Mastering Terraform

9. Cost Optimization for AWS Resources (Terraform Hands On Project)

Shraddha Suryawanshi's photo
Shraddha Suryawanshi
·

3 min read

Introduction

Cost optimization is a crucial aspect of managing cloud infrastructure, as it helps in reducing unnecessary expenditures and ensuring that resources are used efficiently. AWS provides several tools to assist with cost management and optimization, including AWS Cost Explorer for cost analysis, AWS Budgets for setting spending limits and alerts, and CloudWatch Alarms for monitoring and alerting. By using Terraform, these tools can be provisioned and managed as code, enabling automated and consistent setup of cost optimization measures.

Objective

The objective is to use Terraform to implement cost optimization strategies on AWS by:

Setting up AWS Cost Explorer for cost analysis.

Creating AWS Budgets to define spending limits and receive alerts.

Configuring CloudWatch Alarms for cost-related monitoring and alerting.

Managing IAM roles to restrict access to cost-related resources, ensuring that only authorized users can view and manage cost data.

Execution

  1. Provider Configuration: Set up the AWS provider to specify the region where resources will be created.

  2. IAM Role and Policy: Create an IAM role and attach a policy that grants necessary permissions for cost management.

  3. AWS Budget: Define an AWS budget with a monthly limit of $1000 and set up notifications to be sent when the actual cost exceeds 80% of the budget.

  4. CloudWatch Alarm: Configure a CloudWatch alarm to trigger when the estimated monthly charges exceed $800.

    Main Configuration

(main.tf)

provider "aws" {
  region = var.region
}

# IAM Role for Cost Management
resource "aws_iam_role" "cost_management" {
  name = "CostManagementRole"
  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF
}

resource "aws_iam_policy" "cost_management_policy" {
  name        = "CostManagementPolicy"
  description = "Policy to allow access to cost management resources"
  policy      = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ce:*",
        "budgets:*",
        "cloudwatch:DescribeAlarms",
        "cloudwatch:GetMetricData"
      ],
      "Resource": "*"
    }
  ]
}
EOF
}

resource "aws_iam_role_policy_attachment" "cost_management_attach" {
  role       = aws_iam_role.cost_management.name
  policy_arn = aws_iam_policy.cost_management_policy.arn
}

# AWS Budget
resource "aws_budgets_budget" "monthly_budget" {
  name              = "MonthlyCostBudget"
  budget_type       = "COST"
  limit_amount      = var.budget_limit
  limit_unit        = "USD"
  time_unit         = "MONTHLY"

  notification {
    comparison_operator = "GREATER_THAN"
    notification_type   = "ACTUAL"
    threshold           = var.threshold_percentage
    threshold_type      = "PERCENTAGE"
    subscriber_email_addresses = ["youremail@example.com"]
  }
}

# CloudWatch Alarm for Budget
resource "aws_cloudwatch_metric_alarm" "cost_alarm" {
  alarm_name          = "CostAlarm"
  comparison_operator = "GreaterThanOrEqualToThreshold"
  evaluation_periods  = "1"
  metric_name         = "EstimatedCharges"
  namespace           = "AWS/Billing"
  period              = "21600" # 6 hours
  statistic           = "Maximum"
  threshold           = var.alarm_threshold
  actions_enabled     = true
  alarm_description   = "Alarm when monthly estimated charges exceed $800"
  dimensions = {
    Currency = "USD"
  }
}

variables.tf

Defining variables for the resources to make the configuration more flexible.


variable "region" {
  default = "us-west-2"
}

variable "budget_limit" {
  default = "1000"
}

variable "threshold_percentage" {
  default = 80
}

variable "alarm_threshold" {
  default = 800
}

outputs.tf

Define outputs to display important information about the created resources.

output "iam_role_arn" {
  value = aws_iam_role.cost_management.arn
}

output "budget_name" {
  value = aws_budgets_budget.monthly_budget.name
}

output "cloudwatch_alarm_name" {
  value = aws_cloudwatch_metric_alarm.cost_alarm.alarm_name
}

  1. Initialize the Terraform configuration:

     terraform init

  2. Review the execution plan:

     terraform plan

  3. Apply the configuration:

     terraform apply

This setup ensures that cost analysis, budget management, and cost-related alerts are in place, enabling effective cost optimization strategies on AWS.ens

Verification

  • AWS Budgets: The budget MonthlyCostBudget is set with a limit and email notification. The budget is configured with a Monthly time unit and a limit of $1000.

  • CloudWatch Alarm: The alarm CostAlarm is configured to trigger based on estimated charges. CloudWatch alarms are set with a threshold of $800.

  • IAM Role and Policy: The role CostManagementRole and policy are correctly set up to allow necessary permissions. IAM roles and policies are correctly attached.

Conclusion

This setup helps in monitoring and controlling AWS costs by providing timely notifications and actionable alerts based on predefined thresholds

END!!

TerraformAWShandsonprojectsstep by step