AWS Control Tower and Cloud Cost Management

AWS Control Tower blog

With over 1 million customers and over 14 years of experience working with them, Amazon Web Services has some real insight into best practices and technologies for setting up and running securewell governed cloud deploymentsThe recently launched AWS Control Tower puts this knowledge to use providing companies with a quick and simple way to securely set up complex, multi-account environments for rapid, yet fully controlled growth and innovation.  

We are pleased to share that Spot by NetApp has been included in AWS Control Tower helping customers proactively monitor and optimize their cloud spend from AWS account setup and on. Let’s take a look at some of the key AWS Control Tower features and the Spot by NetApp integration. 

Landing Zone  

This is where you get started creating your well-architected, multi-account AWS environment. AWS Control Tower automates this process and uses pre-defined blueprints – all based on best practices – for properly implementing: 

  • Account structure 
  • Identity management  
  • Cross-account security audits 
  • Centralized logging
  • Federated access 

Defining all the above is done through the selection of both mandatory and recommended guardrails/rules that you can select to match your company’s policies and requirements. 

Guardrails 

Guardrails are pre-defined rules for security, operations, and governance that you can choose to apply either across your entire company or to specific accounts. Guardrails can be used to either prevent certain behaviors or detect non-compliance with your established policies. Guardrails can be mandatoryfor example, not allowing policy changes to log archives. Alternatively, guardrails can be just strongly recommended best practices such as not allowing access as a root user without multi-factor authentication. 

Account Factory 

Account factory is a configurable template that you can use to standardize the provisioning of new accounts with pre-defined configurations for things such as region selection and network configuration. You can also use the AWS Service Catalog to offer self-serve selection of approved VM images, software, DBs, and other IT services 

AWS Control Tower Dashboard 

The AWS Control Tower dashboard provides visibility into your organizational units and accounts, the guardrails you have enabled for them and any non-compliance of those guardrails. This gives you the knowledge you need to properly govern your cloud in accordance with best practices and your internal policies. 

Integration with Spot’s Cloud Cost Management Solutions 

One of the most critical aspects of successfully deploying workloads to the cloud is cost management. Comprehensive visibility into cloud spend as well as advanced automation of compute workloads promotes higher resource utilization. This visibility along with well balanced usage of optimal AWS EC2 pricing models are essential for cloud cost efficiency and form the core of what Spot by NetApp doesAWS’s integration of Spot by NetApp’s cost management solutions into AWS Control Tower helps customers easily set up and access Spot’s solutions for proactively managing their costs and resources, from account creation and on.  

Prior to the integration, you would need to create your AWS account, then create a Spot by NetApp account and finally input all the AWS credentials into the Spot account (whether manually or via CloudFormation) so that Spot could access and optimize your AWS account usage and spend.

Today this process is streamlined. Using AWS Control Tower enables you to simultaneously set up a Spot by NetApp account while setting up any AWS member account within the Root AWS organization. This implementation reduces the manual overhead of connecting each AWS account to Spot by NetApp. A new account is automatically created in your pre-configured Spot by NetApp Organization and will automatically inherit permissions to the AWS member account so you can enjoy the benefits of reduced cloud costs and simplified infrastructure management. 

AWS Control Tower and Spot architecture

For more details and to get started, check out the AWS implementation guide for using the Spot by NetApp and AWS Control Tower integration.