Multi-Account Cost Management¶
🏢 Enterprise Scale Cost Optimization | Commands:
runbooks finops, multi-account discovery
Overview¶
Coordinate cost optimization across 60+ AWS accounts in a multi-account Landing Zone.
When to Use¶
| Scenario | Command | Scope |
|---|---|---|
| Organization-Wide Visibility | runbooks finops dashboard --all-profiles |
All 60+ accounts, consolidated view |
| Cross-Account Optimization | runbooks finops ec2-decommission-analysis --all-profiles |
Identify savings across all accounts |
| Multi-Account Enforcement | runbooks finops check-config-compliance --all-profiles |
Policy compliance validation |
Usage Examples¶
Example 1: Organization-Wide Cost Dashboard (10 min)
runbooks finops dashboard \
--all-profiles \
--timeframe monthly \
--format pdf \
--output-dir ./monthly-reports
# Output: Monthly report with:
# - Total spend: 63 accounts, $125K/month
# - Top 10 accounts by cost
# - Service distribution (EC2-Other, RDS, S3, etc.)
# - Account-level trends and anomalies
Example 2: Cross-Account Decommission Coordination (15 min)
runbooks finops ec2-decommission-analysis \
--all-profiles \
--threshold 80 \
--output-dir ./decommission-plan \
--format csv
# Output: All 63 accounts analyzed
# Results:
# - 150+ decommission candidates identified
# - Organized by account (easy to delegate)
# - Total savings: $18K-$22K/month
# - Low risk (confidence >80% on all)
Example 3: Compliance Audit Across Organization (5 min)
runbooks finops check-config-compliance \
--all-profiles \
--framework tagging \
--format pdf
# Output: Compliance report:
# - 95% of resources properly tagged
# - 5% non-compliant resources identified
# - Cost impact of untagged: $2.1K/month (hidden)
# - Recommendation: Tag and allocate to correct cost center
Multi-Account Profile Management¶
| Profile Type | Purpose | How to Set |
|---|---|---|
$AWS_MANAGEMENT_PROFILE |
Organizations API (account list, hierarchy) | Set in shell profile |
$AWS_BILLING_PROFILE |
Cost Explorer API (consolidated costs) | Set in shell profile |
$AWS_PROFILE (per-account) |
Individual account queries | Set or use --profile flag |
Setup example:
# ~/.zshrc
export AWS_MANAGEMENT_PROFILE=ams-admin-Org-ReadOnly
export AWS_BILLING_PROFILE=ams-admin-Billing-ReadOnly
export AWS_PROFILE=ops-account-ReadOnly
# Verify multi-account access
aws sts get-caller-identity --profile $AWS_MANAGEMENT_PROFILE
aws ce get-cost-and-usage --profile $AWS_BILLING_PROFILE \
--time-period Start=2026-04-01,End=2026-05-01
Best Practices¶
- Delegate by Account: Organize findings by account, assign optimization to account owners
- Tag Everything: Implement cost allocation tags (cost-center, environment, project)
- Review Quarterly: Schedule monthly dashboard reviews, quarterly optimization planning
- Automate Enforcement: Use AWS Config rules to catch non-compliance automatically
- Track Savings: Document baseline costs before optimization, measure results quarterly
Related Commands¶
dashboard- Single view for all accountsorganizations-list-accounts- Account inventory (Organization API)export- Multi-format output for stakeholder reporting
MCP Validation¶
Multi-account analysis validated at ≥99.5% accuracy using AWS Cost Explorer and Organizations API.
Organization size support: Up to 10,000+ accounts (tested at 63+ accounts).