Module-5

AWS Management Tools & Cost

Management
1. AWS Management Tools,
2. AWS CloudWatch,
3. AWS CloudTrail,
4. AWS Config,
5. AWS Systems Manager,
6. AWS Cost Management,
7. AWS Free Tier,
8. AWS Billing and Account Management,
9. AWS Budgets,
10. AWS Trusted Advisor
• AWS offers a variety of management tools to
help monitor, automate, and govern your
infrastructure and applications. Here are some
of the key AWS management tools along with
examples of their usage:
AWS Management Tools
Overview
AWS Management Tools help users monitor, audit, and
automate resources in the AWS Cloud.
They provide visibility, compliance, and governance for
cloud infrastructure.

Key AWS Management Tools:

[Link] CloudWatch – Monitoring and performance
management.
[Link] CloudTrail – Logging and auditing of API activities.
[Link] Config – Resource configuration tracking and
compliance.
 AWS CloudWatch
Definition:
A monitoring and observability service that collects metrics, logs, and
events from AWS resources and applications.

Features:
•Collects metrics (CPU, memory, network usage).
•Logs monitoring (application/system logs).
•Dashboards for visualization.
•Alarms for threshold-based notifications.
•EventBridge (CloudWatch Events) for automated responses.

Use Cases:
•Monitor EC2 instance CPU utilization.
•Set alarms for auto-scaling.
•Analyze Lambda execution times.
•Monitor RDS performance.
 AWS CloudTrail
Definition:
A service that records all API calls and actions made within an AWS
account for auditing and governance.

Features:
•Tracks “Who did what, when, and from where”.
•Stores logs in S3 buckets.
•Integrates with CloudWatch for alerts.
•Ensures compliance with security and governance policies.

Use Cases:
•Security analysis (detect unauthorized access).
•Troubleshooting AWS resource changes.
•Compliance and auditing.
•Forensics in case of security incidents.
 AWS Config
Definition:
A service that tracks configuration changes of AWS resources and
ensures compliance with policies

Features:
•Records resource configurations over time.
•Allows you to compare historical configurations.
•Provides compliance checks using Config Rules.
•Integrates with CloudTrail for auditing changes.

Use Cases:
•Check if S3 buckets are public.
•Monitor IAM policies for compliance.
•Track security group changes.
•Audit whether resources meet compliance (e.g., PCI-DSS, HIPAA).
Tool Purpose Example Use Case
Monitoring
Alert when EC2
CloudWatch metrics, logs,
CPU > 80%
alarms
API activity
Track who deleted
CloudTrail logging and
an S3 bucket
auditing
Resource
configuration Check if S3 bucket
Config
tracking & is encrypted
compliance
 Cloud Trail-log
• Log- entry
• Retention period-90 days
• Backup- S3
• Log stream- cloud watch
 AWS CloudTrail

• AWS CloudTrail tracks user activity and API

usage across your AWS environment. It logs all
API calls made in your account, providing
visibility into resource changes.
• Example: Use CloudTrail to monitor who has
been accessing your S3 buckets or launching
EC2 instances, helping with security auditing
and compliance.
 Amazon CloudWatch

• CloudWatch monitors AWS resources and

applications, collecting metrics and logs. It can
trigger alarms based on predefined
thresholds.
• Example: Use CloudWatch to monitor CPU
utilization on EC2 instances and set up alarms
to notify you if utilization exceeds 80%.
 Cloud Watch- Monitoring
• Metrics
– CPU
– Memory
– Network
– Disk
– OS
• Tasks under Cloud watch
– Monitor
– Alarm and alert
– Dashboard
– log
Search Cloud Watch
Instance creation
 AWS Config

• AWS Config helps track AWS resource

configurations and evaluate them for
compliance. It continuously monitors and
records configurations, and can alert you if
something is not compliant.
• Example: Use AWS Config to monitor the
configuration of EC2 instances and ensure that
they are using the right security groups and
are not publicly exposed.
 AWS Config
Assess, audit, and evaluate the configurations of
AWS resources.
• Use for continuous monitoring of
configurations.
• Automatically evaluate recorded configurations versus
desired configurations.
• Review configuration changes.
• View detailed configuration histories.
• Simplify compliance auditing and security analysis.
 AWS Systems Manager (SSM)

• AWS Systems Manager provides operational

data, automation, and patch management for
EC2 instances, on-premises servers, and other
AWS resources.
• Example: Use Systems Manager to
automatically apply patches to your fleet of
EC2 instances, or to remotely execute
commands on instances using the Run
Command feature.
System manager capabilities
 AWS Trusted Advisor

• AWS Trusted Advisor provides

recommendations to optimize your AWS
environment in terms of cost, security,
performance, and fault tolerance.
• Example: Use Trusted Advisor to receive
recommendations about reducing costs by
identifying underutilized EC2 instances or
unused EBS volumes.
• Online tool that provides real-time guidance to
help you
• provision your resources following AWS best
practices.
• Looks at your entire AWS environment and gives
you
• Real-time recommendations in five categories.
– Cost Optimization, Performance, Security, Fault
Tolerance and Service Limits
 Cost Optimization

• Definition: Cost optimization involves strategies to

reduce unnecessary costs while ensuring efficiency in
cloud resource usage.
Example:
• Right-sizing resources: Instead of using large virtual
machines (VMs) with high compute power for basic
tasks, you can downsize to smaller, cheaper VMs.
• Spot instances: In AWS, using spot instances for batch
processing jobs that can be interrupted helps save
costs compared to on-demand instances.
 Performance Efficiency

• Definition: Performance optimization ensures that the

system scales efficiently to meet varying demands, with the
appropriate resources allocated.
Example:
• Auto-scaling: Configure your cloud infrastructure to
automatically add or remove servers based on real-time
traffic. During a sales event (like Black Friday), the system
will scale up, and when traffic decreases, it scales down,
improving performance and saving costs.
• Content Delivery Networks (CDNs): To improve website
load speed, static content can be cached and delivered via
global edge locations closer to the end-users.
 Security

• Definition: Security focuses on protecting your data,

systems, and resources from malicious attacks and
unauthorized access.
Example:
• Data Encryption: Ensuring that sensitive data at rest
(stored) and in transit (moving across the network) is
encrypted. For instance, encrypting credit card details
using AES-256 encryption.
• Multi-Factor Authentication (MFA): Adding an extra
layer of security by requiring users to verify their
identity through multiple factors, like SMS or an
authenticator app, beyond just a password.
 Fault Tolerance

• Definition: Fault tolerance ensures that the system

remains operational even when part of the
infrastructure fails.
Example:
• Redundant instances: Running multiple instances of
your application in different availability zones or
regions so that if one zone goes down, another can
take over without service interruption.
• Database replication: Setting up a read-replica of a
production database in another location to fail over in
case the main database becomes unavailable.
 Service Limits

• Definition: Service limits refer to the maximum number of

resources that can be allocated for a specific service, which
can impact scalability and availability.
Example:
• API request rate limits: If a cloud provider enforces a limit
on the number of API requests you can make per minute,
exceeding this limit can result in requests being throttled or
denied, impacting performance.
• Resource quotas: For instance, a cloud provider might limit
the number of VMs or IP addresses that can be created per
region. Exceeding these limits might require a request to
increase quotas or lead to disruptions if you can't scale as
needed.
 AWS Cost Management
• AWS Cost Management is a suite of tools that
help you monitor, optimize, and control your
AWS spending. These tools provide insights
into how your AWS resources are being used
and allow you to manage costs efficiently.
AWS Cost Management helps businesses
understand their spending patterns, create
budgets, and find opportunities to reduce
costs.
 The AWS Free Tier
• The AWS Free Tier offers new and existing
customers the opportunity to use AWS services at
no cost, up to certain usage limits, for a limited
time or indefinitely. It's a great way to explore
and experiment with AWS without incurring
charges. The AWS Free Tier is divided into three
types:
– 12-Month Free Tier,
– Always Free,
– Trials
 12-Month Free Tier

• These services are free for 12 months after your AWS

account is created. After 12 months, you are charged at
standard rates.
• Examples:
– Amazon EC2: 750 hours of free usage per month of [Link] or
[Link] instances (depending on region) running Linux, RHEL,
or SLES.
– Amazon S3: 5 GB of Standard storage, 20,000 GET requests, and
2,000 PUT requests per month.
– Amazon RDS: 750 hours of [Link] or [Link] instances
per month, 20 GB of storage, and 20 GB for backups.
– Amazon CloudFront: 1 TB of data transfer and 2 million HTTP or
HTTPS requests per month.
 Always Free

• These services are free forever, but they have specific

usage limits.
• Examples:
– Amazon DynamoDB: 25 GB of storage, 25 provisioned
write capacity units, and 25 provisioned read capacity
units indefinitely.
– AWS Lambda: 1 million free requests and 400,000 GB-
seconds of compute time per month.
– Amazon SNS (Simple Notification Service): 1 million
publishes per month.
– Amazon Glacier: 10 GB of retrievals per month from the
Glacier storage class.
 Trials

• Some services offer short-term free trials for a

limited time after first use, usually for 30 or 60
days.
• Examples:
– Amazon Inspector: 90-day free trial for security
assessments of your EC2 instances.
– Amazon Redshift: 2 months free usage of a single
[Link] node with 750 hours of usage and 160
GB of SSD storage.
 AWS Billing and Account
Management
• AWS Billing and Account Management allows
users to monitor and control their costs,
manage account settings, and access tools
that provide insights into usage and charges.
This is essential for organizations to optimize
their AWS spending and maintain
transparency across multiple accounts or
teams.
 AWS Budgets
• AWS Budgets is a cost management tool that
helps you create custom budgets to track your
AWS usage, costs, and reservations. It allows
you to set alerts when your spending or usage
exceeds, or is forecasted to exceed, a specified
threshold.