Which solution will meet these requirements MOST cost-effectively?

By:
On:
In: SAP-C02
Tagged:
With: 0 Comments
A company wants to optimize AWS data-transfer costs and compute costs across developer accounts within the company’s organization in AWS Organizations.Developers can configure VPCs and launch Amazon EC2 instances in a single AWS Region.The EC2 instances retrieve approximately 1 TB of data each day from Amazon S3.The developer activity leads to excessive monthly data-transfer charges and NAT gateway processing charges between EC2 instances and S3 buckets, along with high compute costs.The company wants to proactively enforce approved architectural patterns for any EC2 instance and VPC infrastructure that developers deploy within the AWS accounts.The company does not want this enforcement to negatively affect the speed at which the developers can perform their tasks.

Which solution will meet these requirements MOST cost-effectively?

Create SCPs to prevent developers from launching unapproved EC2 instance types. Provide the developers with an AWS CloudFormation template to deploy an approved VPC configuration with S3 interface endpoints. Scope the developers’ IAM permissions so that the developers can launch VPC resources only with CloudFormation.

Create a daily forecasted budget with AWS Budgets to monitor EC2 compute costs and S3 data-transfer costs across the developer accounts. When the forecasted cost is 75% of the actual budget cost, send an alert to the developer teams. If the actual budget cost is 100%, create a budget action to terminate the developers’ EC2 instances and VPC infrastructure.

Create an AWS Service Catalog portfolio that users can use to create an approved VPC configuration with S3 gateway endpoints and approved EC2 instances. Share the portfolio with the developer accounts. Configure an AWS Service Catalog launch constraint to use an approved IAM role. Scope the developers’ IAM permissions to allow access only to AWS Service Catalog.

Create and deploy AWS Config rules to monitor the compliance of EC2 and VPC resources in the developer AWS accounts. If developers launch unapproved EC2 instances or if developers create VPCs without S3 gateway endpoints, perform a remediation action to terminate the unapproved resources.

Explanations:

While this option restricts the types of EC2 instances that can be launched and provides a predefined VPC configuration, it does not directly address the cost issues associated with data transfer and NAT gateway processing. Furthermore, it relies on developers using CloudFormation, which could still lead to some inefficiencies in implementation.

This option focuses on budget monitoring and alerts, which is reactive rather than proactive. It does not enforce compliance or approved architectures and could lead to service interruptions by terminating resources when budgets are exceeded, negatively impacting developer productivity and project timelines.

This solution proactively enforces architectural patterns through AWS Service Catalog, allowing developers to only launch approved configurations. It includes VPC configurations with S3 gateway endpoints, minimizing data transfer costs and NAT gateway charges. It also ensures compliance without hindering the developers’ speed, as they can quickly provision resources from the approved catalog.

Although this option provides compliance monitoring through AWS Config rules, it is primarily a reactive solution. It focuses on terminating unapproved resources rather than preventing their creation in the first place. This approach could disrupt development processes and does not efficiently manage data transfer costs, as it doesn’t provide a proactive architectural solution.

Leave a Reply

Your email address will not be published. Required fields are marked *

twelve − 1 =