Programming

AWS Cost Categories with OU Structure

Introduction AWS Cost Categories help organize cloud spending by mapping costs to your business structure using rules. You can define rules based on accounts, tags, services, and more. See the official documentation for details. This article explores an approach to automatically align AWS Cost Categories with your AWS Organizations Organizational Unit (OU) structure. We'll look at the reasoning behind this method and demonstrate how to implement it using a sample Python script. Considerations Important Security Note This script is a sample. Test thoroughly before use in production. It requires execution in the Management Account to access necessary Organizations and Cost Explorer APIs. Use Least Privilege: The Management Account is critical. Do not run scripts with administrative privileges. Create a dedicated IAM role with only the minimum required permissions (see README) and use that role for execution (e.g., in CloudShell, EC2, Lambda). (Optional: Consider the more complex Delegated Administrator for Cost Management feature.) Approach Details Automation Need: OU structures change. Manual Cost Category updates are impractical. This script automates synchronization. Implementation: Cost Category rules cannot directly target OUs. This script uses the following logic: List all accounts via ListAccounts. For each account, find its OU path using ListParents. Assign the account to a category name derived from its OU path up to a specified depth (e.g., OU1-OU1A). Each account belongs only to its deepest relevant category. Generate Cost Category rules mapping the category name (Value) to the list of associated account IDs (Dimensions). Execution: Uses Python3.x/Boto3 Assumes execution from an environment like AWS CloudShell. Can be adapted for scheduled Lambda execution (requires changes for parameter input and considering execution limits). Script Features Hierarchical Categories: Creates names like Level1OU-Level2OU-.... Depth Control: A depth argument sets the granularity. The Script The complete Python script is available on GitHub. Repository: https://github.com/shu85t/PutOuCostCategory Usage: # Run from Management Account environment with correct IAM role python3 put_ou_cost_category.py : e.g., OU-Structure : e.g., 2025-04 (YYYY-MM) : e.g., 1, 2 (Integer >= 1) Example Results Here's how it works with a sample OU structure. Sample OU Structure Root ├── Management Account │ ├── Management OU │ ├── Management Tool Account1 │ └── Management Tool Account2 │ ├── Sandbox OU (No direct accounts) │ ├── Security OU │ ├── Audit Account │ └── Log Archive Account │ └── SDLC OU ├── Dev OU │ └── Workload Dev Account └── Stg OU └── Workload Staging Account Result with depth=1 Command: python3 put_ou_cost_category.py OUStructure 2025-01 1 Result: Result with depth=2 Command: python3 put_ou_cost_category.py OUStructure 2025-01 2 Result: Conclusion This script offers a method to automatically align AWS Cost Categories with your AWS Organizations OU structure. This provides a useful perspective for cost analysis, allowing you to understand costs based on the OU level categorization of accounts.

Mar 29, 2025 - 22:43
 0
AWS Cost Categories with OU Structure

Introduction

AWS Cost Categories help organize cloud spending by mapping costs to your business structure using rules. You can define rules based on accounts, tags, services, and more. See the official documentation for details.

This article explores an approach to automatically align AWS Cost Categories with your AWS Organizations Organizational Unit (OU) structure. We'll look at the reasoning behind this method and demonstrate how to implement it using a sample Python script.

Considerations

Important Security Note

  • This script is a sample. Test thoroughly before use in production.
  • It requires execution in the Management Account to access necessary Organizations and Cost Explorer APIs.
  • Use Least Privilege: The Management Account is critical. Do not run scripts with administrative privileges. Create a dedicated IAM role with only the minimum required permissions (see README) and use that role for execution (e.g., in CloudShell, EC2, Lambda).
  • (Optional: Consider the more complex Delegated Administrator for Cost Management feature.)

Approach Details

  • Automation Need: OU structures change. Manual Cost Category updates are impractical. This script automates synchronization.
  • Implementation: Cost Category rules cannot directly target OUs. This script uses the following logic:
    1. List all accounts via ListAccounts.
    2. For each account, find its OU path using ListParents.
    3. Assign the account to a category name derived from its OU path up to a specified depth (e.g., OU1-OU1A). Each account belongs only to its deepest relevant category.
    4. Generate Cost Category rules mapping the category name (Value) to the list of associated account IDs (Dimensions).
  • Execution: Uses Python3.x/Boto3 Assumes execution from an environment like AWS CloudShell. Can be adapted for scheduled Lambda execution (requires changes for parameter input and considering execution limits).

Script Features

  • Hierarchical Categories: Creates names like Level1OU-Level2OU-....
  • Depth Control: A depth argument sets the granularity.

The Script

The complete Python script is available on GitHub.

Repository:
https://github.com/shu85t/PutOuCostCategory

Usage:

# Run from Management Account environment with correct IAM role

python3 put_ou_cost_category.py
  • : e.g., OU-Structure
  • : e.g., 2025-04 (YYYY-MM)
  • : e.g., 1, 2 (Integer >= 1)

Example Results

Here's how it works with a sample OU structure.

Sample OU Structure 

Root
├── Management Account
│
├── Management OU
│   ├── Management Tool Account1
│   └── Management Tool Account2
│
├── Sandbox OU (No direct accounts)
│
├── Security OU
│   ├── Audit Account
│   └── Log Archive Account
│
└── SDLC OU
    ├── Dev OU
    │   └── Workload Dev Account
    └── Stg OU
        └── Workload Staging Account

Result with depth=1

Command:

python3 put_ou_cost_category.py OUStructure 2025-01 1

Result:
Result with depth1

Result with depth=2

Command:

python3 put_ou_cost_category.py OUStructure 2025-01 2

Result:
Result with depth1

Conclusion

This script offers a method to automatically align AWS Cost Categories with your AWS Organizations OU structure.

This provides a useful perspective for cost analysis, allowing you to understand costs based on the OU level categorization of accounts.

Read More

Tags:

Previous Article

Python for Beginners: How to Go from Basics to Advanced in 2025

Next Article

Building LiteLLM Plugins with `async_pre_call_hook` for Proxy Mode

Related Posts

Node.js Deprecation Issues: Debugging Syntax Errors and Staying Up to Date

Node.js Deprecation Issues: Debugging Syntax Errors and...

Feb 18, 2025  0

Innovative Face Anti-Spoofing Techniques – Strengthening Biometric Recognition Systems

Innovative Face Anti-Spoofing Techniques – Strengthenin...

Feb 19, 2025  0

Event Handling in React: A Beginner’s Guide

Event Handling in React: A Beginner’s Guide

Mar 23, 2025  0