We use AWS extensively at Swipe iX. It is very important for us to help our customers get the most value out of AWS for the best possible price. What this means for us practically is that we have a few tools, tricks and methodologies that we use to try to keep our AWS spending to a minimum. Low overhead means more of your budget can be put towards improving things.
What are some methods that you can employ to keep an eye on your spending? In this article, we will cover some of the methods and tools that we employ to cut our client’s spending and get the most possible from AWS.
Any organization has blind spots or areas where the organization does not have the desired amount of insight into a specific problem. When it comes to AWS spending it is best to make sure that you have a good overview of what infrastructure you are supposed to have. It is also important to compare what you are supposed to have with the infrastructure that you actually have available. For this very reason, I am a very big fan of Cloudmapper: https://github.com/duo-labs/cloudmapper
Cloudmapper was originally created to help create network diagrams of an organization or AWS account’s infrastructure. This tool is very useful because it can be used to enumerate over all the various services in all the various regions and give you a good picture (literally) of the infrastructure that you are running and thus paying for.
Cloudmapper has quite a good README.md on GitHub, but I prefer my own way to install Cloudmapper, you can use whatever works the best for you. Follow along if you would like to try the method which uses virtualenv instead of pipenv:(I have my installation notes for Cloudmapper on my wiki too, you might find it when you do a google search)
The tool assumes that you are using pipenv to install dependencies, but if you are old school like me, then virtualenv will do just fine. This is how you create a virtualenv and activate it:
I modified the Pipfile for this project and created my own requirements.txt for pip to use. This is what my requirements.txt looked like:
Once you are done editing your requirements.txt with a text editor you can go ahead and install the dependencies in your virtualenv with pip3:
Make a copy of the default example config.json file:
Next, edit your config.json and make sure to put your account name and number in config.json(The AWS account ID’s have been omitted for obvious reasons):
You can put multiple account id’s in the Cloudmapper config. You can only run Cloudmapper on one account id at a time though.
Here is my config.json:
You need to use an AWS IAM user profile configured in ~/.aws/credentials to run Cloudmapper. You can create a user that will have read-only access to your AWS account resources by creating an IAM user and attaching the following IAM policy to it:”SecurityAudit”:
Now you can run the following command:
This is the exact command that I had to run with my config:
As the command keeps running you will see how it makes calls to the various AWS API’s for each service in each region. Take into mind that these API calls will incur some charge, but the charge should be minimal.
Cloudmapper will render your report when you run the web server with the Cloudmapper web console, but before doing that you need to run the following:
Next, run the following:
This is what you should see after running that: