Track Those Trails
- Stephanie Gooch
- Jun 1, 2019
- 2 min read
Updated: Jun 4, 2019
Within an AWS account there is a lot going on. With over 100 services in 16 regions around the world, accounts are a constant stream of activity. Cloud Trail follows it all, like an Instagram obsessed millennial.
Arguably, unlike the millennial, it is vital to monitor these Trails especially for 'Governance, compliance and auditing', and from the work at my company I know how vital it is to keep tabs on how many trails are being created. So, with this being so important it is amazing that Amazon gives us the first one free!!
Well free-ish.
The first Cloud Trail you setup in an account, including all its management events, will be collected for free. However, the storage for this data and any data events or additional copies of management events will be charged in that region. Following this, there are two key issues to take into consideration:
Only have one Cloud Trail per account (which is free)
Store your data wisely
Focusing on the first point, setting up one trail for each of your accounts can be made simpler with the use of AWS's Organisations. Setting up an Organisation’s trail will allow you to log all events across all Accounts in your Organisation. So that’s it. Simple. One trail, for each Account, created from the master. No additional trail costs in your bill! Result!
Now that you have all these trails collecting all this data, you need to put it somewhere safe (and cost efficient). With great data comes great audit responsibilities, and that includes how long you need to keep that data. Therefore, depending on what you need to comply to will impact on your business decisions in this area. But for argument's sake let’s say you need to be able to quickly access the data for X days but after that only need to store the data for Y days. This is where AWS S3 lifecycle policies come in. Data from the logs can be stored in your S3 bucket for X days, then after that it can transition to another storage class for the remaining Y days.
So now you are thinking, that’s all well and good but what has this got to do with FinOps? Well, when you chose this other storage class you can choose a cheaper one, Glacier for example. How much cheaper? S3 Standard is $0.0390 per GB whilst Glacier is $0.004 per GB. That's only 10% of the cost though! Having these automatic process setups will stop you from wasting money without compromising your audit.
Cloud Trail was an unexpected find on my road to FinOps. Something that is so important and seems like such an obvious place not to overspend can become a money pit without even noticing. Make sure you keep an eye on the amount of trails in your account as you don't need duplicate sets of data. For example you don't need twice the amount of events logged about 'Mat the engineer' resetting his AWS password for the 10th time this week stored in two locations costing twice the price.
Sources:
Comments