Using AWS Organizations to consolidate billing sprawl

Win $500 USD Amazon gift card
Try your luck and create an AWS superhero story to win $500! This contest runs through September 30, 2021, and all participants will get a special Veeam swag package. Get creative!

With more and more businesses relying on public clouds to run their IT infrastructure, it’s becoming more of a challenge managing these environments. When we look at AWS for example, a best practice is to use AWS accounts to segregate workloads and create security boundaries. By using multiple AWS accounts, you are essentially creating individual environments with their own access policies, user accounts, and storage environments. Although this provides some great benefits around security and other aspects, this does pose a headache for businesses looking to manage all these accounts. Whether it’s having to manage the billing for each individual account or applying standardized security policies, this kind of account sprawl is a major challenge for businesses to overcome.

Let’s take a look internally at Veeam as an example of this. As a member of Veeam’s product strategy group, I and my teammates spend a considerable amount of time testing products and working with customers and R&D on developing best practices and architecture recommendations. Every member of this team at one time or another has or had their own AWS account. While this in itself is not a challenge, the billing aspect of this was. Imagine a scenario where every team member is expensing their own AWS account. As the group has 15 employees, that is 15 separate expense reports a manager must approve, plus with no centralized management, the manager must then collate all the individual expense reports to understand what the group is spending per month. The scenario below shows this. This is not an ideal use of anyone’s time.

Figure 1

AWS Organizations

Now in this scenario, AWS has a feature called AWS Organizations. AWS describes this capability as follows:

“AWS Organizations helps you centrally manage and govern your environment as you grow and scale your AWS resources. Using AWS Organizations, you can programmatically create new AWS accounts and allocate resources, group accounts to organize your workflows, apply policies to accounts or groups for governance, and simplify billing by using a single payment method for all of your accounts”.

The individual aspect for this particular use case was the simplified billing using a single payment method for all of the accounts. This allows us to create a single account to manage all the billing of the individual accounts, and also create new accounts for new members joining without them having to worry about credit cards or expenses policies.

Figure 2

Within this centralized billing account, we can now manage all these accounts through AWS organizations. Either by adding existing AWS accounts or creating new ones we can manage everything centrally.

Figure 3

Once you have the central management account created and AWS organizations setup, you can then apply budgets globally, define policies and even restrict access to specific services. For the purpose of this use case all we wanted to achieve was consolidated billing.

Consolidated billing

With consolidated billing, you are able to manage and monitor each individual account’s spending. This is particularly useful in this use case where we want to manage spending centrally.

Figure 4
Figure 5

As you can see in the screenshots, being able to investigate individual account spending is particularly helpful when the use case is about consolidated spending for individual team members.

Summary

AWS Organizations provides a powerful way for businesses to manage multiple AWS accounts, whether they are being used for individuals, different environments, like production and Dev test, or being used as specific security boundaries to protect data. AWS Organizations provides the management capabilities needed for more complex AWS environments.


Additional resources:

Article language
English
Get weekly blog updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam’s Privacy Policy
Cheers for trusting us with the spot in your mailbox!
Now you’re less likely to miss what’s been brewing in our blog with this weekly digest.
OK

AWS-native
Backup

Veeam Backup for AWS

Download now

Leave a Reply

Your email address will not be published.