On 12/3/25 3:29 AM, Miroslav Suchý wrote:
Dne 02. 12. 25 v 6:42 odp. Michael Winters napsal(a):
FYI I'm happy to help with FinOps, CI/CD, etc. Is there a path for me
here?
Clearly defined path? No.
Opportunities? Yes.
Your email is a good start. Let me know if you prefer to coordinate
elsewhere, though email is fine with me. I'm in USA timezones.
Also, let me know if there are other places I should look for AWS TODOs
and WIP. It sounds like "Fedora Infra" is only one of many users in
this space.
I forked original awspricing module and made some improvements, but it
is not on pypi and definitely needs some polishing and improvemts
https://github.com/xsuchy/awspricing-ng
I have two major scripts
https://github.com/xsuchy/fedora-infra-scripts/blob/main/aws-resources-
without-tag.py
https://github.com/xsuchy/fedora-infra-scripts/blob/main/
get_current_usage.py
The check of snapshots is not finished. It would be great to check other
resources: floating IPs, S3,...
And maybe report more realistic data than current ($USAGE_NOW * 30 days).
Additional idea can be to crosscheck what is allocated in AWS and what
we have in ansible.git in inventory https://pagure.io/fedora-infra/
ansible/ and report differences.
Thanks, I'll take a look at these scripts. However, there are many ways
to accomplish the same thing with existing tools which IMO would be more
effective than homegrown tooling.
SUGGESTED AWS ACCOUNT MANAGEMENT ROADMAP:
1. Cloud Custodian - https://cloudcustodian.io/
Governance tooling which has been around forever. My very first step
would be to deploy this and set up some basic policies (such as required
tagging) in non-enforcing mode.
2. Establish a tagging policy
Tag all existing resources based on Cloud Custodian reports, and
eventually enable enforcement to prevent new untagged resources from
being created. This is SOP in any corporate environments and is
basically a prerequisite to reasonable FinOps.
3. Create billing / usage alerts and reporting
Having zero alerting is a recipe for large accidents. There are many
options with both AWS-native and OSS tooling which are better than
homegrown.
I would get minimal alerting in place ASAP with a generic "everyone"
alerting target, then iterate to tie alerts to the resource owners,
establish thresholds per group, etc.
We'd need to discuss which implementation to use based on A) what
permissions we have with our AWS account, B) what governance policies
are in place (or would be preferred), and C) the current technical
roadmap for AWS resource management.
If any of this sounds plausible / feasible, let me know how I can help
get this moving. I'd love to have a conversation with whomever is the
responsible party for governance / security / cost in this account, so
we can align on a roadmap.
Otherwise I'll look for some low-hanging fruit in the existing scripts.
Michael Winters
--
_______________________________________________
infrastructure mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
