In cloud environments like AWS, monitoring your budget is crucial to ensure cost efficiency. Budget alerts notify account holders about their spending against budget thresholds, aiding in avoiding unexpected charges.
Manually setting up budget alerts for each AWS account can be time-consuming and prone to errors. This manual process can be a hurdle, especially when dealing with multiple accounts. By automating the setup of budget alerts through org-formation, we ensure consistency, save time, and reduce the chances of human error.
Note: Setting up a new account, and adding the budget alarm tags all at the same time, triggered an error in Org-Formation during deployment. The accounts were created successfully, but the billing alarm stack returned an error. Waiting a couple of minutes and re-running the job resolved the issue. It appears that the account needs some time to set up before creating the budget alarm.
I’m now following the process of creating new accounts; I let it finish creating, and then add the tasks.
Step 1: Adding a New Budget Alert Task
To add a new budget alert task in org-formation, we’ll use the budgets template from the Org-Formation reference repository on GitHub :
Go to the org-formation reference template on GitHub.
Copy the folder named 040-budgets along with its content to the root of your org-formation repository, the one you initialized in part 1 of the series.
This template comprises two files: _tasks.yml and budgets.yml.
The budgets.yml file houses all the CloudFormation resources designated for this particular task. It sets up an AWS budget to track monthly costs, excluding AWS support costs. It configures notifications for when actual costs exceed 80% or 100% of the budget, and when forecasted costs exceed 100% of the budget. These notifications are sent to specified subscribers via an SNS (Simple Notification Service) topic.
The _tasks.yml file lists the tasks to be executed by Org-Formation. It defines a BudgetAlarms task to update (or create) CloudFormation stacks using the budgets.yml template. It dynamically generates a StackName and specifies deployment targets within the AWS Organization to accounts tagged with budget-alarm-threshold by using DefaultOrganizationBinding.
Step 2: Adding the Budget Task to Main Tasks
The next step involves adding the budget task to the main tasks. This is done by appending the following code to the organization-tasks.yml file:
Budgets:
Type: include
DependsOn: [OrganizationBuild]
Path: ./040-budgets/_tasks.yml
This tells Org-Formation to include the budget task among its execution tasks, ensuring that budget alarms are set up for all accounts tagged with budget-alarm-threshold.
Step 3: Tagging Accounts With budget-alarm-threshold
040-budgets/_tasks.yml:
Lastly, to ensure that the budget alarm task targets the correct accounts, it's essential to add the budget-alarm-threshold tag to the desired accounts.
Open organizations.yml and add the budget tags to the accounts for which you'd like to set up alarms.
TestAccount:
Type: OC::ORG::Account
Properties:
AccountName: Test Account
RootEmail: email@example.com
Tags:
budget-alarm-threshold: 5
budget-alarm-threshold-email-recipient: budget-notifications@example.com
budget-alarm-threshold: 5 sets a threshold of $5 for triggering the alarm. This tag acts as a binding that specifies which accounts the budget alarm task should be applied to, showcasing how Org-Formation manages task assignment to accounts.
budget-alarm-threshold-email-recipient: where you want to receive the alarm notifications.
Step 4: Deploy the Budget Alert Task
Now that the budget alert task has been added, it's time to deploy it. Follow these steps:
- Commit and Push Changes:
git add -u
git commit -m "Added budget alert task"
git push
2. Allow the Org-Formation pipeline to run. This will deploy and set up the budget alert task as configured.
3. Confirm Notification Subscription: After the deployment, you will receive an email to confirm the subscription for the notifications. Make sure to confirm the subscription to activate the budget alerts.
Through these steps, the budget alert task will be deployed, automating budget alerts for all the specified accounts.
Conclusion
This automation of budget alerts via Org-Formation aids in consistent monitoring across AWS accounts while saving valuable time. It's a straightforward process that significantly reduces manual effort, promoting better financial governance.
Stay tuned for Part 3 of this series, where we'll look into setting up AWS Single Sign-On (SSO) using Org-Formation, further simplifying AWS account management.
References
Org formation docs: org-formation templates