65 lines
4.2 KiB
Markdown
65 lines
4.2 KiB
Markdown
---
|
||
title: "Public Cloud Learning Sessions - Budget Control - 20240319 160204-Meeting Recording"
|
||
type: source
|
||
tags: []
|
||
date: 2024-03-19
|
||
---
|
||
|
||
## Source File
|
||
- [[Cloud & DevOps/Public-Cloud-Learning-Sessions/05_FinOps/public-cloud-learning-sessions-budget-control-20240319-160204-meeting-recording.md]]
|
||
|
||
## Summary(用中文描述)
|
||
- 核心主题:AWS 账户预算控制自动化解决方案,旨在解决云账户蔓延和成本削减不可持续的问题
|
||
- 问题域:公有云成本管理、FinOps 云财务管理、SRE 运维成本控制
|
||
- 方法/机制:通过 AWS Budget Service + SNS + Lambda + Step Functions 构建多层级告警和执行机制,支持 SCP 服务控制策略进行资源创建阻断,并引入评分系统和宽限期机制避免误罚
|
||
- 结论/价值:SRE Core 团队(Daniela, Evan, Alan)实现了细粒度(资源级、用户级)的成本可视化,支持按账户负责人发送详细告警邮件,并为 FinOps 提供自动化执行手段
|
||
|
||
## Key Claims(用中文描述)
|
||
- SRE Core 团队通过预算控制自动化为账户所有者提供详细告警,包含账户支出和成本驱动因素信息,使其能够识别成本削减领域
|
||
- 当账户达到 100% 预算阈值时,系统通过评分系统决定触发严重告警或强制执行(附加 SCP 阻断新资源创建)
|
||
- AWS Budget Service 原生定制能力有限,团队通过解析邮件正文提取数据,再用 Lambda 丰富信息后发送
|
||
- Source Identity 属性实现后,即使通过角色扮演(role assumed)切换身份,CloudTrail 仍能追踪原始登录身份
|
||
|
||
## Key Quotes
|
||
> "This is the first time that we were able to get to this level of granularity." — Daniel 描述资源级成本报告的突破性
|
||
|
||
> "The scoring system and grace period calculations aim to avoid penalizing accounts that slightly exceed their budget near the end of the month." — 评分系统与宽限期设计目的
|
||
|
||
> "The source identity ensures that the original login identity is maintained across role changes, allowing CloudTrail and other services to track user activity accurately." — Source Identity 在多角色环境下的追踪价值
|
||
|
||
## Key Concepts
|
||
- [[FinOps]]:云财务管理,通过流程和技术手段优化云成本
|
||
- [[AWS Budget Service]]:AWS 原生预算告警服务,支持设定阈值触发 SNS 通知
|
||
- [[Service Control Policy (SCP)]]:AWS Organizations 服务控制策略,用于限制账户内资源操作
|
||
- [[Source Identity]]:AWS 属性,用于在多角色切换场景下追踪原始操作者身份
|
||
- [[CloudTrail]]:AWS 审计日志服务,记录账户内所有 API 操作
|
||
- [[Step Functions]]:AWS 无服务器工作流编排服务,用于告警数据丰富流程
|
||
- [[Scoring System]]:评分系统,根据账户规模和月末接近程度计算宽限期评分
|
||
- [[Grace Period]]:宽限期,避免在月末最后几天轻微超预算的账户被立即处罚
|
||
|
||
## Key Entities
|
||
- [[Daniela]]:SRE Core 团队成员,预算控制自动化项目负责人
|
||
- [[Evan]]:SRE Core 团队成员
|
||
- [[Alan]]:SRE Core 团队成员,负责 AWS Budget Alerts and Actions 实现
|
||
- [[Daniel]]:负责图表和详细成本报告的创建与讲解
|
||
- [[Oli]]:提供 Oli workflow 用于预算增加申请流程
|
||
- [[FinOps]]:财务运营团队,负责账户分类、预算更新及强制执行审批
|
||
- [[SRE Core Team]]:SRE 核心团队,开发并维护预算控制自动化系统
|
||
|
||
## Connections
|
||
- [[AWS Budget Service]] ← triggers ← [[SNS Topic]]
|
||
- [[SNS Topic]] ← invokes ← [[Lambda Function]]
|
||
- [[Lambda Function]] ← enriches data via ← [[Step Functions]]
|
||
- [[Step Functions]] ← enriches with ← Account Information + Budget Details + Owner/Manager Contacts
|
||
- [[100% Threshold Alert]] ← scores via ← [[Scoring System]]
|
||
- [[Scoring System]] ← produces ← [[Severe Alert]] or [[Enforcement Action]]
|
||
- [[Enforcement Action]] ← applies ← [[Service Control Policy (SCP)]]
|
||
- [[FinOps]] ← receives ← Notification for enforcement approval
|
||
- [[Source Identity]] ← tracked by ← [[CloudTrail]]
|
||
- [[Budget Increase Request]] ← routed via ← [[Oli Workflow]]
|
||
- [[Top Services Report]] ← data source ← [[Athena]]
|
||
- [[Top Users Report]] ← data source ← [[Cost Explorer]]
|
||
|
||
## Contradictions
|
||
- 暂无发现与其他 Wiki 页面的冲突内容
|