๐ฐ Cost & Usage Report โ The Billing Data Firehose
Think of it as a massive CSV delivered to an S3 bucket with every single charge broken down by hour, resource, tag, and account. The most granular billing data AWS produces โ built for analysts and BI tools.
Billing tools ranked by detail level:
Pricing Calculator โ estimate before you build (no real data)
Budgets โ set thresholds, get alerts
Cost Explorer โ charts/graphs of actual spend, up to 13 months back
Cost & Usage Report โ raw data firehose, most detailed of all โฌ
this one
| ๐ Exam trigger words |
|---|
| "detailed cost breakdown per resource" ยท "feed billing data into a BI tool" โ Cost & Usage Report |
The 6 Pillars
for Architects and engineers
| Scenario signal | Pillar | One-liner |
|---|---|---|
| Single point of failure, outage, recovery | Reliability | Stay up, recover fast |
| Paying for unused resources, bill too high | Cost Optimization | Don't waste money |
| Manual processes, inconsistent deployments | Operational Excellence | Run it well and keep improving |
| Credentials exposed, no encryption | Security | Protect everything, always |
| Slow for distant users, wrong instance type | Performance Efficiency | Use the right resource for the job |
| Carbon footprint, energy, managed services | Sustainability | Minimize environmental impact |
AWS Service Scope: Global vs Regional vs Zonal
| Scope | Examples |
|---|---|
| Global | IAM, Route 53, CloudFront, WAF, STS |
| Regional | S3, RDS, EFS, Lambda, SQS, SNS, AWS Batch |
| Zonal | EC2 instances, EBS volumes |
The trick: EC2 feels regional but it's zonal โ it lives in one AZ. EBS snapshots however are regional.
All 6 CAF Perspectives โ Complete Master Table
for Business leaders AND technical teams
| Perspective | Owned by | Focuses on | Key capabilities |
|---|---|---|---|
| Business | CEO, CFO, COO | Cloud investment drives business outcomes | Strategy, portfolio, innovation |
| People | CHRO, HR leaders | Culture, skills, organizational change | Training, workforce, change management |
| Governance | CRO, Compliance | Risk, compliance, investment decisions | Portfolio management, data governance, risk |
| Platform | CTO, Architects | Architecture, infrastructure, tech standards | IaC, networking, data architecture |
| Security | CISO, Security engineers | Protect everything, detect threats | IAM, data protection, infrastructure protection |
| Operations | IT Operations, Support | Run and support cloud day to day | Incident mgmt, performance, patch management |
Exam trick: CAF is NOT just technical โ Business and People perspectives are tested heavily
Application Portfolio Management = Governance โ students always put this in Operations
CAF Security Perspective Capabilities
| Capability | Does what |
|---|---|
| Infrastructure Protection | Protects against external threats and unauthorized access |
| Identity and Access Management | Controls who accesses what |
| Data Protection | Encryption, data security at rest and in transit |
| Threat Detection | Identifies existing threats |
| Incident Response | Responds when breaches occur |
| Application Security | Secures applications specifically |
CAF Operations Perspective Capabilities
- Observability
- Event management (AIOps)
- Incident and problem management
- Change and release management
- Performance and capacity management
- Configuration management
- Patch management
- Availability and continuity management
- Application management
Trigger: "meet SLAs" + "agreed-upon service levels" โ Performance and Capacity Management
Remember: Application Portfolio Management = Governance perspective, NOT Operations
Shared Responsibility Model
| Category | Examples |
|---|---|
| AWS owns | Physical infrastructure, host OS patching, networking hardware |
| Shared | Configuration management, patch management (guest OS = you), awareness & training |
| Customer owns | Guest OS, applications, data encryption, network traffic protection, Zone Security |
The one-word trick: "host OS" = AWS. "Guest OS" = customer.
IAM Identities
| IAM Concept | CLI/Access Keys? | Notes |
|---|---|---|
| IAM User | โ Long-term credentials | Common but not best practice |
| IAM Role | โ Temporary credentials | Best practice |
| IAM Group | โ | Collection of users only |
| IAM Policy | โ | Not an identity โ it's a permission document |
Pricing Calculator vs Cost Explorer
| Tool | Use When |
|---|---|
| Pricing Calculator | Planning/estimating before you build |
| Cost Explorer | Analyzing actual spend after you've been running |
Trusted Advisor โ 5 Categories (memorize exactly)
- Cost Optimization
- Security
- Fault Tolerance
- Performance
- Service Limits
Trap answers: "Instance Usage", "Infrastructure", "Storage Capacity" โ none of these are real categories.
AWS Support Plans โ Complete Feature Matrix
| Feature | Basic | Business+ | Enterprise |
|---|---|---|---|
| Cost | Free | Paid | More expensive |
| Trusted Advisor checks | Core only | Full | Full |
| Support API | โ | โ | โ |
| Technical Account Manager (TAM) | โ | โ | โ |
| Well-Architected Reviews | โ | โ | โ |
| Operations Reviews | โ | โ | โ |
| Infrastructure Event Management | โ | โ extra fee | โ included |
| Concierge billing support | โ | โ | โ |
| Response time (critical) | None | 1 hour | 15 minutes |
| For workloads | Dev/test | Production | Mission-critical |
The rule: Business+ gets IEM for extra fee but NOT Well-Architected or Operations Reviews โ those need Enterprise
Critical: If a question mentions Well-Architected Reviews OR Operations Reviews โ Enterprise only
What Is Free vs What Costs Money
| FREE | COSTS MONEY |
|---|---|
| VPCs | EC2 instances (per hour) |
| Subnets and route tables | RDS instances (per hour) |
| IAM users, groups, roles, policies | NAT Gateway (hourly + per GB processed) |
| CloudFormation | Elastic IPs โ even attached to running instances |
| AWS Organizations | Data transfer OUT to internet |
| Security Groups and NACLs | Data transfer BETWEEN regions |
| AWS Console access | Data transfer BETWEEN AZs (small fee) |
| Inbound data transfer to AWS | EBS volumes (per GB per month) |
| S3 storage requests (mostly) | Load balancers (per hour + LCUs) |
| DNS resolution within VPC | Direct Connect (port hours + data transfer) |
| CloudWatch basic monitoring | CloudWatch detailed monitoring and custom metrics |
Biggest surprises:
- Elastic IPs cost money even when properly attached โ AWS charges to discourage IPv4 hoarding
- Data transfer INTO AWS is free โ you're never charged for uploads
- Data transfer BETWEEN AZs in same region costs a small amount โ use this to justify multi-AZ design decisions
- VPCs themselves are free โ you pay for what's inside them
- CloudFormation is free โ you pay for resources it creates
Top comments (0)