Enterprises progressing through their cloud adoption need to ensure that they have cost management strategies in place to control their spend as they continue to migrate services to cloud providers. These 10 tips will help to get basic cost control strategies into place. In addition to a full suite of preventive, detective, and corrective controls, and IAM management, Turbot Guardrails also provides many cost controls helping you to ensure your cloud environment is continuously and automatically cost optimized.
Ensure teams have the direct ability to see what they are spending. It's easy to get carried away spinning up services, unless you know exactly what you are already spending. Turbot Guardrails shows costs back to your staff so they know what they are spending before logging into the cloud console. Providing this information helps to increase fiscal responsibility, and they can login to take action.
Identify what you have, and who owns it. Tag resources with user ownership, cost center information, and created time to give you a better handle from where the spend is coming. This information can be used to track usage through detailed billing reports. Turbot Guardrails can ensure custom tags are provided on all resources, and can automate the application of tags using inherited account metadata (e.g. cost codes / GL codes), or data indicating who created the resource and at what time.
Once you have a handle on what your spend is, set budgets per account. Doing this after establishing a baseline ensures that you are setting practical and realistic budgets that are based on the actual usage. Turbot Guardrails allows you to set budgets per account, and alert on thresholds when the spend is trending out of alignment with the budget.
Whitelist Instance types (RDS & EC2) to only allow instances of specific types (e.g. t2.medium) or of classes (e.g. t2-), or of sizes (e.g. -micro, -small, -medium). Turbot Guardrails can ensure that only these instance types are being utilized to ensure that costly unnecessarily large instances like GPUs are not being introduced into the environment.
Prevent staff from provisioning unapproved virtual instances from the marketplace that include software license costs, or from using specific OS or DB engines from vendors with whom you do not have enterprise agreements in place or are too costly to run at scale. Turbot Guardrails can ensure that only approved AMIs, specified Operating Systems, or Database engines are being utilized through whitelist policies.
Review in which regions you have services running. The cost of services per region can vary as much as 60%. Ensure you are balancing the need with running services in a given region with the cost of doing so. In Turbot Guardrails, you can specify Approved Regions ensuring that only the lowest cost regions can be utilized, helping to eliminate this variance in cost. Services can then only be utilized in these Approved Regions.
Use instance scheduling to start and stop instances on a planned schedule. Shutting down environments on nights and weekends can help save you 70% of runtime costs. Determine which environments need 24x7 availability, and schedule the rest. Turbot Guardrails allows you to enforce Start/Stop schedules across an account (all instances) or for specific instances.
Manage your storage lifecycle. Ensure that you are rotating logs and snapshots regularly. Also, backup and remove any storage volumes that are no longer in use. Turbot Guardrails will automatically rotate your logs and snapshots on retention periods you specify to save on unnecessary storage. Turbot Guardrails can snapshot and delete detached EBS volumes after a retention period you determine. One Turbot Guardrails customer saved $30,000 per month by enabling this feature, and ensures that this unnecessary spend will never occur again because of Turbot Guardrails continual enforcement.
Manage Cloudtrail configurations - ensure that you are using one Cloudtrail configuration, and have added additional ones only when absolutely necessary. Turbot Guardrails can enforce a single Cloudtrail configuration (which is free), and prevent additional Cloudtrails from being created.
Review the utilization of Sandbox / Trial accounts - Ensure that sandbox or trial accounts are only utilized for exploration purposes, and for the duration committed. In addition to limiting configurations noted above (Instance Type, retention days) more restrictively by creating exceptions, Turbot Guardrails can support time limited guardrails configured to specific time limits. For these sandbox / trial accounts, you can enable services for a limited amount of time (e.g. 30 days of IoT enablement). Turbot Guardrails will then alarm if resources are in use past that time period, where you are notified to start a conversation about long term need and utilization of the environment.
In addition to these built in Turbot Guardrails capabilities, Turbot Guardrails works as part of a partner ecosystem of tools. Turbot Guardrails has direct integrations with CloudCheckr, that allow you obtain additional tools to save money, track your spending, and optimize your AWS cloud resources.
Contact us to learn more about Turbot Guardrails Cost Management Features, or to understand how Turbot Guardrails can help you manage your cloud environment at scale. Or, schedule a demo to see Turbot Guardrails in action.