How to Enable Effective Asset Management in Your AWS Environment

On the downside, however, the ease of cloud resource provisioning increased the need for stronger controls on services’ usage. Over 40% of CIOs say that appropriate cloud resource usage is one of their top challenges.

IT asset management (ITAM) plays a focal role in establishing an accountability system for cloud spending and cloud total cost of ownership (TCO) optimization. One of the baseline principles of ITAM is “Know Your Infrastructure” — the process of inventorying all the available assets and establishing their designation, usage, and spending caps.

AWS provides a set of native tools and account controls for monitoring cloud resource consumption across your organization. In this post, we explain how to establish and maintain a convenient recordkeeping system for AWS asset management and minimize cases of overspending.

Four Approaches to Asset Management for Your AWS Infrastructure

Start with Analyzing AWS Billing Data

When it comes to any type of financial analysis, the first step is understanding how much money leaves your account each month.

Cloud spending data is available in your AWS Billing and Cost Management console. The total bill includes the costs of every AWS asset you have on your account. You can see historic month-over-month spending balances, as well as a detailed breakdown by service (e.g., cloud instances, databases, and other commissioned services).

AWS Billing and Cost Management Console Sample Screen

Source

To investigate usage patterns, you can further dice the available spending data by period, region, or availability zone. Doing so is an easy way to calculate the costs of maintaining a specific site, for example, storing European user data in Frankfurt (eu-central-1 zone).

AWS Billing console provides sufficient information for tracking smaller cloud portfolios. It is also the service most early cloud adopters use since it provides familiar financial insights, non-technical people can interpret. Additionally, you can use AWS Cost Explorer service to model different usage scenarios and forecast spending.

That said, AWS Billing does not offer in-depth insights into AWS costs and usage. For example, you cannot easily determine why you have so many reserved Amazon EC2 instances (and why you should continue paying a hefty sum for them). If that is the type of questions stakeholders are asking, then you need to go one level deeper.

Utilize Tags When Provisioning New Cloud Resources

Since most AWS services come with per-usage pricing, you need to understand their designation. High spending on production environments, for supporting live applications, is a given. However, paying for redundant testing or development environments is a clear sign of overspending.

A simple step such as cloud resources tagging can result in tremendous cost-saving opportunities.

An AWS tag should include:

• Environment designation. For example, development, test, or production environment. Additionally, you can also specify different versions of resources or applications using Version technical tags on AWS.
• System designation. For example, CRM system, data lake, mobile workforce app, etc. Such denotes help establish spending on specific corporate infrastructure.
• Team/unit designation. For example, “Sales department head”, “Alpha development team”, “QA center”, etc. Specify who is responsible for maintaining a specific resource and what its primary purpose is to locate all loose ends.

With a proper AWS tag management system in place, you can better understand who owns, uses, and maintains a specific cloud environment. Moreover, you can get detailed billing reports for each selected tag using AWS Cost Explorer tool in the Billing console.

When equipped with more granular data, you can execute more proactive cloud cost optimization steps such as:

• Cancel unused/under-used reserved instances
• Re-assign extra capacities towards other projects
• Add workload scheduling and auto-scaling features
• Align service tiers with specific app requirements
• Implement better cloud storage tiers
• Add resource spending caps with cost allocation tags.

Such quick actions can build up to spending reductions ranging from 15% to 25%.

AWS Tagging Best Practices

Source

• Create a unified tag naming policy for your organization. Ensure that all teams understand the guidelines for naming and use the correct AWS tag categories.
• Include up to 4 descriptive tags per asset. Each tag has to be shorter than 127 Unicode characters in UTF-8.
• Make “tags” a required field for creating new assets to prevent people from skipping this step.

Mature DevOps teams typically automate cloud tag generation using custom scripts or available third-party tools like Tagbot to save time and maximize consistency.

Use Native AWS Systems Manager Inventory

AWS Systems Manager Inventory is the second of the integrated AWS asset management tools available with your account.

Compared to the AWS Billing console, it is a more advanced tool since it aggregates cloud resource metadata across all your resources into a designated Amazon Simple Storage Service (Amazon S3) bucket. Afterward, you can use built-in tools to query the data and create custom reports on service usage patterns. Using this service, you gain a complete view of all the cloud assets, associated with your account ID.

Separately, you can aggregate data from multiple AWS accounts, but this requires a more complex setup process using AWS Glue service (extra fees apply).

AWS Systems Manager Inventory can be configured to run environment sweeps at any custom interval (but not more frequently than every 30 minutes). You can also choose to collect only certain data from selected nodes, node groups, or specific tags.

Using AWS Systems Manager Inventory makes sense when you operate a larger cloud estate and want to understand usage patterns across different company branches, geographic regions, or compartmentalized projects. 

Employ a Third-Party Asset Management Tool

Lastly, organizations with high ITSM maturity may also want to explore data dimensions. The above AWS asset management tools help paint a picture of your asset number, usage patterns, and operating costs.

However, neither provides extra metrics about cloud infrastructure security or compliance for example. Remember: cloud security is a shared responsibility. AWS users must implement proper cybersecurity controls and take “due diligence” steps like regular patching and system version upgrades.

On the compliance side, you may want to proactively track IT policy violations, which stem from subpar cloud resource usage. For example, storing personally identifiable information (PII) in a non-secured hot cloud storage location simultaneously increases your cloud computing costs and creates extra security risks for your business.

To tackle such advanced use cases, you should look into additional services such as AWS Security Hub and AWS Cloud Compliance. Also, if you operate a hybrid cloud or multi-cloud infrastructure, look into a third-party tool that provides asset discovery and management services across public clouds and on-premises environments.

When to Consider AWS Asset Management for Your Organization

Asset management requires some deliberate effort in tool setup and policy enforcement, which translates into extra workload for IT operations teams. With ongoing staff shortages, many organizations choose to put this task on a backburner…until it starts fuming (figuratively).

If you can relate to one of the following statements, you have to make AWS asset management a bigger priority:

Your Cloud Costs Are Out of Control

Enterprises on average, regularly overspend the initial cloud budgets by 25% or more. Sometimes a higher cloud bill is inevitable (for example, when migrating more databases to cloud storage or during the high sales season when your application gets peak traffic).

However, if your cloud costs consistently spiral out of control and you cannot determine the reason for yet another price hike, you need to establish a better asset management process. AWS asset management tools can provide granular visibility into cloud spending. Based on them, you can roll out new supporting policies for cost containment without sacrificing any infrastructure performance parameters.

You Cannot Establish Resource Ownership

Every experienced AWS consultant has a story about some “lost” servers, silently consuming resources somewhere on the periphery of your cloud portfolio. That is not surprising given that only 3 in 10 companies in 2022 know exactly where their cloud spending is going.

In most cases, low visibility results from the inability to establish specific asset owners and, respectively, determine resource designation (aka its business purpose). A properly established and codified AWS tagging policy addresses this problem.

You Struggle to Enforce Cost Containment Policies

At the end of the day, cloud cost optimization rests with your people. You can easily issue recommendations and enforce top-down policies for curbing cloud spending. However, you must also ensure their adherence.

That is when matters get complex. If it takes too long to locate the correct asset owner or the team member responsible for managing it, your cloud bill will remain rogue. Without full visibility into asset inventory and usage, you will also struggle to determine who misses important steps in cloud management workflows (e.g., does not follow development environment shutdown during night hours).

Companies with mature cloud asset management processes usually automate such policy enforcement and adherence to ensure consistent cloud usage.