AWS Management Tools & Cost Management

The AWS Management & Governance product suite allows you to enable, provision, and
operate AWS resources to determine the health and predictability of your cloud
workloads.
AWS Systems Manager is a management service that helps you
• automatically collect software inventory
• apply operating system patches
• create system images
• configure Windows and Linux operating systems.
These capabilities help you
• define and track system configurations
• prevent drift
• maintain software compliance of your Amazon EC2
• on-premises configurations
Systems Manager makes it easier for you to seamlessly bridge your existing
infrastructure with AWS.
Benefits
• Improve visibility and control in the cloud, on premises, and at the edge.
• Shorten the time to detect and resolve operational issues.
• Maintain instance compliance against your patch,configuration, and custom policies.
• Automate configuration and ongoing management of your applications and resources.
Features
AWS Systems Manager is the operations hub for your AWS applications and resources,
and is broken into four core feature groups.
Features
1. Operations Management
2. Applications Management
3. Change Management
4. Node Management
Features
1. Operations Management
1.1 Explorer
1.2 OpsCenter
1.3 Incident Manager
Features
1. Operations Management
1.1 Explorer
• AWS Systems Manager Explorer is a customizable dashboard, providing key insights
and analysis into the operational health and performance of your AWS environment.
• Explorer aggregates operational data from across AWS accounts and AWS Regions
to help you prioritize and identify where action may be required.
Features
1. Operations Management
1.2 OpsCenter
• OpsCenter provides a central location where operations engineers and IT professionals
can view, investigate, and resolve operational issues related to your resources on AWS
and in multicloud and hybrid environments.

327
• OpsCenter aggregates and standardizes operational issues, referred to as OpsItems,
while providing contextually relevant data that helps with diagnosis and
remediation.
Features
1. Operations Management
1.2 OpsCenter
Engineers working on an OpsItem get access to information such as:
•Event, resource and account details
•Past OpsItems with similar characteristics
•Related AWS Config changes
•AWS CloudTrail logs
•Amazon CloudWatch alarms
•Stack information
•Quick-links to access logs and metrics
•List of runbooks and recommended runbooks
•Other information passed to OpsCenter through AWS services
Features
1. Operations Management
1.3 Incident Manager
• enables faster resolution of critical application availability and performance issues.
• helps you prepare for incidents with automated response plans that bring the right
people and information together.
• you can automatically take action when a critical issue is detected by an Amazon
CloudWatch alarm or Amazon EventBridge event.
Features
1. Operations Management
• 1.3 Incident Manager
• Incident Manager executes pre-configured response plans to engage responders via
SMS and phone calls, links designated chat channels using AWS Chatbot, and
executes AWS Systems Manager Automation runbooks.
• helps you improve service reliability by suggesting postincident action items, such as
automating a runbook step or adding a new alarm, based on Amazon’s post-incident
analysis template.
Features
1. Operations Management
• Incident Manager
Features
2. Applications Management
2.1 Application Manger
2.2 App Config
2.3 Parameter Store
Features
2. Applications Management
2.1 Application Manger
• Application Manager helps you investigate and remediate issues with your resources
on AWS and in multicloud and hybrid environments in the context of your applications.
Features
2. Applications Management
2.1 Application Manger
• you can discover and/or define your application

328
components, view operations data (e.g. deployment status, Amazon CloudWatch
alarms, resource configurations, and operational issues) in the context of an
application, and perform remedial actions such as patching and running Automation
runbooks.
Features
2. Applications Management
2.1Application Manger
• Application Manager will display data and alarms and
take action on your existing Amazon Elastic Container
Service (ECS) environments.
Features
2. Applications Management
2.2App Config
• AWS AppConfig helps you deploy application configuration in a managed and a
monitored way just like code deployments, but without the need to deploy the code
if a configuration value changes.
• AWS AppConfig scales with your infrastructure so you can deploy configurations to
any number of Amazon Elastic Compute Cloud (EC2) instances, containers, AWS Lambda
functions, mobile apps, IoT devices, or on-premises instances., and rolling back changes
should an error occur.
• allows you to validate those changes semantically and syntactically to ensure
configurations are aligned to their respective applications’ expectation, thus helping you
to prevent potential outages.
• You can deploy your application configurations with similar best practices as code
deployments, including staging rollouts, monitoring alarms, and rolling back
changes should an error occur.
Features
2. Applications Management
2.3 Parameter Store
• AWS Systems Manager provides a centralized store to manage your configuration
data, whether plain-text data such as database strings or secrets such as passwords.
• This allows you to separate your secrets and configuration data from your code.
• Parameters can be tagged and organized into hierarchies, helping you manage
parameters more easily. For example, you can use the same parameter name, "db
string", with a different hierarchical path, "dev/db-string” or “prod/db-string", to store
different values.

2. Applications Management
2.3 Parameter Store
• You can also control user and resource access to
parameters using AWS Identity and Access Management
(IAM).
3. Change Management
3.1 Automation
3.2 Change Manager
3.3 Maintenance Windows
3. Change Management
3.1Automation
• allows you to safely automate common and repetitive IT operations and
management tasks across multiple accounts and AWS Regions.

329
• With Systems Manager Automation, you can author custom runbooks with a low-code
visual designer, or choose from over 370 predefined runbooks provided by
AWS.
• You can run Python or PowerShell scripts as part of a runbook in combination with
other automation actions such as approvals, AWS API calls, or running commands on
your EC2 instances.
• These runbooks can be scheduled in a maintenancewindow, triggered based on
changes to your resources on AWS and in multicloud and hybrid environments
through Amazon CloudWatch Events, or executed directly through the AWS
Management Console, CLIs, and SDKs.
• Automation can track the execution of each step in a runbook, require approvals,
incrementally roll out changes, and automatically halt the rollout if errors occur.
3. Change Management
3.2 Change Manager
• AWS Systems Manager Change Manager simplifies the way you request, approve,
implement, and report on operational changes to your application configuration and
infrastructure on AWS and on premises.
• With Change Manager, you use pre-approved change workflows to help avoid
unintentional results when making operational changes.
• Change Manager helps you safely implement changes, while detecting schedule
conflicts with important business events and automatically notifying impacted approvers.
• Using Change Manager’s change reports, you can monitor progress and audit
operational changes across your organization, providing improved visibility and
accountability.
3. Change Management
3.3 Maintenance Windows
• AWS Systems Manager lets you schedule windows of time to run administrative and
maintenance tasks across your instances.
• This ensures that you select a convenient and safe time to install patches and updates
or make other configuration changes, improving the availability and reliability of your
services and applications.
Features
4. Node Management
4.1Fleet Manager
4.2 Session Manager
4.3 Patch Manager

Features
4. Node Management
4.1 Fleet Manager
• AWS Systems Manager Fleet Manager streamlines your remote management process
for servers and edge devices.
• With Fleet Manager, you save time and money by managing and troubleshooting your
fleet running in the cloud or on premises, without the need to remotely connect to them.

330
You can drill down to individual nodes (services, devices, or other resources) to perform
common system management tasks such as disk and file exploration, log management,
Windows Registry operations, and user management from a console.
4. Node Management
4.2 Session Manager
• AWS Systems Manager provides a browser-based interactive shell, CLI and browser
based remote desktop access for managing instances on your cloud, or on premises and
edge devices, without the need to open inbound ports, manage Secure Shell (SSH)
keys, or use bastion hosts.
• Administrators can grant and revoke access to instances through a central location by
using AWS Identity and Access Management (IAM) policies.
• This allows you to control which users can access each instance, including the option to
provide non-root access to specified users.
• Once access is provided, you can audit which user accessed an instance and log each
command to Amazon Simple Storage Service (S3) or Amazon CloudWatch Logs using
AWS CloudTrail.
4. Node Management
4.3 Patch Manager
• AWS Systems Manager helps you select and deploy operating system and software
patches automatically across large groups of cloud or on-premises instances and edge
devices.
• Through patch baselines, you can set rules to auto-approve select categories of patches to
be installed, such as operating system or high severity patches, and specify a list of
patches that override these rules and are automatically approved or rejected.
• You can also schedule maintenance windows for your patches so that they are only
applied during specific times.
• Systems Manager helps ensure that your software is up-to date and meets your
compliance policies.
To use AWS efficiently, you need insight into your AWS resources: How do you know
when you should launch more Amazon EC2 instances? Is your application's
performance or availability being affected by a lack of sufficient capacity? How much of
your infrastructure is actually being used?
• Monitors –
– AWS resources
– Applications that run on AWS
• Collects and tracks –
– Standard metrics

331
– Custom metrics
• Alarms –
– Send notifications to an Amazon SNS
topic
– Perform Amazon EC2 Auto Scaling
or Amazon EC2 actions
• Events –
– Define rules to match changes in AWS environment and route these events to one or
more target functions or streams for processing
• Amazon CloudWatch is a service that monitors applications, responds to
performance changes, optimizes resource use, and provides insights into operational
health.
• By collecting data across AWS resources, CloudWatch gives visibility into system-
wide performance and allows users to set alarms, automatically react to changes, and
gain a unified view of operational health.
Benefits
• Collect, access, and analyze your resource and application data using visualization
tools
• Improve operational performance using alarms and automated actions set to activate at
predetermined thresholds
• Seamlessly integrate with more than 70 AWS services for simplified monitoring and
scalability
• Troubleshoot operational problems with actionable insights derived from logs and
metrics in your CloudWatch dashboards
Metrics: Amazon CloudWatch will record the data of CPU utilization, memory usage, disk
i/o other system-level stats.
Logs: It will collect all the logs which are used for the further analysis
Events: Launching of significant instances, modifications to security groups, and other
events.
Services
1.CloudWatch Logs
•This service enables users to collect and store logs for vended services for customers,
logs for specific AWS services such as AWS CloudTrail, AWS Lambda, Amazon API
Gateway, Amazon Simple Notification Service, and on-premises resources.
•CloudWatch Logs Insights can provide quick queries and visualization of log data.
•Metrics collection. Users can collect default metrics from more than 70 distributed
AWS applications and view them in one place.
•They also can collect metrics and customize logs from their own applications or on-
premises resources.
•Container Insights. This feature collects, aggregates and monitors metrics and logs for
containerized applications and microservices.
•It can also troubleshoot Amazon Elastic Kubernetes Service and Amazon Container
Orchestration Service.
•Containerized Application
Containerization is a software deployment process that bundles an application's code
with all the files and libraries it needs to run on any infrastructure
•Microservcies
Microservices are an architectural and organizational approach to software development
where software is composed of small independent services that communicate over well-
defined APIs.

332
•Kubernetes, is an open source system for automating deployment, scaling, and
management of containerized applications.
•AWS container services make it easier to manage your underlying infrastructure, whether
on premises or in the cloud, so you can focus on innovation and your business needs.
• Nearly 80 percent of all containers in the cloud run on AWS today. Customers such as
Samsung, Expedia, GoDaddy, and Snap choose to run their containers on AWS for
security, reliability, and scalability.
•Amazon Elastic Kubernetes Service (Amazon EKS) is a managed Kubernetes service
that allows users to run Kubernetes on Amazon Web Services (AWS) or onpremises
•Amazon Container orchestration is the process of automating the management of
containerized applications, including their deployment, scaling, and security.
•CloudWatch Lambda Insights. This service collects, aggregates and monitors
AWSLambda logs
•Contributor Insights. This feature provides a view of the top contributors influencing
system performance, such as API calls, applications or customer accounts.
•Unified view. This feature enables users to create dashboard views for selected
applications, graphs and other visualized cloud data.
•Composite alarms. This function unifies alarms for different issues affected by the
same application into a single notification. This can help root-cause diagnosis.
•High resolution alarms. Users can set thresholds for specific metrics that trigger
alarm actions, such as shutting down unused instances.
•Correlation. CloudWatch can correlate specific patterns in logs with metrics to
diagnose a root cause.
•Application Insights for .NET and SQL Server. This feature provides easy monitoring
for .NET and SQL Server applications, with automated dashboards and smart metrics.
•Anomaly Detection. Machine learning algorithms can detect abnormal activity in
AWS systems.
•ServiceLens. This service monitors the performance, health and availability of
applications and dependencies to reduce bottlenecks, recognize affected users and
diagnose root causes.
•Synthetics. This facility monitors application endpoints and alerts the user to errors and
abnormal infrastructure issues.
•Metric Streams. This feature enables users to create near real-time metric streams to
other applications, such as Amazon S3, or share them with third-party service providers.
•Auto Scaling. This feature automates capacity and resource planning.
•CloudWatch Events. This service provides a near real-time stream of system events and
automates responses to operational changes.
•Log analytics. Advanced analytics are available for the information in CloudWatch Logs.
•Integration with AWS Identity and Access Management. This facility provides a
management console to control which users and applications have access to
CloudWatch data and resources.

1. Amazon Simple Notification Service (Amazon SNS) coordinates and manages the
delivery or sending of messages to subscribing clients. You use Amazon SNS with
CloudWatch to send messages when an alarm threshold has been reached.
2.Amazon EC2 Auto Scaling enables you to automatically launch or terminate Amazon
EC2 instances based on user defined policies, health status checks, and schedules.
You can use a CloudWatch alarm with Amazon EC2 Auto Scaling to scale your EC2
instances based on demand.

333
3. AWS CloudTrail enables you to monitor the calls made to the Amazon CloudWatch
API for your account, including calls made by the AWS Management Console, AWS CLI,
and other services. When CloudTrail logging is turned on, CloudWatch writes log files
to the Amazon S3 bucket that you specified when you configured CloudTrail.
4. AWS Identity and Access Management (IAM) is a web service that helps you
securely control access to AWS resources for your users. Use IAM to control who can
use your AWS resources (authentication) and what resources they can use in which ways
(authorization). IAM administrators control who can be authenticated (signed in) and
authorized (have permissions) to use CloudWatch resources.

AWS CLOUDTRAIL
• AWS CloudTrail is an AWS service that helps you enable operational and risk
auditing, governance, and compliance of your AWS account.
• Continuously log your AWS account activity
• Actions taken by a user, role, or an AWS service are recorded as events in
CloudTrail.
• Events include actions taken in the AWS Management Console, AWS Command Line
Interface, and AWS SDKs and APIs.
1. Cloud Trail Events
An event in CloudTrail is the record of an activity in an AWS account
1. Cloud Trail Events
CloudTrail logs three types of events:
Management events
Data events
Insights events
1. Cloud Trail Events
Management events
• Management events provide information about management operations that are
performed on resources in your AWS account
Configuring security Setting up logging
CloudTrail logs three types of events:
Data events provide information about the resource operations performed on or in a
resource.
CloudTrail logs three types of events:
Insights events
CloudTrail Insights events capture unusual API call rate or error rate activity in your
AWS account
2. Event History
The Event history provides a viewable, searchable, downloadable, and immutable
record of the past 90 days of management events in an AWS Region.
3. Trail
A trail is a configuration that enables delivery of CloudTrail events to an S3 bucket,
with optional delivery to CloudWatch Logs
Multi-Region trails
When you create a multi-Region trail, CloudTrail records events in all AWS Regions in
the AWS CloudTrail event log files to an S3 bucket that you specify
Single-Region trails When you create a single-Region trail, CloudTrail records the
events in that Region only It then delivers the CloudTrail event log files to an Amazon S3
bucket that you specify.

334
Multiple trails per Region
If you have different but related user groups, such as developers, security personnel,
and IT auditors, you can create multiple trails per Region.
4. Organization Trail
An organization trail is a configuration that enables delivery of CloudTrail events in the
management account and all member accounts in an AWS organization to the same
Amazon S3 bucket
5. CloudTrail Lake and event data stores CloudTrail Lake lets you run fine-grained
SQL-based queries on your events, and log events from sources outside AWS,
including from your own applications, and from partners who are integrated with
CloudTrail
5. CloudTrail Lake and event data stores Events are aggregated into event data stores,
which are immutable collections of events based on criteria that you select by applying
advanced event selectors.
6.CloudTrail Insights
CloudTrail Insights help AWS users identify and respond to unusual volumes of API
calls or errors logged on API calls by continuously analyzing CloudTrail management
events.
7. Tag
A tag is a customer-defined key and optional value that can be assigned to AWS
resources, such as CloudTrail trails, event data stores, and channels, S3 buckets used to
store CloudTrail log files.

8. AWS Security Token Service and CloudTrail AWS Security Token Service (AWS
STS) is a service that has a global endpoint and also supports Region-specific endpoints.
An endpoint is a URL that is the entry point for web service requests
9. Global service events For most services, events are recorded in the Region where
the action occurred. For global services such as AWS Identity and Access Management
(IAM), AWS STS, and Amazon CloudFront, events are delivered to any trail that
includes global services.

10.CloudTrail Lake
• is a managed data lake for capturing, storing, accessing, and analyzing user and API
activity on AWS for audit and security purposes.
• Data lakes Store all types of data, including raw and unstructured data, at any scale
• CloudTrail Lake converts existing events in row-based JSON format to Apache ORC
format.
• Optimized Row Columnar is a columnar storage format that is optimized for fast
retrieval of data
Dashboard
• The dashboard helps you visualize the data in your event data store by using queries.
• You can choose the event data store and the type of dashboard you want to view.
• You can also filter by a date or time range.
• To view the query for a specific widget, choose View and analyze in query editor to open
the query in CloudTrail's query editor.
Trails
Trails capture a record of AWS activities, delivering and storing these events in an
Amazon S3 bucket, with optional delivery to CloudWatch Log
Working
Simplified compliance

335
You can simplify your compliance audits by recording and storing event logs for actions
that occur in your AWS account.
Visibility into user and resource activity You can identify which users, roles, and
accounts called AWS, the source IP address of calls, and when the calls occurred. You
can also use AWS CloudTrail Insights to detect unusual activity in your account.
Security automation
With Amazon CloudWatch Events integration, you can define workflows that notify you
when specific events are detected in your log activity.

Security analysis and troubleshooting

You can discover and troubleshoot security and operational issues by capturing an
ongoing record of activity and changes in your AWS account.

For CloudTrail Lake, you pay for data ingestion, retention, and analysis.
• Ingestion charges are based on the volume and type of data ingested to your event data
store.
• Retention charges are based on the selected pricing option and the volume of data
retained within your event
data store CloudTrail Lake offers two pricing options:
(1) one-year extendable retention pricing and
(2) seven-year retention pricing.
CloudTrail Lake offers two pricing options:
(1) One-year extendable retention pricing is recommended if your monthly usage is
under 25 TB. The first year of data retention is included with the ingestion cost, and
you can extend your retention period to a maximum of 10 years.
CloudTrail Lake offers two pricing options:
(2) Seven-year retention pricing is recommended if your monthly
usage exceeds 25 TB. Seven years of retention are included with the ingestion cost,
and the retention period cannot be extended past 7 years.
Amazon Config
• AWS Config provides a detailed view of the configuration of AWS resources in your
AWS account.
• This includes how the resources are related to one another and how they were
configured in the past so that you can see how the configurations and relationships
change over time.Amazon Config AWS Config Interfaces(Management Console)

AWS Config Interfaces(Command Line Interface)

Linux shells – Use common shell programs such as bash, zsh, and tcsh to run commands
in Linux or macOS.
Windows command line – On Windows, run commands at the Windows command
prompt or in PowerShell.
Remotely – Run commands on Amazon Elastic Compute Cloud (Amazon EC2)
instances through a remote terminal program such as PuTTY or SSH, or with AWS
Systems Manager.
• Resource Management
• AWS resources are entities that you create and manage using the AWS Management
Console, the AWS Command Line Interface (CLI), the AWS SDKs, or AWS partner tools.
• Examples of AWS resources include Amazon EC2 instances, security groups, Amazon
VPCs, and Amazon Elastic Block Store Amazon Config
• Configuration Recorder

336
• The configuration recorder stores the configurations of the supported resources in your
account as configuration items.
Delivery Channel
• As AWS Config continually records the changes that occur to your AWS resources, it
sends notifications and updated configuration states through the delivery channel.
• An AWS Config rule represents your desired configuration settings for specific AWS
resources or for an entire AWS account
• If a resource does not pass a rule check, AWS Config flags the resource and the rule
as noncompliant, and AWS Config notifies you through Amazon SNS.
• COMPLIANT - the rule passes the conditions of the compliance check.
• NON_COMPLIANT - the rule fails the conditions of the compliance check.
Conformance Packs
A conformance pack is a collection of AWS Config rules and remediation actions that
can be easily deployed as a single entity in an account and a Region or across an
organization in AWS Organizations.
Multi-Account Multi-Region Data Aggregation allows you to aggregate AWS Config
configuration and compliance data from multiple accounts and regions into a single
account.
Multi-account multi-region data aggregation is useful for central IT administrators to
monitor compliance for multiple AWS accounts in the enterprise. Using aggregators
does not incur any additional costs.
• AWS Config terminology and concepts
AWS Config Interfaces(Command Line Interface) Linux shells – Use common shell
programs such as bash, zsh, and tcsh to run commands in Linux or macOS. Windows
command line – On Windows, run commands at the Windows command prompt or in
PowerShell.
Remotely – Run commands on Amazon Elastic Compute Cloud (Amazon EC2)
instances through a remote terminal program such as PuTTY or SSH, or with AWS
Systems Manager.

Continuous monitoring
With AWS Config, you are able to continuously monitor and record configuration
changes of your AWS resources.

Continuous assessment
AWS Config allows you to continuously audit and assess the overall compliance of your
AWS resource configurations with your organization's policies and guidelines.

Change management
With AWS Config, you are able to track the relationships among resources and review
resource dependencies prior to making changes.

Operational troubleshooting
With AWS Config, you can capture a comprehensive history of your AWS resource
configuration changes to simplify troubleshooting of your operational issues

AWS Billing and Cost Management

• AWS Billing and Cost Management provides a suite of features to help you set upyour
billing, retrieve and pay invoices, and analyze, organize, plan, and optimize your costs.

337
 • For individuals or small organizations, AWS will automatically charge the credit
card provided.
• For larger organizations, you can use AWS Organizations to consolidate your
charges across multiple AWS accounts.
• You can then configure invoicing, tax, purchase order, and payment methods to
match your organization’s procurement processes.
• You can allocate your costs to teams, applications, or environments by using cost
categories or cost allocation tags, or using AWS Cost Explorer.
• You can also export data to your preferred data warehouse or business intelligence
tool.
Features of AWS Billing and Cost Management
• Billing and payments
• Cost analysis
• Cost organization
• Budgeting and planning
• Savings and commitments

1.Billing and payments

• Understand your monthly charges, view and pay invoices
• Manage preferences for billing, invoices, tax, and payments.
•Bills page – Download invoices and view detailed monthly billing data to understand
how your charges were calculated.
•Purchase orders – Create and manage your purchase orders to comply with your
organization’s unique procurement processes.
•Payments – Understand your outstanding or past-due payment balance and payment
history.
•Payment profiles – Set up multiple payment methods for different AWS service
providers or parts of your organization.
•Credits – Review credit balances and choose where credits should be applied.
•Billing preferences – Enable invoice delivery by email and your preferences for credit
sharing, alerts, and discount sharing.
• A purchase order (PO) is a document that a buyer sends to a seller to request
products or services.
• It's a legally binding contract once the seller accepts the order

2. Cost Analysis
Analyze your costs, export detailed cost and usage data, and forecast your spending.
• AWS Cost Explorer – Analyze your cost and usage data with visuals, filtering, and
grouping. You can forecast your costs and create custom reports
• Data exports – Create custom data exports from Billing and Cost Management
datasets.
• Cost Anomaly Detection – Set up automated alerts when AWS detects a cost anomaly
to reduce unexpected costs. Analyze your costs, export detailed cost and usage data, and
forecast your spending.
• AWS Free Tier – Monitor current and forecasted usage of free tier services to avoid
unexpected costs.
• Split cost allocation data – Enable detailed cost and usage data for shared Amazon
Elastic Container Service (Amazon ECS) resources.
• Cost Management preferences – Manage what data that member accounts can view,
change account data granularity, and configure cost optimization preferences.

338
3. Cost Organization
Cost Categories-Use cost categories to automatically group your cost information using
customized rules
Create cost categories
With cost categories, you create rules to group and split your costs into meaningful
categories within your AWS account.
Analyze and budget your costs
After you create cost categories, they appear in Cost Management services like Cost &
Usage Report and Cost
Explorer to view your data.
Cost Allocation Tags-
• A tag is a label that you or AWS assigns to an AWS resource.
• The tag consists of a key and a value.
• You can activate tags as cost allocation tags.
• After you activate cost allocation tags, AWS uses the cost allocation tags to organize
your resource costs on your cost allocation report, to make it easier for you to
categorize and track your AWS costs.
Billing Conductor
• Use AWS Billing Conductor to customize your bill computation and display your billing
data in a meaningful way to you and your end users.
• Logical billing groups (for example, by customer or
business unit)

4. Budgeting and Planning

AWS Budgets
Set custom budgets that alert you when you exceed your budgeted thresholds
Budget Reports
You can use Budget Reports to create and send daily, weekly, or monthly reports to
monitor the performance of your AWS Budgets.
Pricing Calculator
Estimate the cost for your architecture solution

5. Savings and Commitments

Savings Plan
Savings Plans are a flexible pricing model that offer low prices on AWS usage. Compute
Savings Plans provide the most flexibility and help to reduce your costs by up to 66%.
These plans automatically apply to EC2 instance usage, AWS Fargate, and AWS
Lambda service usage regardless of instance family, size, AZ, region, OS..
Savings Plans are a flexible pricing model that offer low prices on AWS usage.
Compute Savings Plans provide the most flexibility and help
to reduce your costs by up to 66%.
AWS Fargate
• AWS Fargate is a serverless, pay-as-you-go compute engine that lets you focus on
building applications without managing servers.
AWS Lambda
• It is another serverless compute service that lets you run code without provisioning or
managing servers.
• However, unlike AWS Fargate, Lambda automatically scales your application by running
specific code, known as a serverless function, in response to a trigger or event.

339
5. Savings and Commitments
Savings Plan
• EC2 Instance Savings Plans provide the lowest prices, offering savings up to 72% in
exchange for commitment to usage of individual instance families in a region
• This automatically reduces your cost on the selected instance family in that region
regardless of AZ, size, OS or tenancy. EC2 Instance Savings Plans give you the flexibility
to change your usage between instances within a family in that region.

SageMaker Savings Plans helps you reduce SageMaker costs by up to 64%.

These plans automatically apply to SageMaker usage regardless of instance family, size,
component, or AWS region.
Amazon Free Tier
• More than 100 AWS products are available on AWS Free Tier today.

1. Amazon DynamoDB
•Always Free Tier: 25 GB of storage with up to 200 million requests per month.
•Purpose: A fully managed NoSQL database service that supports key-value and
document data structures.
2. Amazon S3 (Simple Storage Service)
•Always Free Tier: 5 GB of standard storage, 20,000 GET requests, and 2,000 PUT
requests per month.
•Purpose: Object storage service offering scalability, data availability, security, and
performance.
3. Amazon CloudWatch
•Always Free Tier: 10 custom metrics, 5 GB of logs ingestion, and 5 GB of logs archiving
per month.
•Purpose: Monitoring and observability service for AWS resources and applications.
4. AWS Lambda
•Always Free Tier: 1 million free requests per month and 400,000 GB seconds of compute
time per month.
•Purpose: Serverless computing service that lets you run code without provisioning or
managing servers.
5. Amazon SNS (Simple Notification Service)
•Always Free Tier: 1 million published messages and 1,000 email notifications per month.
•Purpose: Fully managed messaging service for application-to-application (A2A) and
application-to-person (A2P) communication.
6. Amazon SES (Simple Email Service)
•Always Free Tier: 62,000 outbound emails per month when sent from an Amazon EC2
instance.
•Purpose: Cloud-based email sending service for transactional emails, marketing messages,
and notifications. Amazon Free Tier
7. Amazon EC2 (Elastic Compute Cloud)
•Always Free Tier: 750 hours per month of t2.micro or t3.micro instance usage
(Linux/Windows) for 12 months under the Free Tier. After that, regular charges apply.
•Purpose: Scalable virtual server service in the cloud.
8. Amazon RDS (Relational Database Service)
•Always Free Tier: 750 hours of Amazon RDS Single-AZ db.t2.micro or db.t3.micro
usage (for MySQL, PostgreSQL, MariaDB, Oracle BYOL, or SQL Server) for 12
months. After that, charges apply.
•Purpose: Managed relational database service supporting several database engines.

340
9. Amazon API Gateway
•Always Free Tier: 1 million API calls per month for REST or HTTP APIs.
•Purpose: Fully managed service to create, maintain, monitor, and secure APIs at any
scale.
• AWS Resource Access Manager (AWS RAM) helps you
securely share your resources across AWS accounts,
within your organization or organizational units (OUs), and
with AWS Identity and Access Management (IAM) roles
and users for supported resource types
• Benefits of AWS RAM
1.Reduces your operational overhead
• Create a resource once, and then use AWS RAM to share that resource with other
accounts.
• This eliminates the need to provision duplicate resources in every account, which
reduces operational overhead.
• Within the account that owns the resource, AWS RAM simplifies granting access to
every role and user in that account without having to use identity-based permission
policies.AWS Resource Access Manager

• Benefits of AWS RAM

2. Provides security and consistency
Simplify security management for your shared resources by using a single set of policies
and permissions.
• If you were to instead create duplicate resources in all your separate accounts, you would
have the task of implementing identical policies and permissions, and then have to
keep them identical across all those accounts.
• Instead, all users of an AWS RAM resource share are managed by a single set of policies
and permissionsAWS Resource Access Manager
Sharing your resources
• With AWS RAM, you share resources that you own by creating a resource share
• The AWS Region in which you want to create the resource share
• A name for the resource share
• A managed permission to associate with each resource type that you include in a
resource share.
AWS Resource Access Manager (RAM)
• a principal is an entity that can be granted access to a resource share.
• Principals can be: Individual AWS accounts, Accounts in an organization,
Organizational units (OUs) in AWS Organizations, and Individual AWS Identity and
Access
Managed permissions library
You can associate managed permissions with resource shares to define the actions that
principals are allowed to perform on resources that are shared with them.
Pricing for AWS RAM
• There are no additional charges for using AWS RAM or for creating resource shares
and sharing your resources across accounts.
• Resource usage charges vary depending on the resource type.

Amazon Budgets
Resource allows customers to take pre-defined actions that will trigger once a budget
threshold has been exceeded. creates, replaces, or deletes budgets for Billing and Cost

341
Management
1.AutoAdjustData
• Determine the budget amount for an auto-adjusting budget.
• The string that defines whether your budget auto-adjusts based on historical or
forecasted data.
AutoAdjustData
{
"AutoAdjustType" : String,
"HistoricalOptions" : HistoricalOptions
}
2.Budget Data
• The content consists of the detailed metadata and data file information
Amazon Budgets
Budget Data
{
"AutoAdjustData" : AutoAdjustData,
"BudgetLimit" : Spend,
"BudgetName" : String,
"BudgetType" : String,
"CostFilters" : Json,
"CostTypes" : CostTypes,
"PlannedBudgetLimits" : Json,
"TimePeriod" : TimePeriod,
"TimeUnit" : String
}
3.Cost Types
• USAGE, Reserved Instance_UTILIZATION, RI_COVERAGE,
SAVINGS_PLANS_UTILIZATION, and SAVINGS_PLANS_COVERAGE
• Tax and subscriptions.

4. HistoricalOptions
The parameters that define or describe the historical data that
your auto-adjusting budget is based on.

5. Notification
• A notification that is associated with a budget.
• A budget can have up to ten notifications.
• Each notification must have at least one subscriber.
• A notification can have one SNS subscriber and up to 10 email subscribers, for a total
of 11 subscribers.
Notification
For example, if you have a budget for 200 dollars and you want to be notified when you
go over 160 dollars, create a notification with the following parameters:
A notificationType of ACTUAL
A thresholdType of PERCENTAGE
A comparisonOperator of GREATER_THAN
A notification threshold of 80

6. NotificationWithSubscribers

342
A notification with subscribers. A notification can have one SNS
subscriber and up to 10 email subscribers, for a total of 11 subscribers.
{
"Notification" : Notification,
"Subscribers" : [ Subscriber, ... ]
}
7. ResourceTag
The tag structure that contains a tag key and value.
8. Spend
The amount of cost or usage that's measured for a budget. Usage example: A Spend for 3
GB of S3 usage has the following parameters:
An Amount of 3
A Unit of GB
9.Subscriber
The Subscriber property type specifies who to notify for a Billing and Cost Management
budget notification For example, an email subscriber would have the following parameters:
A subscriptionType of EMAIL
An address of example@example.com
10. TimePeriod
The period of time that is covered by a budget.
• The period has a start date and an end date.
• The start date must come before the end date.
• There are no restrictions on the end date.

11. BudgetsAction
resource enables you to take predefined actions that are initiated when a budget threshold
has been exceeded

AWS Trusted Advisor

• Trusted Advisor draws upon best practices learned from serving hundreds of
thousands of AWS customers.
• Trusted Advisor inspects your AWS environment, and then makes recommendations
when opportunities exist to save money, improve system availability and performance,
or help close security gaps.

• Recommendations
• To get an overview of the check results in your AWS account.
• Choose a check name or category to view the recommended actions or potential
issues that Trusted Advisor has identified.
• Each check provides more information about how to address any issues.

• Cost optimization
• Choose a check name to see recommendations for ways to help save money for your
AWS account.
• Trusted Advisor might recommend that you delete unused and idle resources, or use
reserved capacity
• Performance

343
• Choose a check name to see recommendations to improve the performance of your AWS
services.
• Trusted Advisor might recommend that you check your service quotas, ensure that you
use provisioned throughput, and monitor for overutilized EC2 instances.AWS Trusted
Advisor
• Security
• Choose a check name to see recommendations for ways to improve the security of your
AWS infrastructure.
• Trusted Advisor might recommend that you enable various AWS security features,
close any gaps, and examine your
permissions.

• Fault Tolerances
• Choose a check name to see recommendations to increase the availability and
redundancy of your AWS applications.
• Trusted Advisor might recommend that you use resources such as Auto Scaling, health
checks, multiple Availability Zones, and backup capabilities.
• Service Limits
• Choose a check name to see recommendations for services that use more than 80
percent of a service quota.
• The check results use values based on a snapshot, so your current usage might vary.
Quota and usage data can take up to 24 hours to reflect any changes.
• Operational excellence
• Choose a check name to see recommendations to improve the operational readiness of
your AWS resources.
• Trusted Advisor might recommend that you enable various features and services in
AWS to ensure it is ready for operation.

344