Apptio for All

One of the most common questions I get asked by new FinOps practitioners, especially from those with a Finance background, is where to start learning about the cloud.  Since each CSP (Cloud Service Provider) is going to have its own terms, conditions, and taxonomy it can get a little overwhelming!  So where to begin?

For this article let's dive into Amazon Web Services (AWS), we'll be covering the two other major CSPs later.  This is by no means comprehensive training about AWS, but hopefully, this will give you a starting point for some of the most common terms you'll encounter.  Where I could I've included links to the web pages for the specific services as well.

AWS Top Three Core Services

• Amazon EC2 – EC2 is quite probably the most common type of AWS server you're going to encounter and stands for Elastic Compute Cloud.  It's a virtual machine that represents the physical server for you to deploy your applications.
• AWS RDS – RDS stands for Relational Database Service.  This is the managed service that will control your company's databases in AWS.  There are many different variants depending on the type of database your company uses, but for the moment learning what this service is for is a great starting point.
• AWS S3 – S3 stands for Simple Storage Service and is AWS's primary storage service.  For this service I recommend knowing that there are, at the highest level, three tiers of storage and one associated tiering service.  S3 starts with Standard storage for items you access continuously, Infrequent access for items you only need to access intermittently, and Glacier for long term back ups such as log files you are required to keep for regulatory reasons.  The related service is called Intelligent Tiering, which at a high level can be used to automatically shift your data to a cheaper tier of storage based upon your data access patterns.  Your company's cloud storage policies can be a great starting place for any new FinOps team and is well worth investigating.

AWS and Geography

Within AWS you'll begin to hear two terms, Region and Availability Zone, as the way AWS divides the world geographically.  In AWS terms they divide the world first into Regions, but then those Regions are broken into Availability Zones.  There are currently 22 Regions and 69 AZ and many AWS services offering pricing options related to choices you've made related to the two.

• Region – A Region is a physical location, somewhere in the world, that contains a cluster of AWS data centers. Regions themselves are subdivided into Availability Zones (AZ) that are physically separated from one another.  Part of managing your cloud costs will be discussing which Region services should be hosted from, but as a good starting point concentrate on remembering the concept first.
• Availability Zones – These are the discrete data centers, each physically separated and with its own infrastructure, that are within a Region.  All AZ are interconnected but physically separated and with separate infrastructure support, to ensure redundancy.  There will be a variety of amounts of AZ depending on the Region, although each will be within 60 miles of the others.

AWS Management Tools

While the AWS internal management tools may not be something you'll end up using yourselves it's a good option to know what these tools are.  Here are the top four that you will probably encounter.

• Identity and Access Management (IAM) – This is AWS's access control for all services and resources. Through IAM your admins will specify who can access what resources and services, and under which conditions, by managing your overall cloud permissions. AWS permissions are designed to ensure least-privilege permissions.  (Least privilege means that users will be given the minimum levels of access, or permissions, needed to perform their job.)
• AWS CloudTrail – CloudTrail is AWS's service to track specific activities within your AWS environments. You may need to refer to this API-based service that logs and monitors all Web services offered by AWS.  This is how to identify who's taken specific actions, which can be essential in researching anomalous spending for instance.
• AWS CloudWatch – This is the monitoring service within AWS. It's used to monitor applications and performance, along with additional metrics, system-wide.  It also provides actional insights and may be referred to by the Cloud Engineers you meet with for why certain changes may be recommended or needed.
• AWS Config – Config is the service that enables you to assess, audit, and evaluate the configurations of your AWS resources.  This service may be referred to by your Cloud Engineers to show rationales of why it may be necessary to make configuration changes to your AWS infrastructure.  This is different than CloudWatch, though sometimes the two can be confused.  Just remember that Config only handles configuration, but CloudWatch is for monitoring services and apps.

I hope this helps as you get started, but always remember this is a marathon, not a sprint.  Start by learning the basics and you'll find you'll quickly build into a more complex understanding of AWS, as well as feeling more informed as you continue your FinOps process.