- Unlimited Leave
- Consolidated billing nightmare
Consolidated billing nightmare
Just generate a CUR in every account from the start.
Happy National Military Spouse Appreciate Day. This is Unlimited Leave, the AWS Management and Governance newsletter that is reminding you to set a reminder to call your mom.
I love my mom and I love my wife (a mom and a Military Spouse).
That’s right. If you weren’t yet aware, yours truly just wrapped up a 20-year career in the U.S. Air Force / Air National Guard this last weekend.
This week's topics
Even Amazon fails at microservices
CUR Updates from last week
Another Price Hike for Greenfield Couse
Announcements and Notable Blogs
AWS Service Management Connector now supports provisioning with Terraform - I’ve never been big on Terraform due to AWS not having great solutions for ‘native’ management. I’m liking the latest updates for using Terraform.
Private Access to the AWS Management Console is generally available - while this seems like a configuration nightmare, this has merit. I remember in a previous organization I worked CloudTrail logs and other ‘issues’ resulted in an individual being called out for using the AWS Console from outside of the corporate network. At the time, we had Federated SAML access to the account so you had to be on the domain, but only for the moment of authentication, and then you could be in the console from a public network connection. They weren’t purposefully being nefarious. Now there doesn’t even need to be a question.
Amazon SNS now supports faster automatic deletion of unconfirmed subscriptions - why this took this long I’m unsure but I’m way more excited about this one than you’d expect.
Even Amazon fails at microservices
An interesting take by DHH on Amazon’s migration away from Microservices.
It all sounds great around the water cooler and sprint planning but in practice?
I’d love to hear some of your own horror stories about battling the monolithic beast.
My experience goes as deep as deploying ECS with EFS and RDS.
As suspected, AWS makes things more difficult than the end user would ever believe necessary. I’m sure there is always a reason. Even if it is just legacy logic that needs to be reworked.
Last week I shared that Cost Explorer and CUR data is reset in a child account when it leaves its current organization. There doesn’t seem to be a way around this.
The ‘fix’ is to create a CUR in the child account before severing the AWS Organization membership and open an AWS Support ticket to backfill the CUR in that account.
This is documented here:
The downside to this is you are still hosed if you liked all the pretty graphs and reports. Even with the CUR backfilled in the account, the Cost Explorer data is zeroized and there is no way to import it back.
The solution, deploy the Cloud Intelligence Dashboard:
Luckily I have already done this, and in the “advanced” configuration to consolidate CURs and billing details for all 4 of my current AWS Organizations. It’s a great tool/solution if you don’t want to go out and get a 3rd-party tool.
The downside is I don’t want to pull in historical information for these accounts and subsequently manage granular permissions to the data for only the account owners.
I recommend using the backfill process mentioned above, creating the CUR in parquet format, and letting the team Athena the hell out of it in their accounts.
We haven’t completed this process yet for an account being migrated so when we do, I’ll have more lessons learned. I just wish it was a non-issue. Why can’t the cost data just stay with the account AND roll up to a consolidated billing Master? 🤷
Greenfield Course Update
This is the last week presale of the course will be under $200.
Thank you to those continuing to support the project. Please continue to send in your questions and requests and I will either incorporate them throughout the build-out or add them in for free after the release.
March 31st - $99
April 7th. - $99
April 14th - $99
April 21st - $109
April 28th - $119
May 5th - $129
May 12th - $149
Learn more here: