In the time I’ve spent working with thousands of AWS customers, I’ve seen companies big and small employ a variety of methods for identifying and organizing their AWS costs and usage data. Ultimately, these methods can be broken down into two camps:
Single AWS account with heavy use of tags
Many companies use one AWS account and heavily employ tags. This is the most popular strategy for organizing AWS costs that we see, and it’s most common among web apps or companies with a single product. There are some benefits to the single account technique; there’s less access control to manage, and you always know which account to buy reserved instances on. But using a single account means that you’ll need to be extremely diligent about tags if you want to have any sane break down of your AWS spending.
People with a single account often try to use security groups as a proxy for tags. This will give you some high-level information, but unless you’re using single value security groups (e.g. “webservice”), you’ll run into problems breaking the specific spending you want out of combination security groups (e.g., “default, webservice, itsec”).
Multiple accounts with lighter use of tags
The second strategy for AWS cost organization is common with companies who have lots of products or departments using AWS. These companies will split their AWS spending into multiple accounts, commonly differentiating between Environment or Product. Those wanting even finer granularity will do both. One of our customers, Adobe, has three accounts for each of their products: one for development, one for staging, and one for production.
Those companies seeking even finer control over spending will even give each developer or workstation their own AWS account. Obviously, by separating their usage into multiple accounts, these companies don’t need to rely as heavily on tags. However, there is still a lot of organization involved in keeping track of their various accounts.
A recipe for balancing your AWS costs
Regardless of which camp you fall into, you likely have a lot of work to do to balance your AWS bill. The single-account folks will need to put in a strict process that requires three to five tags (e.g., environment, product, application, service, owner, etc) before any AWS spending occurs. The best process will always have holes though, and you’ll likely need to build a report of untagged resources in a tool like Cloudability to review for untagged orphans each week or month.
The multiple-account folks will need to put extra effort into how to split up shared resources or components that multiple products use. This means coming up with a method for splitting those costs based on usage. This could be a flat, percentage-based chargeback model (e.g., 20% goes to Product A, 35% to Product B, etc), or it could be based on some form of loggable usage metric such as API calls to the shared service.
Which method for organizing AWS costs is best? It really depends on the size of the company. If you’re a very large multi-national corporation, you’ll likely want to use a multitude of techniques including multiple accounts, tags, and security groups. For smaller companies we generally recommend using a hybrid approach, giving each product its own account and then tagging each resource (that’s taggable) with a consistent grouping of 3-5 tags like Environment, Role/Tier, Developer/Owner, etc.
Cloudability provides advanced tools for combining all techniques above— and if you’d like to spend some time talking with us about how to structure your tagging strategy, we’d be happy to help. Please email firstname.lastname@example.org.