Unlimited Leave
Posts
Consolidated billing nightmare

Consolidated billing nightmare

Just generate a CUR in every account from the start.

Ross Wickman
May 12, 2023

Happy National Military Spouse Appreciate Day. This is Unlimited Leave, the AWS Management and Governance newsletter that is reminding you to set a reminder to call your mom.

I love my mom and I love my wife (a mom and a Military Spouse).

That’s right. If you weren’t yet aware, yours truly just wrapped up a 20-year career in the U.S. Air Force / Air National Guard this last weekend.

This week's topics

Announcements
Even Amazon fails at microservices
CUR Updates from last week
Another Price Hike for Greenfield Couse

Announcements and Notable Blogs

AWS Service Management Connector now supports provisioning with Terraform - I’ve never been big on Terraform due to AWS not having great solutions for ‘native’ management. I’m liking the latest updates for using Terraform.
AWS Systems Manager now allows customers to optimize the computing costs of their applications
Private Access to the AWS Management Console is generally available - while this seems like a configuration nightmare, this has merit. I remember in a previous organization I worked CloudTrail logs and other ‘issues’ resulted in an individual being called out for using the AWS Console from outside of the corporate network. At the time, we had Federated SAML access to the account so you had to be on the domain, but only for the moment of authentication, and then you could be in the console from a public network connection. They weren’t purposefully being nefarious. Now there doesn’t even need to be a question.
Amazon SNS now supports faster automatic deletion of unconfirmed subscriptions - why this took this long I’m unsure but I’m way more excited about this one than you’d expect.
A walk through AWS Verified Access policies

Even Amazon fails at microservices

An interesting take by DHH on Amazon’s migration away from Microservices.

It all sounds great around the water cooler and sprint planning but in practice?

I’d love to hear some of your own horror stories about battling the monolithic beast.

My experience goes as deep as deploying ECS with EFS and RDS.

Even Amazon can't make sense of serverless or microservices

The Prime Video team at Amazon has published a rather remarkable case study on their decision to dump their serverless, microservices architecture and replace it with a monolith instead. This move saved them a staggering 90%(!!) on operating costs, and simplified the system too. What a win! But beyond celebrating their good sense, I th...

world.hey.com/dhh/even-amazon-can-t-make-sense-of-serverless-or-microservices-59625580

CUR Updates

As suspected, AWS makes things more difficult than the end user would ever believe necessary. I’m sure there is always a reason. Even if it is just legacy logic that needs to be reworked.

Last week I shared that Cost Explorer and CUR data is reset in a child account when it leaves its current organization. There doesn’t seem to be a way around this.

The ‘fix’ is to create a CUR in the child account before severing the AWS Organization membership and open an AWS Support ticket to backfill the CUR in that account.

This is documented here:

Cost & Usage Report Now Available to Member (Linked) Accounts

aws.amazon.com/about-aws/whats-new/2020/12/cost-and-usage-report-now-available-to-member-linked-accounts

The downside to this is you are still hosed if you liked all the pretty graphs and reports. Even with the CUR backfilled in the account, the Cost Explorer data is zeroized and there is no way to import it back.

The solution, deploy the Cloud Intelligence Dashboard:

Level 200: Cloud Intelligence Dashboards:: AWS Well-Architected Labs

Hands-on labs and real-world design scenarios for Well-Architected workloads

wellarchitectedlabs.com/cost/200_labs/200_cloud_intelligence

Luckily I have already done this, and in the “advanced” configuration to consolidate CURs and billing details for all 4 of my current AWS Organizations. It’s a great tool/solution if you don’t want to go out and get a 3rd-party tool.

The downside is I don’t want to pull in historical information for these accounts and subsequently manage granular permissions to the data for only the account owners.

I recommend using the backfill process mentioned above, creating the CUR in parquet format, and letting the team Athena the hell out of it in their accounts.

We haven’t completed this process yet for an account being migrated so when we do, I’ll have more lessons learned. I just wish it was a non-issue. Why can’t the cost data just stay with the account AND roll up to a consolidated billing Master? 🤷

Greenfield Course Update

This is the last week presale of the course will be under $200.

Thank you to those continuing to support the project. Please continue to send in your questions and requests and I will either incorporate them throughout the build-out or add them in for free after the release.

March 31st - $99
April 7th. - $99
April 14th - $99
April 21st - $109
April 28th - $119
May 5th - $129
May 12th - $149

Learn more here:

Greenfield AWS Organization Deployment

Learn how to properly deploy a new AWS Organization for easier management and governance from the ground up. Use tools like Customizations for Control Tower (CfCT) and Account Factory for Terraform (AFT).

unlimitedleave.thinkific.com/courses/greenfield-aws-organization-deployment

Review past issues HERE | Share with others HERE
Start your own newsletter with this link

Disclaimer: The resources and topics shared within this newsletter are for informational use only. Any resources deployed or tools implemented are done so at your own risk. Do your research and testing before the implementation of any resource or service deployed for any workload.