodology needs be aligned to the applications or workloads.  For deployments where the resources are 100% dedicated to a specific workload, grouping by AWS accounts is ideal as it is the only way to ensure fully accurate costing. Using AWS tagging should be used when you need to share resources across multiple workloads, however enterprises must note that the costing will not be 100% accurate when using tag groups.

Tracking and Allocating Costs for Workloads with Dedicated Resources

As stated above, workloads that do not need to share resources should be set up in unique AWS accounts.  This can be accomplished by establishing individual AWS accounts for each workload and mapping them directly to your enterprise organizational structure. The example below illustrates how a complex enterprise can organize its cloud expenses and provide showback or chargeback reports across the enterprise.


In this example, the enterprise would receive two bills for their cloud usage – Business Unit 1 and Business Unit 2.  Under each business unit there are multiple levels of cost centers that roll up to each subsequent higher level – which is typical with many Enterprise organizations.  In this example, AWS accounts are created for each project/workload then rolled up to provide consolidated usage information by department and business unit. This type of structure enables:

  • The owners at the “resources and workload cost accrual and tracking” levels to track their individual usage by AWS accounts, which captures 100% of the cost associated with each AWS account
  • The management of department level to view the consolidated usage for their respective cost centers and workloads
  • The management of each business unit to view usage by department and AWS account and receive a bill for its entire consolidated usage

This provides a reliable and accurate methodology to track and allocate cloud usage based on your distinct enterprise organizational structure. It does, however, require a disciplined approach to creating new projects and updating your expense management platform to provide executive-level dashboards and the ability to drill-down to detailed consumption reports by cost center.  This enables Enterprise IT to provide executive-level transparency while keeping excessive resource consumption under control and reduce IT costs.

Tracking and Allocating Costs for Workloads with Shared Resources

In many organizations there is a need to share key resources, such as databases, across multiple workloads. In these cases it is a best practice to use AWS tags to group your expenses. This method requires careful set up of resources and the creation of a schema to allocate shared resources and resources that cannot be tagged across the enterprise.

Accurate_Cost_Allocation_2Tagging allows enterprises to assign its own metadata to each tag-able resource. Tags do not have any semantic meaning to AWS resources and are interpreted strictly as a string of characters. Tags are made up of both a “Key” and a “Value”. AWS allows up to 10 Keys for each resource, and each Key can have can have unlimited values enabling very detailed grouping of resources.  Tagging should be set up based on the needs of the organization and the AWS architecture design. The image below illustrates how to establish a tagging scheme for a 2-Tier Auto-scalable Web Application.

Accurate Cost Allocation_3As the project moves from Web Sandbox to Web Staging to Web Production, you can use tags to track usage.  When the application is in the Sandbox all resources are tagged with the key “Web Sandbox” and the appropriate value (Environment, Owner, App and/or IT Tower). When the project moves to “Web Staging” you simply replace the original key and values with the ones associated with the next step in development.

While there is no one-size-fits-all solution to AWS expense management, deploying one or both of these methods can provide you the visibility necessary to successfully meet the tracking and analytical needs of your enterprise.

-Tim Hill, Product Manager


Amazon Updates Reserved Instances Model

In an effort to simplify the Reserved Instances (RI) model, AWS announced yesterday a change in the model based on customer feedback and purchasing patterns.

AWS will move from three types of RIs – Fixed Price: Heavy, Medium and Light Utilization RIs – to a single type with three payment options. All continue to provide capacity assurance and discounts when compared to On-Demand prices.

The three new payment options give you flexibility to pay for the entire RI upfront, a portion of the RI upfront and a portion over the term, or nothing upfront and the entire RI over the course of the term.

What does this mean for you? These changes will really benefit predictable workloads that are running >30% of the time.  In cases where usage is less consistent, it may be better for companies to stick with on-demand rates.  We’ve developed some related research on usage trends. Meanwhile, our role as a top AWS partner continues to be simplifying procurement of all AWS products and services.

Download the AWS Usage infographic

Read more about the new RI model.


Optimizing AWS Costs with Trusted Advisor

Moving to the cloud is one of the best decisions you can make for your business.  The low startup costs, instant elasticity, and near endless scalability have lured many organizations from traditional datacenters to the cloud.  Although cloud startup costs are extremely low, over time the burgeoning use of resources within an AWS account can slowly increase the cost of operating in the cloud.

One service AWS provides to help with watching the costs of an AWS environment is AWS Trusted Advisor.  AWS touts the service as “your customized cloud expert” that helps you monitor resources according to best practices.  Trusted Advisor is a service that runs in the background of your AWS account and gathers information regarding cost optimization, security, fault tolerance, and performance.  Trusted Advisor can be accessed proactively through the support console or can be setup to notify you via weekly email.

The types of Trusted Advisor notifications available for Cost Optimization are Amazon EC2 Reserved Instance Optimization, Low Utilization Amazon EC2 Instances, Idle Load Balancers, Underutilized Amazon EBS Volumes, Unassociated Elastic IP Addresses, and RDS Idle DB Instances.  Within these service types, Trusted Advisor gives you four types of possible statuses; “No problems detected,” “Investigation recommended,” “Action recommended,” and “Not available.”  Each one of these status types give insight to how effectively you are running your account based on the best-practice algorithm the service uses.  In the below example, AWS Trusted Advisor points out $1,892 of potential savings for this account.

Trusted Advisor

Each one of these notifications adds up to the total potential monthly savings.  Here is one “Investigation recommended” notification from the same account. It says “3 of 4 DB instances appear to be Idle. Monthly savings of up to $101 are available by minimizing idle DB Instances.”

Drop Down

Clicking the drop down button reveals more:

Amazon RDS

The full display tells you exactly what resource in your account is causing the alert and even gives you the estimated monthly savings if you were to make changes to the resource.   In this case the three RDS instances are running in Oregon and Ireland.  This particular service is basing the alert on the “Days since last connection,” which is extremely helpful because if there have been no connections to the database in 14+ days, there’s a good chance it’s not even being used.  One of the best things about Trusted Advisor is that it gives the overview broken down by service type and gives just enough information to be simple and useful.  We didn’t have to login to RDS and navigate to the Oregon region or the Ireland region to find this information. It was all gathered by Trusteed Advisor and presented in an easy to read format.  Remember, not all of the information provided may need immediate attention, but it’s nice to have it readily available.   Another great feature is each notification can be downloaded as a Microsoft Excel spreadsheet that allows you to have even more control over the data the service provides.

Armed with the Trusted Advisor tool you can keep a closer eye on your AWS resources and gain insight to optimizing costs on a regular basis.   The Trusted Advisor covers the major AWS services but is only available to accounts with Business or Enterprise-level support.  Overall, it’s a very useful service for watching account costs and keeping an eye on possible red flags on an account.  It definitely doesn’t take the place of diligent implementation and monitoring of resources by a cloud engineer but can help with the process.

– Derek Baltazar, Senior Cloud Engineer