Which solution will meet these requirements with the LEAST operational overhead?
Instruct each developer to tag all their resources with a tag that has a key of CostCenter and a value of the developer’s name. Use the required-tags AWS Config managed rule to check for the tag. Create an AWS Lambda function to terminate resources that do not have the tag. Configure AWS Cost Explorer to send a daily report to each developer to monitor their spending.
Use AWS Budgets to establish budgets for each developer account. Set up budget alerts for actual and forecast values to notify developers when they exceed or expect to exceed their assigned budget. Use AWS Budgets actions to apply a DenyAll policy to the developer’s IAM role to prevent additional resources from being launched when the assigned budget is reached.
Use AWS Cost Explorer to monitor and report on costs for each developer account. Configure Cost Explorer to send a daily report to each developer to monitor their spending. Use AWS Cost Anomaly Detection to detect anomalous spending and provide alerts.
Use AWS Service Catalog to allow developers to launch resources within a limited cost range. Create AWS Lambda functions in each AWS account to stop running resources at the end of each work day. Configure the Lambda functions to resume the resources at the start of each work day.
Explanations:
Using tags for resource tracking and implementing AWS Lambda for enforcement adds operational overhead. AWS Config and Lambda require regular maintenance and updates. Additionally, this approach does not prevent developers from exceeding their budgets.
AWS Budgets provides a straightforward way to set budget limits and send alerts. Using AWS Budgets actions to apply a DenyAll policy effectively prevents further resource creation once the budget is exceeded, minimizing operational overhead.
AWS Cost Explorer and Cost Anomaly Detection help track and report costs but do not directly limit resource usage or prevent budget overages. These tools are primarily for monitoring and reporting, not for enforcing limits.
Using AWS Service Catalog and Lambda functions introduces manual intervention for resource management. Stopping and starting resources daily can be complex to manage, and developers may face disruptions, increasing operational overhead.
I opine that the answer is:
Use AWS Budgets to establish budgets for each developer account. Set up budget alerts for actual and forecast values to notify developers when they exceed or expect to exceed their assigned budget. Use AWS Budgets actions to apply a DenyAll policy to the developer’s IAM role to prevent additional resources from being launched when the assigned budget is reached.