AWS price and cost — multi account setup
(This is part 4 of a series of blog posts related to pricing and cost in AWS.)
In the first three blog posts I have looked into how AWS price and cost relates to a single AWS account. But what if we start using multiple accounts? Will we get a lot of invoices, and will it be very complex to have an overview? The simple answer is no — there are tools and features helping you deal with this.
If you are deploying a little bit more than a small service on AWS, it is often recommended to use multiple AWS-accounts to separate different environments, workloads, access control and more. This makes it more complex to have control on your cost, and will for some also result in multiple AWS invoices unless you use some more advanced services like AWS Organizations.
In addition to simplifying management of your AWS accounts in general, AWS Organizations is also simplifying the cost control by offering consolidated billing for all your accounts. This means that you get a combined invoice (or multiple invoices — see blog part 2) covering all accounts that are part of the Organization.
If you have multiple accounts within your organisation you should definitely look into AWS Organizations from a cost and billing perspective. When setting up AWS Organizations you need to designate one of your accounts as your management account. I would highly recommend to spin up a brand new account and use that as a starting point. Do not use an existing account for this, as it will probably bite you later. In addition to a lot of other features, your management account will be the one account controlling the invoices and other billing-related features for all your accounts within your Organization. The following description is based on my experiences in Europe — you might see variations around invoices and tax in other regions like the US or India. Please refer to the documentation for regional details.
Payments, invoicing and billing
Payments work the same way as you are used to in a single account. As you grow, the spend is increasing, so it might be worth checking if you are eligible to opt in to a regular PDF-invoice from AWS to avoid charging your credit card.
In general the invoices will look more or less the same as the single account use case. in the management account you will see the invoices broken down by services, and by account. You will also have an “per account view” in the billing console of the management account. Each individual account will only see their own spend in the console, but they will not see any invoices.
Adding, removing and moving accounts
Accounts can be created/added to an organisation and deleted or removed from an organisation at any time. The main rule is that the change in the way billing behaves is following the time the membership status was changed. So if an account is added to AWS organizations on the 10th of the month all spend up until that point will be billed to the individual account. The spend from that point in time and onwards will be within the organisation billing cycle.
Have in mind that if you move an account from one organisation to another you can see that you get a small invoice for the amount of time the account is in transition. If adding or moving accounts, remember to check for any individual invoices linked directly to the account in question at the end of the month to avoid surprises.
Tax settings can be managed from the management account by turning on “tax inheritance”. If you have a lot of different tax settings, you can edit individual account tax settings from the management account. Remember to review this when you start using AWS Organizations. Note that if you have tax inheritance enabled, and turn it off, settings on all accounts will revert to the values they were before you enabled the feature.
Volume discount and free tiers
From part 1 you might remember the volume/request based pricing. Some AWS services have a tiered pricing model where you get a discount as usage grows. For example as your volume on S3 grows, you can get a lower price. Data transfer pricing is also priced like this. When AWS is generating a bill for your organisation, all the usage is added before they calculate the cost. This means that if each of your accounts have less than 50TB of data is S3, but the total is more than 50TB, the discount above 50TB will be applied. This is a benefit when using AWS Organizations and you have a lot of accounts.
One difference to have in mind when setting up an organisation are the free tiers, which is a minor drawback. As you might know from part 1 there are three types of free tier, and these are handled different when you use AWS Organizations:
- First 12 months free: The 12 months are counted from the first day the management account is created.
- Free trials: Only one account within the organisation can benefit from the Free Tier offers, so the first account to start using a new service with free trials, will benefit from that
- Alway free: There is only one free tier per organisation, so one free usage quota is applied at the organisational level. (You do not get more free usage by adding more accounts)
In AWS Organizations you decide how AWS credits will be handled, and you have two options; credit sharing or no credit sharing.
- Credit sharing: Credits are shared across the entire organisation regardless of which account they are added to and where the spend is.
- No credit sharing: Credits are used only on the account where the credit code is added.
The setting for credit sharing is under Billing Preferences in the billing console. For most customers, enabling this is the natural choice to be able to add credits to the entire organisation. If you do not share credits, you can end up with unused credits in an account because your spending is too low.
NOTE: If you add or remove accounts during a month, credits for that account are handled in different ways that month — see documentation for details.
Reservations and Compute Savings Plans
Instance Reservations and Compute Savings Plans has not been discussed in detail here, but was mentioned briefly in <<part 1>> under Discounts. A huge benefit with AWS Organizations is the option to consolidate instance reservations and compute saving plans. Sharing these across the organisation is almost like credit sharing, with the exception that you can have a pool of accounts that do not share Reservations and Savings Plans. You can also opt out of this for all new accounts if needed (default is opt in).
The advantage in larger organisations is that you can optimise reserved instances and also benefit from Compute Savings Plans across your entire organisation. This makes it easier to get a good utilisation of those benefits.
Cost explorer, budgets and anomaly detection
Cost explorer, budgets and anomaly detection works as earlier in the individual accounts. In the management you will see all costs for the entire organisation in the cost explorer and you can also drill down and filter on individual accounts. You can create budgets for single accounts or for a group of accounts, and anomaly detection will tell you in which account(s) there is an anomaly. Have in mind that the cost for each account might not be accurate as discounts across the entire organisation have not been applied. (In other words, the cost you see might be a bit higher that what the invoice will show)
Cost and Usage Report (CUR)
Cost and Usage (CUR) reports work the same way in the individual accounts inside and outside AWS Organizations. Also creation of CUR is the same in all account types. The difference is that in the management account is that you get a complete view of all accounts and you might sometimes see discounts applied on the organisational level and not on individual accounts. If you are using CUR to see exact costs across your organisation and on individual accounts, you should read the documentation for Consolidated Billing and CUR to get everything correct. This is especially important when it comes to handling discounts, reservations, etc. across all accounts.
For CUR, Cost Explorer and more tools AWS operates with “blended rate/cost” and “unblended rate/cost”. The unblended rate/cost is the rate/cost associated with an individual account’s service usage. The blended rate/cost is the average rate/cost incurred for each product across an organisation (takes total volume discount/reservations into account).
AWS Support is charged as a variable cost based on your monthly AWS charge. The support plan and cost is individual to your account(s) and the charge is based on spend on the individual account. So if you have a support-plan on your management account, only the AWS charge for the management account is used when calculating your support cost for that account (not the charge on the entire organisation).
Below you can see a table with a short summary of the differences between singel account usage and AWS Organizations
Pricing, cost and invoicing works very well when you have multiple AWS accounts and you are using AWS Organizations. Each account has insights into its own spend, and the management account can monitor all spend across all accounts.
Just remember a few things:
- When starting with AWS Organizations — use a fresh new account as the management account.
- Consider enabling credit sharing.
- Update the tax-settings and inheritance for the organisation.
- Use CUR in the management account if you need to create some accounting statements for splitting cost or your own BI-tool for analysing the cost.
Unfortunately for those getting their AWS invoice through a third party provider, access to AWS Organizations and some billing-tools might be limited or replaced by tools provided by the services provider. This is currently a limitation from AWS which I personally hope will be solved in the future.