Well managed applications save up to hundreds of thousands of dollars in infrastructure costs, enable you to scale efficiently and make your infrastructure more agile and secure. In this blog, Samrat Priyadarshi, Sam for friends, will take you through the work he did with a large online pharmacy. He’ll zoom into the detail of how he helped slash their AWS bill by as much as $300,000, with lots of insight how you can start running Well-Managed Applications yourself. MontyCloud DAY2™ encapsulates these best practices so you can run well-managed applications on AWS, without writing or managing code.
Give it a try today!
– Sabrinath S. Rao
Micro-services applications lead to resource sprawl
One of the largest online pharmacies in the United States, enables customers to fill their prescriptions online and pick up at one of their 50,000 partner locations around all 50 states. All their applications that run their business including their commerce platform, inventory control, partner integrations and order processing to name a few, run on AWS. These applications are built by multiple teams using modern cloud applications architectures, using multiple AWS services including:
Over time each team created their own accounts, provisioned their own resources and implemented their own policies. This led to unintentional account sprawl, over 20% in excess, over provisioned resources, inconsistent governance and management complexity. The most visible symptom was skyrocketing costs, growing by roughly half a million US Dollar year over year, including significant waste. In this blog I talk about how MontyCloud helped this online pharmacy get control over their spend and governance by running well-managed applications.
First discover, inventory, tag and organize all the AWS resources
The first step to cost control is understand the spend in the first place. So, my team and I used MontyCloud’s proprietary intellectual property to first discover all the deployed AWS resources. Next, we developed a tagging scheme with the customer for every deployed AWS resource instance. The tagging scheme, which is in use now, includes the application ID, department that owns the application and the infrastructure code pipeline ID.
Contextually organizing your resources is the foundation to efficiency and cost control
Once we tagged all the deployed resources, we were able to develop usage associations. The usage associations helped us organize the resources by applications. Organization is pivotal, because just like all the customers we see, it revealed two fundamental building blocks:
- In aggregate, 20% – 30% of the resources were either over provisioned or orphaned.
- With the tags and information from past bills we have all the information to analyse application specific consumption patterns and spend.
Leveraging volume discounts and reserved-instance pricing
After eliminating the orphaned resources, we developed scripts to analyze costs and usage patterns by application and by department over time. We discovered that for the major AWS services such as EC2, RDS, S3, EMR and Redshift at least 50% of the consumption was predictable. Furthermore, we discovered that many of the account owners were buying them individually and did not qualify for volume discounts.
This customer now centralizes purchasing. This simple change enables them to:
- Buy 50% of their compute capacity for EC2, RDS and others through reserved instances with a 1-year commitment, as opposed to on-demand
- Negotiate volume discounting through AWS Enterprise Discount Program (EDP)
These two changes alone saves the customer over $200,000 annually.
Well-Managed Applications begin with Well-Architected Deployments
The online pharmacy uses Terraform Enterprise for their deployments. To ensure that newly deployed resources are tagged, compliant and manageable, my team helped the customer harden their deployment templates with the right account credentials, deployment privileges and the tagging schemas. The customer now self-services their deployments, maintaining the agility but putting appropriate guardrails so the applications and application environments are compliant and manageable.
Switching from NAT Gateways to VPC Endpoints makes the environment more secure and reduces costs
The environment was using NAT Gateways to communicate between accounts as well as between resources. This is insecure because every request path is now routed through the public internet. It is also more expensive. Even considering public prices: (valid at the time of publication for the applicable regions)
- Price per NAT Gateway per hour = $0.045
- Price per VPC endpoint = $0.01
- Price per GB data processed = $0.045
- Price per GB data processed = $0.01
We replaced NAT Gateways with VPC endpoints which uses AWS PrivateLink. Their networking costs are now 75% lower. Also, now the environment is more secure as all communication is over a private encrypted connection. The users get better performance because there is no internet gateway, NAT device, a VPN connection or a AWS Direct Connect connection in the code path. Furthermore, because we use Private DNS, the traffic is automatically routed through the VPC endpoints without any application changes. By implementing these best-practices networking cost is reduced by 75%.
MontyCloud helped reduce the AWS bills by $300,000 annually
The online pharmacy reduced their annual AWS bill by $300,000 through cost consolidation and better insights into their applications. In the process, they enable compliant deployments without compromising agility through well-architected infrastructure as code blueprints. They now also run more efficient and secure operations. The online pharmacy estimates their aggregate savings in people, process and time to exceed $500,000. They anticipate using these savings to further automate their environment through no-code DevOps.
Bringing the same No-Code Deployment and CloudOps excellence to you
This online pharmacy is one of our earliest customers. The partnership with them helps inform the capabilities we codify and bring to you in MontyCloud DAY2™. For example, the DAY2™ VPC Blueprint showcased below was influenced by this customer. Now with a few simple clicks and a few parameters you can deploy your own VPC Endpoints, instead of weeks if not months of coding and testing.
We also automated discovery, inventory, tagging and organization in the application context based on our learnings from this online pharmacy and other customers across academia, retail, software and research. MontyCloud DAY2™ helps you deploy complex applications through compliant Infrastructure as Code blueprints and automatically discover and manage the resources in the applications and business context. We encapsulate the complex management concepts into easily useable code so you can run Well-Managed applications through No-Code CloudOps. If there are other use cases or best practices we should consider, please provide us your feedback. We love hearing from you.