Green Boarders indicate that there is a new Budget that needs to be Entered. In the table below, Product Owners will complete base on their planned spending.  Annual Budget is directly from the Chart of Account File Planned Budget is calculated as the fields are completed Unallocated Budget is the Annual Budget - Planned Budget Estimates from Spaces...

FinOps Center stores data in DynamoDB and aligns to general practices of using DynamoDB for Storage and Security. As with all data storied in DynamoDB, customers can chose to encrypt the data at rest with the default AWS Owned , AWS Managed, or Customer Managed Keys Underlying Services Security, Monitoring, and Backup...

FinOps Center creates IAM Roles and Policies. The Engineer deploying must have Administrative Privileges. (DO NOT INSTALL USING ROOT USER) Upon Selecting Next you will be taken to the YAML form to complete the FinOps Center Installation. Name Stack Environment Parameters: Organization Roles FinOps Center Role hierarchy naming is aligned to your orga...

As a budget year proceeds, the original schedule of spending will likely change. Will the capability to reschedule the monthly spend is required it needs to be in the same partnership with the Portfolio Owner as is the case during the initial budgeting process. The New Schedule will drive the information that Management will use to determine how the...

Portfolio Owners need to Accept or Reject the Budget that is is submitted by the Product Owner.  Prior to a Product Owner Submitting a Product Budget, Budget Schedule will be bland without Approval or Reject Available.    When a Budget has been submitted for Approval, the Portfolio Card will be highlighted yellow to indicate that their is a budget t...

Below are helpful links for concepts that are helpful in keep in mind in your adoption of AWS with FinOps Center.    AWS Multi-Account Framework https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/organizing-your-aws-environment.html AWS Control Tower with Multi-Account Strategy https://docs.aws.amazon.com/controltower/lat...

FinOps Center leverages native services encryption of data at rest and in transit.  All FinOps Center data is stored in S3 or DynamoDB when at rest. When users are accessing the application CloudFront provides the SSL connection for the frontend application. Underlying Services Security, Monitoring, and Backup...

FinOps Center’s components can be added to your VPC using VPC Endpoints.     S3 - Interface/Gateway Endpoint { "Version": "2012-10-17", "Id": "Policy1415115909152", "Statement": [ { "Sid": "Access-to-specific-VPCE-only", "Principal": "*", "Action": "s3:*", "Effect": "Deny", "Resource": ["arn:aws:s3:::awsexamplebucket1", "arn:aws:s3:::awsexamplebucke...

The Installation will create a Cognito User Pool to manage Users and Authentication. For User Onboarding that takes place by the admin users inviting User to FinOps Center, the Welcome Email can be customized within in the Messages.  The Invitation Message is the initial Welcome.  Body Sample HTML (Must Update the Title to "Welcome to FinOps Center"...

QuickSight Configuration Prior to Installing FinOps Center Pricing Plan - Enable Session based Pricing Domains and Enablement - URL of FinOps Center Create as Analysis Share Cloud Financial Management Dashboards and click Toggle to enable "Save As" (Note: When you return to Dashboard you need to refresh the page to get "Save As" Icon to create Analy...

While the deployment of FinOps Center is scripted, there are some best practices that should be considered during your implementation to create the best experience for users. Map AWS Accounts to Financial Budgets prior to adding users Communicate to users that they will receive emails inviting them to FinOps Center but that they should wait a day to...

At the end of the month, AWS Billing can go through a number of manual adjustment that manifest itself in changes in the last few days of the month Cost and Usage Report.  FinOps Center last Period Can change during the first week of the next month.    ...

The Amazon QuickSight Subscription in your account needs to add both an Author Advance and updated to the Usage licenses of Amazon Q....

FinOps Center Budgets Tab has 2 Views that align to the responsibilities of the different users - Product/Portfolio & Management.  When FinOps Center consumes the budgets via the Chart of Account file the Budgets attached to the Products have been approved through the Core Financial Systems. FinOps Center is managing those Core Financial Systems...

FinOps Center creates two invoice file types: Accounts Payable and Financial Planning. The purpose for the 2 files is the Account Payable is to be used in Core Financial to Pay the AWS Bill and the Financial Planning file is spending aligned to each individual product/project budget.  CCoE for Account Payable  In addition to the Spending being aggre...

During User Onboarding each user will be aligned to their Role with the Company Hierarchy Element 1/CCoE -> All Budgets Element 2 /Business Unit -> Business Unit Access Element 3 / Department -> Department Unit Access Element 4 / Portfolio Owner -> Portfolio Access Element 5 / Product Owner -> Product Access Element 0 / Admin -> Ad...

Product Owners are able to add estimates for their Workloads. Workload estimates can be to any url source (AWS Pricing Calculator, File Location, 3rd party) with a start date from the start of the current month forward. End dates by default are the end of the year.  Claimed Resources  Depending on whether an Estimate is created prior to the resource...

FinOps Center Spend Cards are a Critical Capability to drive accountability in month. As opposed to reconciling your bill at the end of the month, Spend Cards require Product Owners to Approve or Dispute their Spending with a Period. Periods are defined as the 1st of Each month through the Saturday at 11:59 Standard Periods are from 12:00AM Sunday t...

Spend Card as Generated at the end of each Period.    ...

AWS Account Mapping is for the initial onboarding of an AWS Account and the Remapping to align to New Budgets or to update the Mapping Allocation.  In Account Mapping the key concept is allocation. FinOps Center translates all AWS Account Level spending to a Product Level allocation that then get conveyed throughout the organization by the Users Fin...

FinOps Center is 100% Cloud-Native leveraging a number of AWS Services. The Full Architecture runs Across Multiple AWS Account Aligned to the Multi-Acccount Strategy.   In the Master Payer Account - FinOps Center leverages the Cost & Usage Report (CUR) for Billing information. The CUR is stored in a s3 Bucket in the Master Payer Account. Custome...

https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html ...

When a Spend Card is Disputed by a Product Owners the Portfolio Owners will see the dispute on their Spend Card list. The Disputed Spend card will need to be resolved likely by changing the allocation between the products by requesting the account be remapped between the Product Budgets shared by the Account.  Users should use a mix of tools to unde...

Snapshot provide Users Highlight of their Current Month Spending.  Column Details Current Period - Spending that has not be created card Available Credit - Credits Available to Financial Scope Monthly Spending - Month to Date Spending with Net in (Current - Applied Credit) Trends -  Trends are calculated based on current month-to-date costs compared...

The Admin Configuration Screen is accessible to the Admin User that is created during the installation of FinOps Center or additional to the initial user.   Admin users are responsible for adding users with their roles. Those Roles can be updated. Each users requires an unique email address.  Admin users also add the Amazon QuickSight Dashboards to ...

FinOps Center is supported in the Regions that QuickSight is Supported.     US East (Ohio) (us-east-2) US East (N. Virginia) (us-east-1) US West (Oregon) (us-west-2) Asia Pacific (Mumbai) (ap-south-1) Asia Pacific (Seoul) (ap-northeast-2) Asia Pacific (Singapore) (ap-southeast-1) Asia Pacific (Sydney) (ap-southeast-2) Asia Pacific (Tokyo) (ap-northe...

Spaces provide capability for Product Owners the ability to create estimates for the workloads and claim resources to that workloads. Additionally Users will see any credits aligned to that Financial Scope.  The page is organized by the financial scope at the top of the page and will show the AWS Accounts that are mapped to a specific budgets that i...

Installing FinOps Center is 100% Automated requiring only that the pre-requisite are completed and user has permissions to run CloudFormation. Additionally the Engineer will need to have the Business Context Document to use in the installation Script.  To Install FinOps Center you must have completed the pre-requisite installations in the target acc...

Below are the version of FinOps Center CloudFormation Scripts Version 24.1.0 https://cdn.document360.io/9c6c5de5-e82a-4925-8765-7cad54ea8876/Images/Documentation/FinOpsCenterStack.template%2024.1.1.json ...

Management View include Portfolio , Department, Business Unit, and CCoE Users.  Their screens are read only enabling the users to click the link to see the workload estimate.   ...

FinOps Center has a low burden on Technical Operations Teams once the pre-requisite AWS components are configured and the Application is deployed.  Skills of the Technical operations Team: AWS Engineering with specific understanding of the S3 Bucket Replication, CloudFormation, VPC Configuration, and Web Application Management leveraging CloudFront....

Weekly Cards Provide Users to understand the breakdown of spending by allocation/account that contributes to individual Spend Card.  The Chard is a Tree View that expands by clicking the Colunm. The Account Name will appear on mouse over. Period Cards are available for Current and Previous Month.  ...

Below is the FinOps Center Marketplace Deployment Architecture and Template FinOps Center FinOps In a Box: https://cdn.document360.io/9c6c5de5-e82a-4925-8765-7cad54ea8876/Images/Documentation/FinOpsCenterFinopsInaBoxStack.template.json ...

FinOps Center provides Spending and Budget Insights based on a User's Financial Scope with a Toggle between Monthly and Annual Views. Within Budget, the Tiers or Rows of Visualization is dependent on the Role of the Users. The Monthly and Annual Toggles load different data to help Users understand Spending vs Budget within monthly and annual context...

Customers can update the header and login logo in the FinOps Center implementation. Customers' logo needs to have the file name customer-logo and format svg. (if you have image in different format they must be converted to svg.) The logo gets uploaded in the s3 bucket of the frontend application in the root directory.  ...

DynamoDB Encryption https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html Monitoring https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/monitoring.html Backup https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/BackupRestore.html Lambda Security https://docs.aws.amazon.com/lambda/latest/dg/...

File Format The Chart of Account /Budget Files is a comma delimited file (csv). The hierarchy of file goes from left to right with the top or your organization being the left column to the lowest product/project in the 4th column. The First Row of the file will drive the labels of the application. Sample File: https://cdn.document360.io/9c6c5de5-e82...

FinOps Center integrates to QuickSight via the “Anonymous Embedding” pattern which restricts users access to billing data within AWS Account that have been aligned to their financial scope.  Within QuickSight, Datasets need to be configured both with Tag-Based rules for the Application users and the User-based rules for the Dashboard Authors.  Addin...

(We recommend that you keep instances with previous AMI until the upgraded installation is confirmed to be working properly. If recovery is required - you can restart the EC2 instance with the prior AMI which will update the CDK bucket with that version. Follow below instruction.) Marketplace customers will receive an email that their is a new versi...

Credit Mapping works similar to Account Mapping. As opposed to Account Mapping, Credits need to be manually entered simultaneously to when they are entered into Management Console of the Master Payer. The Credit Mapping capability is built to work with Consolidate Billing. ...

Management Users (CCoE/Business Unit/Department) will have a view of the Spend Cards by status and within their Financial Scope.  Open Cards are Cards that have yet to had action by Product Owner Accepted Cards are Card Approved by Product Owners awaiting Action from Portfolio Owner Dispute Cards are Cards that Portfolio Owners are working to Resolv...

FinOps Center leverages Components that are installed during the deployment of the CUDOS Framework.  Follow the instructions to launch the CUDOS Framework from Step 3 as we already setup the Cost and Usage Report and the Bucket Replication in previous steps.  https://catalog.workshops.aws/awscid/en-US/dashboards/foundational/cudos-cid-kpi/deploy AWS...

FinOps Center Variance Report provide the Variance in Spending by Month. Variance is Actual Billing minus the Approved Budget for the Financial Scope.  In additional to the monthly Variance, the ($$$) is the Year to Date for that Financial Scope. Red is Negative Budget. Table is Tree View that can be drilled down depending on Role  ...

Full List of Resources Deployed during the deployment of FinOps Center:   Logical Services accountbudgetlambdarole77006F98 AWS::IAM::Role accountbudgetlambdaroleDefaultPolicy4FB21BEA AWS::IAM::Policy AccountBudgetTable0C66D07B AWS::DynamoDB::Table AccountMapping4D0F5AFB AWS::DynamoDB::Table AccountToElement1Mapping752D6570 AWS::DynamoDB::Table Accou...

Cognito Quotas https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html DynamoDB https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ServiceQuotas.html Lambda https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-limits.html...

FinOps Center is a web application that may experience typical issues from users around login issues or page loading (especially updates). Additionally, during the initial 24hrs of installing FinOps Center the application may be awaiting data population from the Cost & Usage Report (CUR). If users are having issues with their initial logging int...

Updating the application is via the AMI and CloudFormation. Upgrade and Patches...

FinOps Center's Monthly Allocation Report is a TreeView Table that show the spending within a Financial Scope. The Table expands down to the Account Allocation with the Effective Date of the Spending by Account.  Account Name Mouse Over.   Effective Date Tooltip  ...

Financial Scope provides users their Financial Scope by Allocation that is contributing to their spending.  User can get retrieve the AWS Account Name for context by mousing over the Account number.  Users can retrieve the effective dates of the Allocation by mousing over the Percentage.  Users can sort by the status Columns Definition of Status New...

To recovery FinOps Center the application and the database need to be restored to the last know functioning state. If their is an issue with the application after patching the environment with a new release, return to the ami of the prior release and launch instance. The cdk bucket will load with the previous release. Return to the CloudFormation an...

On the Top Left of the Summary Page is a Visualization that Shows the Current (Previous Toggle) of Spending based on the Status of Cards Approvals. Unallocated Spend identifies AWS Account's that have yet to be mapped and have spending.     Month to Date is the Total Spending of the Users Financial Scope within that Month. This includes the spending...

CCoE, Business Unit, and Department Users are consumers of the FinOps Center Budgets. The Product and Portfolios Users are responsible for managing spending with the Management Users responsible for asking question based on the Visibility that FinOps Center Provides.  CCoE   Business unit  ...

Users will have access to the Amazon QuickSight Cloud Intelligence Dashboards via the Business Intelligence Tab. The Access to Dashboards are depending on the Role, Financial Scope (aligned Accounts to Budgets), and the Dashboards aligned to the Role by the Admin.  ...