Lab: Implementing AWS Cost Visibility and Governance
Determine cost optimization and visibility strategies
Lab: Implementing AWS Cost Visibility and Governance
This lab provides hands-on experience in configuring cost optimization and visibility strategies as required for the AWS Certified Solutions Architect - Professional (SAP-C02) exam. You will implement resource tagging, set up budget alerts, and explore cost analysis tools.
[!WARNING] Remember to run the teardown commands at the end of this lab to avoid ongoing charges. Estimated cost for this lab is under $0.05 (mostly Free Tier eligible).
Prerequisites
- An AWS Account with Administrator access.
- AWS CLI installed and configured with credentials for your account.
- Basic knowledge of JSON for CLI parameters.
- IAM Permissions: Ensure your user has
budgets:ModifyBudget,ce:*,s3:*, andsns:*permissions.
Learning Objectives
- Implement a Tagging Strategy for cost allocation.
- Configure AWS Budgets with SNS notifications for proactive cost management.
- Use the AWS CLI to query cost and usage data from AWS Cost Explorer.
- Identify Rightsizing Opportunities using AWS Compute Optimizer concepts.
Architecture Overview
Step-by-Step Instructions
Step 1: Create a Tagged Resource
Before we can track costs by business unit, we need resources with standardized tags. We will create an S3 bucket with an Environment tag.
# Generate a unique bucket name
BUCKET_NAME="brainybee-cost-lab-$(date +%s)"
aws s3api create-bucket --bucket $BUCKET_NAME --region us-east-1
aws s3api put-bucket-tagging --bucket $BUCKET_NAME --tagging 'TagSet=[{Key=Environment,Value=Dev},{Key=Project,Value=CostOptimization}]'▶Console alternative
- Navigate to the S3 Console.
- Click Create bucket.
- Enter a unique name and choose a region.
- Under Tags, click Add tag and enter Key:
Environment, Value:Dev. - Click Create bucket.
Step 2: Create an SNS Topic for Cost Alerts
AWS Budgets requires a notification channel to alert you when thresholds are met.
aws sns create-topic --name CostAlertTopic
# Note the TopicArn from the output. Replace <TOPIC_ARN> in the next step.
# Subscribe your email (Replace <YOUR_EMAIL>)
aws sns subscribe --topic-arn <TOPIC_ARN> --protocol email --notification-endpoint <YOUR_EMAIL>Step 3: Create a Monthly Budget
We will create a monthly budget of $10.00 that triggers an alert at 80% of the forecasted amount.
# Create a budget.json file
cat <<EOT > budget.json
{
"BudgetName": "Monthly_Dev_Budget",
"BudgetLimit": { "Amount": "10", "Unit": "USD" },
"TimeUnit": "MONTHLY",
"BudgetType": "COST"
}
EOT
aws budgets create-budget --account-id <YOUR_ACCOUNT_ID> --budget budget.json[!TIP] In a real-world scenario, you would attach a notification to this budget via the
create-notificationcommand, linking it to the SNS Topic created in Step 2.
Step 4: Query Cost Explorer via CLI
To gain visibility, we can query our usage for the current month. Note that data may take 24 hours to appear in a new account.
aws ce get-cost-and-usage \
--time-period Start=$(date +%Y-%m-01),End=$(date +%Y-%m-%d) \
--granularity MONTHLY \
--metrics "UnblendedCost" \
--group-by Type=DIMENSION,Key=SERVICECheckpoints
| Task | Verification Command/Action | Expected Result |
|---|---|---|
| S3 Tagging | aws s3api get-bucket-tagging --bucket <NAME> | JSON showing Environment=Dev |
| SNS Topic | aws sns list-topics | Topic ARN for CostAlertTopic exists |
| Budget | aws budgets describe-budgets --account-id <ID> | Monthly_Dev_Budget listed in output |
Troubleshooting
| Problem | Cause | Fix |
|---|---|---|
AccessDenied | IAM User lacks Billing permissions | Ensure the user has the AdministratorAccess or specific Billing policies. |
| Empty CE results | Data Latency | Cost Explorer data usually has a 24-hour delay for new resources. |
| SNS No Email | Subscription Not Confirmed | Check your email inbox (and spam) for the AWS Notification - Subscription Confirmation email. |
Clean-Up / Teardown
[!IMPORTANT] Failure to delete these resources may result in minor charges if thresholds are exceeded.
# 1. Delete the S3 Bucket (Empty it first if you added files)
aws s3 rb s3://<YOUR_BUCKET_NAME> --force
# 2. Delete the Budget
aws budgets delete-budget --account-id <YOUR_ACCOUNT_ID> --budget-name "Monthly_Dev_Budget"
# 3. Delete the SNS Topic
aws sns delete-topic --topic-arn <YOUR_TOPIC_ARN>Stretch Challenge
Automated Rightsizing: Using the AWS CLI, try to find the command to list recommendations from AWS Compute Optimizer. How would you filter these recommendations to only show instances that are "Underprovisioned"?
▶Show Hint
Look into the aws compute-optimizer get-ec2-instance-recommendations command and use --filters.
Cost Estimate
- S3: $0.023 per GB (First 5GB free). For this lab: $0.00.
- AWS Budgets: First 2 budgets are free. For this lab: $0.00.
- SNS: First 1 million Amazon SNS requests per month are free. For this lab: $0.00.
- Total: $0.00 for most users.
Concept Review
Key Tools Comparison
| Tool | Primary Use Case | Key Benefit |
|---|---|---|
| Cost Explorer | Visualizing historical and forecasted costs. | Trend analysis and filtering by tags. |
| AWS Budgets | Setting custom cost/usage limits. | Proactive alerts (SNS/Email). |
| Compute Optimizer | Rightsizing compute resources. | Uses ML to recommend instance types. |
| Trusted Advisor | General best practice checks. | Identifies idle or underutilized resources. |
Optimization Strategy Visual
\begin{tikzpicture}[node distance=2cm] \draw[thick, ->] (0,0) -- (6,0) node[anchor=north] {Time/Lifecycle}; \draw[thick, ->] (0,0) -- (0,4) node[anchor=east] {Savings potential}; \draw[blue, thick] (0.5,3.5) .. controls (2,2) and (4,1) .. (5.5,0.5); \node at (3,2.5) {Rightsizing & Modernization}; \node[draw] at (3, -1) {\small Continuous Improvement Cycle}; \end{tikzpicture}