Account Reorganization

Background

In the dynamic landscape of cloud computing, an anonymous client embarked on a strategic shift towards serverless architecture on AWS, aiming for a more streamlined and cost-effective operational model. Despite the anticipated benefits of serverless computing, the client encountered an unforeseen challenge - a significant increase in their monthly AWS bill. This development prompted a reassessment of their approach to serverless deployment, seeking not only to leverage its operational advantages but also to ensure its cost-effectiveness.

The transition to serverless architecture, while promising ease of maintenance and cost reduction, paradoxically led to rising operational expenses for the client. This unforeseen increase in costs prompted a critical evaluation of the serverless deployment strategy, with a specific focus on identifying and addressing the root causes contributing to the financial upturn.

Solution

To address this challenge, Pump proposed a comprehensive three-fold strategy:

- Infrastructure Refactoring for Cost-Optimization: Pump undertook the task of refining the client's serverless infrastructure. This involved the strategic use of AWS Step Functions, optimizing memory requirements, and enhancing overall infrastructure efficiency.

- Rightsizing and Autoscaling: Recognizing the impact of overprovisioned resources on costs, Pump focused on rightsizing the existing infrastructure to align with actual usage needs. Furthermore, implementing autoscaling policies ensured that resource allocation dynamically adjusted to traffic patterns, preventing unnecessary expenditure.

- Strategic Investment in Savings Plans and Reserved Instances: Guiding the client through the selection of AWS Savings Plans and AWS EC2 Reserved Instances (RI), Pump provided expert advice on making informed purchasing decisions that aligned with the client's usage patterns and financial objectives.

Account Separation

A pivotal aspect of Pump's strategy was the separation of the client's workloads into distinct dev and prod AWS accounts. This separation yielded several key benefits:

- Enhanced Security and Stability: With separate accounts, prod environments were fortified with stricter security policies and monitoring, ensuring high levels of reliability and performance.

- Cost-Efficient Resource Utilization: Dev accounts were optimized for cost savings, employing lower-cost resources and shutting down unnecessary services when not in use, without impacting prod stability.

- Agile Development and Testing: The isolation of dev workloads in their own account allowed for faster iterations, risk-free testing, and innovation, accelerating the development cycle without jeopardizing the integrity of prod environments.

Outcomes

The strategic intervention by Pump yielded remarkable results:

- Efficient Resource Utilization: By refactoring AWS Lambda and Step Functions and rightsizing Lambda memory limits and Amazon ElastiCache clusters, Pump eliminated overprovisioning, aligning resource utilization with actual needs.

- Cost Reduction through Autoscaling: Implementing autoscaling for ElastiCache clusters addressed inefficiencies associated with peak traffic provisioning, ensuring resources were scaled in response to real-time demand.

- Strategic Financial Planning: The staggered savings plan approach, recommended and implemented by Pump, facilitated significant cost savings, adhering to AWS best practices for maintaining high coverage in a financially prudent manner.

Multi Account Structure

The multi-account structure we've implemented for the customer is meticulously designed to align with AWS's well-established best practices. This architectural choice is foundational to achieving both operational excellence and security within the cloud environment. By segregating resources across multiple AWS accounts, we enhance the overall security posture, simplify billing and cost management, and enable more granular control over access and resources.

Central to our approach is the strategic use of tagging policies, a crucial element in organizing and managing cloud resources efficiently. Each account within this multi-account structure is tagged based on the specific environment it represents, such as development (dev), testing (test), user acceptance testing (UAT), and production (prod). This tagging convention plays a pivotal role in our cloud governance strategy, ensuring that resources are easily identifiable, and operational tasks can be automated with precision.

Cost Allocation Tags

The customer needed help with environment tagging in accounts. We utilized the tagging features of AWS Organizations to establish account level tags with metadata on environment information (development, UAT, prod). This is essential as we join the data with the AWS Cost and Usage Report (CUR) as it allows cost and usage data to be aggregated across different environments. We also took advantage of SCPs and Tag Policies to help establish guardrails to enforce the tagging policies.

https://aws.amazon.com/blogs/mt/implement-aws-resource-tagging-strategy-using-aws-tag-policies-and-service-control-policies-scps/

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html

Total Cost Of Ownership

We were able to break down the total cost of ownership aggregated across multiple accounts in a way that is important and relevant to the customer. Powered by the account tags provided information, we were able to map the spend in each account to the environment it belongs in. This was also crucial in determining what reservation recommendations we were to give to the customer as it is generally not suggested to make long term commitments to quick changing environments like dev environments.

Cost Allocation Dashboard

Cost visibility and cost allocation dashboard comes natively with the Pump's dashboards and offers customers detailed breakdown of their costs.