Marc Fleurant
marc@cloudscal3.com

Marc activity

57 Articles Written Last Month

0 0 0 0 0 0 0

Updated September 10th, 2024 by Marc Fleurant

Stack Configuration

FinOps Center creates IAM Roles and Policies. The Engineer deploying must have Administrative Privileges. (DO NOT INSTALL USING ROOT USER) Upon Selecting Next you will be taken to the YAML form to complete the FinOps Center Installation. Name Stack Environment Parameters: Organization Roles FinOps Center Role hierarchy naming is aligned to your orga...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Encryption

FinOps Center leverages native services encryption of data at rest and in transit.  All FinOps Center data is stored in S3 or DynamoDB when at rest. When users are accessing the application CloudFront provides the SSL connection for the frontend application. Underlying Services Security, Monitoring, and Backup...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Budget Reschedule

As a budget year proceeds, the original schedule of spending will likely change. Will the capability to reschedule the monthly spend is required it needs to be in the same partnership with the Portfolio Owner as is the case during the initial budgeting process. The New Schedule will drive the information that Management will use to determine how the...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

New Budget

Green Boarders indicate that there is a new Budget that needs to be Entered. In the table below, Product Owners will complete base on their planned spending.  Annual Budget is directly from the Chart of Account File Planned Budget is calculated as the fields are completed Unallocated Budget is the Annual Budget - Planned Budget Estimates from Spaces...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

AWS Multi-Account Cloud Financial Management Links

Below are helpful links for concepts that are helpful in keep in mind in your adoption of AWS with FinOps Center.    AWS Multi-Account Framework https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/organizing-your-aws-environment.html AWS Control Tower with Multi-Account Strategy https://docs.aws.amazon.com/controltower/lat...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Cognito Emails

The Installation will create a Cognito User Pool to manage Users and Authentication. For User Onboarding that takes place by the admin users inviting User to FinOps Center, the Welcome Email can be customized within in the Messages.  The Invitation Message is the initial Welcome.  Body Sample HTML (Must Update the Title to "Welcome to FinOps Center"...

2 min reading time
Updated September 10th, 2024 by Marc Fleurant

Embedding Amazon QuickSight

QuickSight Configuration Prior to Installing FinOps Center Pricing Plan - Enable Session based Pricing Domains and Enablement - URL of FinOps Center Create as Analysis Share Cloud Financial Management Dashboards and click Toggle to enable "Save As" (Note: When you return to Dashboard you need to refresh the page to get "Save As" Icon to create Analy...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Deployment Best Practices

While the deployment of FinOps Center is scripted, there are some best practices that should be considered during your implementation to create the best experience for users. Map AWS Accounts to Financial Budgets prior to adding users Communicate to users that they will receive emails inviting them to FinOps Center but that they should wait a day to...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

End of Month

At the end of the month, AWS Billing can go through a number of manual adjustment that manifest itself in changes in the last few days of the month Cost and Usage Report.  FinOps Center last Period Can change during the first week of the next month.    ...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Adding Amazon Q Topics

The Amazon QuickSight Subscription in your account needs to add both an Author Advance and updated to the Usage licenses of Amazon Q....

0 min reading time
Updated October 2nd, 2024 by Marc Fleurant

Overview

FinOps Center Budgets Tab has 2 Views that align to the responsibilities of the different users - Product/Portfolio & Management.  When FinOps Center consumes the budgets via the Chart of Account file the Budgets attached to the Products have been approved through the Core Financial Systems. FinOps Center is managing those Core Financial Systems...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Invoice Generation

FinOps Center creates two invoice file types: Accounts Payable and Financial Planning. The purpose for the 2 files is the Account Payable is to be used in Core Financial to Pay the AWS Bill and the Financial Planning file is spending aligned to each individual product/project budget.  CCoE for Account Payable  In addition to the Spending being aggre...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

User Mapping

During User Onboarding each user will be aligned to their Role with the Company Hierarchy Element 1/CCoE -> All Budgets Element 2 /Business Unit -> Business Unit Access Element 3 / Department -> Department Unit Access Element 4 / Portfolio Owner -> Portfolio Access Element 5 / Product Owner -> Product Access Element 0 / Admin -> Ad...

0 min reading time
Updated October 2nd, 2024 by Marc Fleurant

Product Owner - Create Estimates and Claim Resources

Product Owners are able to add estimates for their Workloads. Workload estimates can be to any url source (AWS Pricing Calculator, File Location, 3rd party) with a start date from the start of the current month forward. End dates by default are the end of the year.  Claimed Resources  Depending on whether an Estimate is created prior to the resource...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Period Definition

FinOps Center Spend Cards are a Critical Capability to drive accountability in month. As opposed to reconciling your bill at the end of the month, Spend Cards require Product Owners to Approve or Dispute their Spending with a Period. Periods are defined as the 1st of Each month through the Saturday at 11:59 Standard Periods are from 12:00AM Sunday t...

1 min reading time
Updated September 10th, 2024 by Marc Fleurant

Spend Card Workflow

Spend Card as Generated at the end of each Period.    ...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Budget Approval

Portfolio Owners need to Accept or Reject the Budget that is is submitted by the Product Owner.  Prior to a Product Owner Submitting a Product Budget, Budget Schedule will be bland without Approval or Reject Available.    When a Budget has been submitted for Approval, the Portfolio Card will be highlighted yellow to indicate that their is a budget t...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Account Mapping

AWS Account Mapping is for the initial onboarding of an AWS Account and the Remapping to align to New Budgets or to update the Mapping Allocation.  In Account Mapping the key concept is allocation. FinOps Center translates all AWS Account Level spending to a Product Level allocation that then get conveyed throughout the organization by the Users Fin...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Architecture

FinOps Center is 100% Cloud-Native leveraging a number of AWS Services. The Full Architecture runs Across Multiple AWS Account Aligned to the Multi-Acccount Strategy.   In the Master Payer Account - FinOps Center leverages the Cost & Usage Report (CUR) for Billing information. The CUR is stored in a s3 Bucket in the Master Payer Account. Custome...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Data Storage & Security

FinOps Center stores data in DynamoDB and aligns to general practices of using DynamoDB for Storage and Security. As with all data storied in DynamoDB, customers can chose to encrypt the data at rest with the default AWS Owned , AWS Managed, or Customer Managed Keys Underlying Services Security, Monitoring, and Backup...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Delegated Admin Account via Security Hub Configuration

https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html ...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Dispute

When a Spend Card is Disputed by a Product Owners the Portfolio Owners will see the dispute on their Spend Card list. The Disputed Spend card will need to be resolved likely by changing the allocation between the products by requesting the account be remapped between the Product Budgets shared by the Account.  Users should use a mix of tools to unde...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Snapshot

Snapshot provide Users Highlight of their Current Month Spending.  Column Details Current Period - Spending that has not be created card Available Credit - Credits Available to Financial Scope Monthly Spending - Month to Date Spending with Net in (Current - Applied Credit) Trends -  Trends are calculated based on current month-to-date costs compared...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Admin Configuration

The Admin Configuration Screen is accessible to the Admin User that is created during the installation of FinOps Center or additional to the initial user.   Admin users are responsible for adding users with their roles. Those Roles can be updated. Each users requires an unique email address.  Admin users also add the Amazon QuickSight Dashboards to ...

0 min reading time
Updated September 12th, 2024 by Marc Fleurant

Adding FinOps Center to VPC

FinOps Center’s components can be added to your VPC using VPC Endpoints.     S3 - Interface/Gateway Endpoint { "Version": "2012-10-17", "Id": "Policy1415115909152", "Statement": [ { "Sid": "Access-to-specific-VPCE-only", "Principal": "*", "Action": "s3:*", "Effect": "Deny", "Resource": ["arn:aws:s3:::awsexamplebucket1", "arn:aws:s3:::awsexamplebucke...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Region Supported

FinOps Center is supported in the Regions that QuickSight is Supported.     US East (Ohio) (us-east-2) US East (N. Virginia) (us-east-1) US West (Oregon) (us-west-2) Asia Pacific (Mumbai) (ap-south-1) Asia Pacific (Seoul) (ap-northeast-2) Asia Pacific (Singapore) (ap-southeast-1) Asia Pacific (Sydney) (ap-southeast-2) Asia Pacific (Tokyo) (ap-northe...

0 min reading time
Updated October 2nd, 2024 by Marc Fleurant

Spaces Overview

Spaces provide capability for Product Owners the ability to create estimates for the workloads and claim resources to that workloads. Additionally Users will see any credits aligned to that Financial Scope.  The page is organized by the financial scope at the top of the page and will show the AWS Accounts that are mapped to a specific budgets that i...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Installing FinOps Center

Installing FinOps Center is 100% Automated requiring only that the pre-requisite are completed and user has permissions to run CloudFormation. Additionally the Engineer will need to have the Business Context Document to use in the installation Script.  To Install FinOps Center you must have completed the pre-requisite installations in the target acc...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

CloudFormation Script

Below are the version of FinOps Center CloudFormation Scripts Version 24.1.0 https://cdn.document360.io/9c6c5de5-e82a-4925-8765-7cad54ea8876/Images/Documentation/FinOpsCenterStack.template%2024.1.1.json ...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Management View

Management View include Portfolio , Department, Business Unit, and CCoE Users.  Their screens are read only enabling the users to click the link to see the workload estimate.   ...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Operational Team & Playbook

FinOps Center has a low burden on Technical Operations Teams once the pre-requisite AWS components are configured and the Application is deployed.  Skills of the Technical operations Team: AWS Engineering with specific understanding of the S3 Bucket Replication, CloudFormation, VPC Configuration, and Web Application Management leveraging CloudFront....

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Weekly Cards

Weekly Cards Provide Users to understand the breakdown of spending by allocation/account that contributes to individual Spend Card.  The Chard is a Tree View that expands by clicking the Colunm. The Account Name will appear on mouse over. Period Cards are available for Current and Previous Month.  ...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Marketplace Deployment Architecture

Below is the FinOps Center Marketplace Deployment Architecture and Template FinOps Center FinOps In a Box: https://cdn.document360.io/9c6c5de5-e82a-4925-8765-7cad54ea8876/Images/Documentation/FinOpsCenterFinopsInaBoxStack.template.json ...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Budget Card Organization & Calculations

FinOps Center provides Spending and Budget Insights based on a User's Financial Scope with a Toggle between Monthly and Annual Views. Within Budget, the Tiers or Rows of Visualization is dependent on the Role of the Users. The Monthly and Annual Toggles load different data to help Users understand Spending vs Budget within monthly and annual context...

4 min reading time
Updated September 10th, 2024 by Marc Fleurant

Adding Customer Logo

Customers can update the header and login logo in the FinOps Center implementation. Customers' logo needs to have the file name customer-logo and format svg. (if you have image in different format they must be converted to svg.) The logo gets uploaded in the s3 bucket of the frontend application in the root directory.  ...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Underlying Services Security, Monitoring, and Backup

DynamoDB Encryption https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html Monitoring https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/monitoring.html Backup https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/BackupRestore.html Lambda Security https://docs.aws.amazon.com/lambda/latest/dg/...

0 min reading time
Updated September 12th, 2024 by Marc Fleurant

Chart of Account / Budget File

File Format The Chart of Account /Budget Files is a comma delimited file (csv). The hierarchy of file goes from left to right with the top or your organization being the left column to the lowest product/project in the 4th column. The First Row of the file will drive the labels of the application. Sample File: https://cdn.document360.io/9c6c5de5-e82...

1 min reading time
Updated October 2nd, 2024 by Marc Fleurant

QuickSight Row Level Security

FinOps Center integrates to QuickSight via the “Anonymous Embedding” pattern which restricts users access to billing data within AWS Account that have been aligned to their financial scope.  Within QuickSight, Datasets need to be configured both with Tag-Based rules for the Application users and the User-based rules for the Dashboard Authors.  Addin...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Upgrade and Patches

(We recommend that you keep instances with previous AMI until the upgraded installation is confirmed to be working properly. If recovery is required - you can restart the EC2 instance with the prior AMI which will update the CDK bucket with that version. Follow below instruction.) Marketplace customers will receive an email that their is a new versi...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Credit Mapping

Credit Mapping works similar to Account Mapping. As opposed to Account Mapping, Credits need to be manually entered simultaneously to when they are entered into Management Console of the Master Payer. The Credit Mapping capability is built to work with Consolidate Billing. ...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Management Views of Cards

Management Users (CCoE/Business Unit/Department) will have a view of the Spend Cards by status and within their Financial Scope.  Open Cards are Cards that have yet to had action by Product Owner Accepted Cards are Card Approved by Product Owners awaiting Action from Portfolio Owner Dispute Cards are Cards that Portfolio Owners are working to Resolv...

0 min reading time
Updated October 2nd, 2024 by Marc Fleurant

QuickSight Setup and CFM Dashboard Install

FinOps Center leverages Components that are installed during the deployment of the CUDOS Framework.  Follow the instructions to launch the CUDOS Framework from Step 3 as we already setup the Cost and Usage Report and the Bucket Replication in previous steps.  https://catalog.workshops.aws/awscid/en-US/dashboards/foundational/cudos-cid-kpi/deploy AWS...

1 min reading time
Updated September 10th, 2024 by Marc Fleurant

Variance

FinOps Center Variance Report provide the Variance in Spending by Month. Variance is Actual Billing minus the Approved Budget for the Financial Scope.  In additional to the monthly Variance, the ($$$) is the Year to Date for that Financial Scope. Red is Negative Budget. Table is Tree View that can be drilled down depending on Role  ...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

FinOps Resources and Roles

Full List of Resources Deployed during the deployment of FinOps Center:   Logical Services accountbudgetlambdarole77006F98 AWS::IAM::Role accountbudgetlambdaroleDefaultPolicy4FB21BEA AWS::IAM::Policy AccountBudgetTable0C66D07B AWS::DynamoDB::Table AccountMapping4D0F5AFB AWS::DynamoDB::Table AccountToElement1Mapping752D6570 AWS::DynamoDB::Table Accou...

3 min reading time
Updated September 10th, 2024 by Marc Fleurant

AWS Service Limits

Cognito Quotas https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html DynamoDB https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ServiceQuotas.html Lambda https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-limits.html...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Testing and Troubleshooting

FinOps Center is a web application that may experience typical issues from users around login issues or page loading (especially updates). Additionally, during the initial 24hrs of installing FinOps Center the application may be awaiting data population from the Cost & Usage Report (CUR). If users are having issues with their initial logging int...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Updating Application

Updating the application is via the AMI and CloudFormation. Upgrade and Patches...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Monthly Allocation

FinOps Center's Monthly Allocation Report is a TreeView Table that show the spending within a Financial Scope. The Table expands down to the Account Allocation with the Effective Date of the Spending by Account.  Account Name Mouse Over.   Effective Date Tooltip  ...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Financial Scope

Financial Scope provides users their Financial Scope by Allocation that is contributing to their spending.  User can get retrieve the AWS Account Name for context by mousing over the Account number.  Users can retrieve the effective dates of the Allocation by mousing over the Percentage.  Users can sort by the status Columns Definition of Status New...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Recovery

To recovery FinOps Center the application and the database need to be restored to the last know functioning state. If their is an issue with the application after patching the environment with a new release, return to the ami of the prior release and launch instance. The cdk bucket will load with the previous release. Return to the CloudFormation an...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Summary Visualization of Card Spending

On the Top Left of the Summary Page is a Visualization that Shows the Current (Previous Toggle) of Spending based on the Status of Cards Approvals. Unallocated Spend identifies AWS Account's that have yet to be mapped and have spending.     Month to Date is the Total Spending of the Users Financial Scope within that Month. This includes the spending...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Budget Management Views

CCoE, Business Unit, and Department Users are consumers of the FinOps Center Budgets. The Product and Portfolios Users are responsible for managing spending with the Management Users responsible for asking question based on the Visibility that FinOps Center Provides.  CCoE   Business unit  ...

0 min reading time
Updated September 10th, 2024 by Marc Fleurant

Business Intelligence

Users will have access to the Amazon QuickSight Cloud Intelligence Dashboards via the Business Intelligence Tab. The Access to Dashboards are depending on the Role, Financial Scope (aligned Accounts to Budgets), and the Dashboards aligned to the Role by the Admin.  ...

0 min reading time
Load More