AWS Consolidated Billing
- Consolidated billing enables consolidating payments from multiple AWS accounts (Linked or Member Accounts) within the organization to a single account by designating it to be the Management or Payer Account.
- Every organization in AWS Organizations has a management account that pays the charges of all the member accounts.
- Consolidate billing
- is strictly an accounting and billing feature.
- allows receiving a combined view of charges incurred by all the associated accounts as well as each of the accounts.
- is not a method for controlling accounts, or provisioning resources for accounts.
- Management/Payer account is billed for all charges of the member accounts.
- Each linked account is still an independent account in every other way.
- AWS Organization Consolidated Billing feature does not allow the Payer account to access data belonging to the linked account owners. All Features mode need to be enabled.
- However, access to the Payer account users can be granted through Cross-Account Access roles
- AWS limits work on the account level only and AWS support is per account only
Consolidated Billing Process
- AWS Organizations provides consolidated billing so that the combined costs of all the member accounts in your organization can be tracked.
- Create an Organization
- Create member accounts or invite existing accounts to join the organization.
- Each month AWS charges your management account for all the member accounts in a consolidated bill.
Consolidated Billing Scenarios
- have multiple accounts and want to get a single bill and track each account’s charges for e.g. multiple projects, each with its own AWS account or separate environments (Dev, Prod) within the same project
- have multiple cost centers to track.
- have acquired a project or company with its own existing AWS account and you want a consolidated bill with your other AWS accounts.
Consolidated Billing Benefits
- One Bill
- A single bill with a combined view of AWS costs incurred by all accounts is generated
- Easy Tracking
- Detailed cost reports & charges for each of the individual AWS accounts associated with the “paying account” can be easily tracked
- Combined Usage & Volume Discounts
- Charges might actually decrease because AWS combines usage from all the accounts to qualify you for volume pricing discounts
- Free Tier
- Customers that use Consolidated Billing to consolidate payment across multiple accounts will only have access to one free usage tier and it is not combined across accounts
Volume Pricing Discounts
- For billing purposes, AWS treats all the accounts in the organization on the consolidated bill as if they were one account.
- AWS combines the usage from all accounts to determine which volume pricing tiers to apply, giving you a lower overall price whenever possible.
Volume Discounts Example
- Example AWS Pricing – AWS charges $0.17/GB for the first 10 TB of data transfer out used, and $0.13/GB for the next 40 TB used that translates into $174.08 per TB for the first 10 TB, and $133.12 per TB for the next 40 TB
- Usage – Bob uses 8 TB of data transfer out during the month, and Susan uses 4 TB (for a total of 12 TB used).
- Actual Individual Bill – AWS would have charged Bob and Susan each $174.08 per TB for their usage, for a total of $2088.96
- Volume Discount Bill – Combined 12 TB total that Bob and Susan used, would cost the paying account ($174.08 * 10 TB) + ($133.12 * 2 TB) = $1740.80 + $266.24 = $2007.04
Reserved Instances
- All member accounts in an Organization on a consolidated bill can receive the hourly cost-benefit of Reserved Instances that are purchased by any other account.
- The management account of an organization can turn off Reserved Instance (RI) discount and Savings Plans discount sharing for any accounts in that organization, including the management account.
- RIs and Savings Plans discounts aren’t shared between any accounts that have sharing turned off. To share an RI or Savings Plans discount with an account, both accounts must have sharing turned on.
- For e.g., Bob and Susan each have an account on Bob’s consolidated bill. Susan has 5 Reserved Instances of the same type, and Bob has none. During one particular hour, Susan uses 3 instances and Bob uses 6, for a total of 9 instances used on Bob’s consolidated bill. AWS will bill 5 as Reserved Instances, and the remaining 4 as normal instances.
Consolidated Billing Best Practices
Paying account should be used solely for accounting and billing purposesConsolidated billing works best with Resource tagging, as tags are included in the detailed billing report, which enables cost to be analyzed and decomposed across multiple dimensions and aggregation levels.Paying account owners should secure their accounts by using MFA (multi-factor authentication) and a strong password
AWS Certification Exam Practice Questions
- Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
- AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
- AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
- Open to further feedback, discussion and correction.
- An organization is planning to create 5 different AWS accounts considering various security requirements. The organization wants to use a single payee account by using the consolidated billing option. Which of the below mentioned statements is true with respect to the above information?
- Master (Payee) account will get only the total bill and cannot see the cost incurred by each account
- Master (Payee) account can view only the AWS billing details of the linked accounts
- It is not recommended to use consolidated billing since the payee account will have access to the linked accounts
- Each AWS account needs to create an AWS billing policy to provide permission to the payee account
- An organization has setup consolidated billing with 3 different AWS accounts. Which of the below mentioned advantages will organization receive in terms of the AWS pricing?
- The consolidated billing does not bring any cost advantage for the organization
- All AWS accounts will be charged for S3 storage by combining the total storage of each account
- EC2 instances of each account will receive a total of 750*3 micro instance hours free
- The free usage tier for all the 3 accounts will be 3 years and not a single year
- An organization has added 3 of his AWS accounts to consolidated billing. One of the AWS accounts has purchased a Reserved Instance (RI) of a small instance size in the us-east-1a zone. All other AWS accounts are running instances of a small size in the same zone. What will happen in this case for the RI pricing?
- Only the account that has purchased the RI will get the advantage of RI pricing
- One instance of a small size and running in the us-east-1a zone of each AWS account will get the benefit of RI pricing
- Any single instance from all the three accounts can get the benefit of AWS RI pricing if they are running in the same zone and are of the same size
- If there are more than one instances of a small size running across multiple accounts in the same zone no one will get the benefit of RI
- An organization is planning to use AWS for 5 different departments. The finance department is responsible to pay for all the accounts. However, they want the cost separation for each account to map with the right cost centre. How can the finance department achieve this?
- Create 5 separate accounts and make them a part of one consolidated billing
- Create 5 separate accounts and use the IAM cross account access with the roles for better management
- Create 5 separate IAM users and set a different policy for their access
- Create 5 separate IAM groups and add users as per the department’s employees
- An AWS account wants to be part of the consolidated billing of his organization’s payee account. How can the owner of that account achieve this?
- The payee account has to request AWS support to link the other accounts with his account
- The owner of the linked account should add the payee account to his master account list from the billing console
- The payee account will send a request to the linked account to be a part of consolidated billing (Check Process)
- The owner of the linked account requests the payee account to add his account to consolidated billing
- You are looking to migrate your Development (Dev) and Test environments to AWS. You have decided to use separate AWS accounts to host each environment. You plan to link each accounts bill to a Master AWS account using Consolidated Billing. To make sure you keep within budget you would like to implement a way for administrators in the Master account to have access to stop, delete and/or terminate resources in both the Dev and Test accounts. Identify which option will allow you to achieve this goal.
- Create IAM users in the Master account with full Admin permissions. Create cross-account roles in the Dev and Test accounts that grant the Master account access to the resources in the account by inheriting permissions from the Master account.
- Create IAM users and a cross-account role in the Master account that grants full Admin permissions to the Dev and Test accounts.
- Create IAM users in the Master account. Create cross-account roles in the Dev and Test accounts that have full Admin permissions and grant the Master account access.
- Link the accounts using Consolidated Billing. This will give IAM users in the Master account access to resources in the Dev and Test accounts
- When using consolidated billing there are two account types. What are they?
- Paying account and Linked account
- Parent account and Child account
- Main account and Sub account.
- Main account and Secondary account.
- A customer needs corporate IT governance and cost oversight of all AWS resources consumed by its divisions. The divisions want to maintain administrative control of the discrete AWS resources they consume and keep those resources separate from the resources of other divisions. Which of the following options, when used together will support the autonomy/control of divisions while enabling corporate IT to maintain governance and cost oversight? Choose 2 answers
- Use AWS Consolidated Billing and disable AWS root account access for the child accounts. (Need to link accounts and disabling root access is just a best practice)
- Enable IAM cross-account access for all corporate IT administrators in each child account. (Provides IT goverance)
- Create separate VPCs for each division within the corporate IT AWS account.
- Use AWS Consolidated Billing to link the divisions’ accounts to a parent corporate account (Will provide cost oversight)
- Write all child AWS CloudTrail and Amazon CloudWatch logs to each child account’s Amazon S3 ‘Log’ bucket (Preferred approach would be to store logs from multiple accounts to a single S3 bucket with CloudTrail for IT Goverance and CloudWatch alerts for Cost Oversight)
- An organization has 10 departments. The organization wants to track the AWS usage of each department. Which of the below mentioned options meets the requirement?
- Setup IAM groups for each department and track their usage
- Create separate accounts for each department, but use consolidated billing for payment and tracking
- Create separate accounts for each department and track them separately
- Setup IAM users for each department and track their usage
References
Regarding Question no 3, why is B not the right option as AWS aggregates total S3 usage of all accounts for billing.
Indeed, my error in highlighting the answer. The S3 usage is consolidated and priced leading to the volume benefits.
Are we talking about Q2 or Q3? Q3 is not about S3.
Great, thank you, btw resourceful blog,thanks for taking time to put things together
For question #2 , they are asking for how to Visualize the Costs , so i thought it will be cost Explorer ?
Please advise.
Thanks Sherief, for Visualization it should be Cost Explorer. Corrected the Answer.
Looking for answer of this, justification if possible
Q:You have set up Individual AWS accounts for each project. You have been asked to make sure your AWS Infrastructure costs do not exceed the budget set per project for each month.
Which of the following approaches can help ensure that you do not exceed the budget eachmonth?
A. Consolidate your accounts so you have a single bill for all accounts and projects
B. Set up auto scaling with CloudWatch alarms using SNS to notify you when you are running toomany Instances in a given account
C. Set up CloudWatch billing alerts for all AWS resources used by each project, with a notification occurring when the amount for each resource tagged to a particular project matches the budget allocated to the project.
D. Set up CloudWatch billing alerts for all AWS resources used by each account, with email notifications when it hits 50%. 80% and 90% of its budgeted monthly spend.
It should be D,
#A as Consolidation will provide single bill and no alerts configured for this.
#B No. of instances do not relate to cost as many small instances can still cost less then fewer large instances.
#C, as the project has an account already no need for tagging.
In question 5 when you say “The payee account” do you mean “the payer account”? Also, I think the process has changed when Organizations came in. Now you set up an Organization, new accounts are automatically set up as being paid for by the root account, and you can invite existing accounts to become part of the organization and in that way receive consolodated billing.