# 12 – Build financial accountability models for data and workload usage
<a name="design-principle-12"></a>

 **How do you measure and attribute the analytics workload financial accountability?** As your business continues to evolve, so will your analytics workload. Data analytics systems and the data generated from them will grow over time into a mix of both shared and isolated-team resources. Your organization should establish a financial attribution model for these resources. Teams will understand how their use of data analytics influences costs to the business and this promotes a culture of accountability and frugality. Creating a financial accountability model will allow departments to cross-charge departments for shared resources. 


|  **ID**  |  **Priority**  |  **Best practice**  | 
| --- | --- | --- | 
|  ☐ BP 12.1   |  Recommended  |  Measure data storage and processing costs per user of the workload.  | 
|  ☐ BP 12.2   |  Recommended  |  Balancing agility and skill sets - When to build local compared to centralized data analytics platforms.  | 
|  ☐ BP 12.3   |  Recommended  |  Build a common, shared processing system and measure the cost per analytics job.  | 
|  ☐ BP 12.3   |  Recommended  |  Restrict and record resource allocation permissions using AWS Identity and Access Management (IAM).  | 

 For more details, refer to the following information: 
+  AWS Cloud Financial Management Blog: [Cost Allocation Blog Series \$11: Cost Allocation Basics That You](https://aws.amazon.com/blogs/aws-cloud-financial-management/cost-allocation-basics-that-you-need-to-know/) [Need to Know](https://aws.amazon.com/blogs/aws-cloud-financial-management/cost-allocation-basics-that-you-need-to-know/) 
+  AWS Cloud Enterprise Strategy Blog: [Who Pays? Decomplexifying Technology Charges](https://aws.amazon.com/blogs/enterprise-strategy/who-pays-decomplexifying-technology-charges/) 
+  AWS Cloud Enterprise Strategy Blog: [Strategy for Efficient Cloud Cost Management](https://aws.amazon.com/blogs/enterprise-strategy/strategy-for-efficient-cloud-cost-management/) 
+  AWS Cloud Financial Management Blog: [Trends Dashboard with AWS Cost and Usage Reports, Amazon](https://aws.amazon.com/blogs/aws-cloud-financial-management/trends-dashboard-with-aws-cost-and-usage-reports-amazon-athena-and-amazon-quicksight/) [Athena, and Quick](https://aws.amazon.com/blogs/aws-cloud-financial-management/trends-dashboard-with-aws-cost-and-usage-reports-amazon-athena-and-amazon-quicksight/) 
+  AWS Well-Architected Labs: [Cost Optimization](https://wellarchitectedlabs.com/cost/) 

# Best practice 12.1 – Measure data storage and processing costs per user of the workload
<a name="best-practice-12.1---measure-data-storage-and-processing-costs-per-user-of-the-workload."></a>

 Data analytics workloads have recurring stable costs and per-use costs, for example, a weekly reporting job with relatively static data storage fees or periodic unpredictable processing runtime fees. Your organization should establish a financial attribution mechanism that captures data storage and workload usage when analytics systems are run. Using this approach, your end users (business unit, team, or individual) can be notified of their consumption at regular intervals. 

## Suggestion 12.1.1 – Use tagging or other attribution methods to identify workload and data storage ownership
<a name="suggestion-12.1.1---use-tagging-or-other-attribution-methods-to-identify-workload-and-data-storage-ownership."></a>

 Collaboration between business, IT, and finance team to agree on cost allocation, cost ownership, cost charging, and budget management. Create budget tracking policy for storage and workload using tagging. Agree on the governance approach to implement policy (that is, central and decentralize), billing allocation, charge back, and budget reporting. 

 For more details, refer to the following information: 
+  AWS Cloud Financial Management Blog: Cost [Tagging and Reporting with AWS Organizations](https://aws.amazon.com/blogs/aws-cloud-financial-management/cost-tagging-and-reporting-with-aws-organizations/) 
+  AWS Billing and Cost Management and Cost Management User Guide: [Reporting your budget metrics with budget reports](https://docs.aws.amazon.com/cost-management/latest/userguide/reporting-cost-budget.html), [Configuring AWS Budgets actions](https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-controls.html) and [Creating an Amazon SNS topic for budget notifications](https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-sns-policy.html) 

 

## Suggestion 12.1.2 – Implement cost-visibility and internal bill-back method to aggregate your teams' use of analytics resources
<a name="suggestion-12.1.2"></a>

 Notify teams of their analytics usage costs periodically. Build dashboards that provide teams visibility into how their work impacts costs to the business using a self-service approach. 

 You can view and optimize your costs through the AWS Cost and Usage Report and the Cost and Usage Dashboards Operations Solution (CUDOS) reports. 

# Best practice 12.2 – Build local or build centralized data analytics platforms
<a name="best-practice-12.2-build-local-or-centralized-data-analytics-platforms"></a>

 Teams can establish their own data analytics resources that support their analytical needs locally, rather than extracting information and transferring it to a central location. Decide when teams benefit from building local analytics resources, balancing required agility and team skillset with the need for a centralized analytics platform. 

## Suggestion 12.2.1 – Perform regular reviews of analytics operations to determine if the business can benefit from teams managing their own infrastructure
<a name="suggestion-12.2.1-perform-regular-reviews-of-analytics-operations-to-determine-if-the-business-will-benefit-from-teams-managing-their-own-infrastructure"></a>

 Teams may prefer to own and manage their own infrastructure, as this allows for more flexibility and agility in system design with fewer dependencies. Individual ownership also provides clear cost visibility. In other cases, a shared processing system can be more efficient, where teams send data requests to a central provider. Tracking request volume by team enables cost attribution. A centralized team managing infrastructure benefits multiple groups through increased resource utilization and concentrated expertise. Centralized data repositories make enriching data simpler and provide a single access point. Organizations find centralized analytics helps meet compliance and governance needs. 

 In summary, there are trade-offs between decentralized team-owned infrastructure providing more flexibility compared to centralized shared infrastructure increasing utilization and governance. Teams and centralized providers can also coordinate, with centralized systems handling some processing and team systems providing customization. The best approach depends on the specific organizational needs and structure. 

# Best practice 12.3 – Restrict and record resource allocation permissions using AWS Identity and Access Management (IAM)
<a name="best-practice-12.3---restrict-and-record-resource-allocation-permissions-using-aws-identity-and-access-management-iam."></a>

 To better control costs, create distinct IAM roles that authorize users to provision certain resources. This ensures that only permitted individuals can provision the resources they are allowed to, preventing unauthorized and unnecessary spending. 

## Suggestion 12.3.1 – Create a cost governance framework that uses specialized IAM roles, rather than individual users, to provision costly infrastructure
<a name="suggestion-12.3.1---create-a-cost-governance-framework-that-uses-specialized-iam-roles-rather-than-individual-iam-users-to-provision-costly-infrastructure."></a>

 Restrict the authorization to launch costly resources to specific IAM roles. For example, certain instances types can only be provisioned by certain teams to reduce unnecessary expenditure. 

## Suggestion 12.3.2 – Track AWS CloudTrail logs to determine overall usage-per-user and role
<a name="suggestion-12.3.2---track-iam-usage-logs-to-determine-overall-usage-per-user-and-role."></a>

 Track the usage across users and roles to get a clear understanding of resource usage. As part of your cost-allocation governance, automatically process the AWS CloudTrail logs so that cost allocation is properly attributed to the relevant department.