AWS Monitoring & Management
License Manager
Track and manage software licenses from vendors like Microsoft and SAP
AWS License Manager helps you track, manage, and control the use of software licenses from vendors like Microsoft, Oracle, SAP, and IBM across your AWS and on-premises infrastructure, preventing costly licensing violations. It enforces hard limits on license consumption, automates tracking across EC2 instances and AMIs, and integrates with AWS Organizations for organization-wide visibility.
License Configurations - Defining Rules for License Consumption
A license configuration in License Manager defines a set of rules based on a licensing agreement. It specifies the counting dimension (vCPU, CPU core, physical host, instance count, socket) and the license limit. You then associate this configuration with AMIs, instance types, or CloudFormation templates.
| Counting Dimension | Description | Use Case |
|---|---|---|
| vCPU | Count virtual CPUs across all running instances using the AMI | Microsoft SQL Server Standard (per-core licensing) |
| Core | Physical core count (dedicate hosts only) | Oracle Database (physical core licensing) |
| Socket | Physical CPU socket (dedicated hosts only) | Some IBM software |
| Instance | Count of running instances using a specific AMI | Per-instance or per-server licensing |
| Dedicated Host | Number of Dedicated Hosts running a specific software | Software with host-level licensing |
# Create a license configuration for SQL Server Standard (per-vCPU)
aws license-manager create-license-configuration \
--name "SQL-Server-Standard-50-vCPU" \
--description "SQL Server Standard - 50 vCPU limit" \
--license-counting-type vCPU \
--license-count 50 \
--license-count-hard-limit # Hard limit = block new instances if limit exceeded
# Associate with an AMI
aws license-manager update-license-specifications-for-resource \
--resource-arn arn:aws:ec2:us-east-1:123456789012:image/ami-xxxxxxxxxx \
--add-license-specifications "LicenseConfigurationArn=arn:aws:license-manager:..."Hard limits block new instance launches when the license count is exceeded, which can cause production deployments to fail. Soft limits only generate an alert. For non-negotiable license caps, use hard limits. For visibility without blocking, use soft limits with SNS alerts.
Automated Discovery and Inventory Across EC2 and On-Premises
License Manager can automatically discover software on managed instances (EC2 and on-premises via SSM) without requiring manual tracking. Systems Manager Inventory collects installed application data, and License Manager uses this to identify license usage.
| Discovery Method | How It Works | What It Finds |
|---|---|---|
| AMI association | Tag AMIs with license configurations; all instances from that AMI are tracked | Instances launched from licensed AMIs |
| Systems Manager Inventory | SSM agent reports installed applications; License Manager ingests this data | Software installations regardless of launch source |
| Automated Discovery (License Manager) | Scans for common licensed software (SQL Server, Windows Server, etc.) using SSM | SQL Server, Windows Server, RHEL editions |
Automated discovery reports found in License Manager distinguish between licensed (tracked) and unlicensed (not tracked) instances. This gap analysis is valuable for compliance audits - you want zero instances using licensed software that aren't tracked.
License Manager discovery works only on instances managed by Systems Manager. Ensure all EC2 instances have the SSM agent installed and an appropriate IAM instance profile. Instances missing the SSM agent will not appear in License Manager inventory.
Organization-Wide License Management and Seller Managed Licenses
License Manager integrates with AWS Organizations to share license configurations across accounts without re-creating them in each account. The management account creates configurations, and member accounts inherit them.
| Feature | Description |
|---|---|
| Cross-account visibility | Aggregate license usage across all accounts in the org from the management account |
| License configuration sharing | Share configurations from management account to all OUs and accounts |
| Consolidated reporting | Single compliance report showing total license usage across the org vs limits |
| AWS Marketplace licenses | Licenses purchased through Marketplace are automatically tracked and can be distributed to member accounts |
Seller Managed Licenses (formerly License Type Conversions) allow software vendors to publish licenses in License Manager that customers purchase and use directly, with the vendor retaining control over distribution rules. This eliminates the need for bring-your-own-license (BYOL) tracking for participating vendors.
# Enable cross-account discovery at the organization level
aws license-manager update-service-settings \
--enable-cross-accounts-discovery \
--s3-bucket-arn arn:aws:s3:::my-license-reports-bucket
# Get aggregated license usage across the organization
aws license-manager list-usage-for-license-configuration \
--license-configuration-arn arn:aws:license-manager:us-east-1:123456789012:license-configuration:lic-xxxxxxxxxxLicensing Cost Implications - Dedicated Hosts and License Mobility
License Manager plays a central role in determining when Dedicated Hosts are required vs when shared tenancy is sufficient - a decision with major cost implications for Microsoft and Oracle licenses.
| License Type | Shared Instance | Dedicated Instance | Dedicated Host |
|---|---|---|---|
| Windows Server | BYOL not allowed; use AWS-provided license | BYOL not allowed | BYOL allowed (host affinity required) |
| SQL Server (BYOL) | Not allowed without Software Assurance | Not allowed | Allowed - must track host sockets/cores |
| RHEL | Allowed (BYOL) | Allowed (BYOL) | Allowed (BYOL) |
| Oracle Database | Not licensed by Oracle on cloud shared infra | Not licensed by Oracle | Technically supported but Oracle licensing is complex |
Oracle Database licensing on AWS is one of the most complex and expensive cloud licensing topics. Oracle does not recognize AWS Dedicated Hosts as "licensed" infrastructure under most agreements. Consult your Oracle licensing agreement and an Oracle licensing specialist before migrating Oracle workloads to AWS.
AWS License Included options for SQL Server and Windows Server are often cheaper than BYOL on Dedicated Hosts for small deployments. Run the numbers: License Included on On-Demand vs BYOL on Reserved Dedicated Hosts. For large SQL Server deployments, BYOL with Dedicated Hosts and Reserved pricing typically wins at scale.
Interview Focus Points
- 1What is a license configuration in License Manager and what counting dimensions are supported?
- 2What is the difference between a hard limit and a soft limit in License Manager?
- 3Why do some Microsoft SQL Server licenses require Dedicated Hosts and how does License Manager help track this?
- 4How does License Manager use Systems Manager to discover unlicensed software installations?
- 5How does License Manager integrate with Organizations to provide org-wide license compliance reporting?
- 6What is the risk of Oracle Database licensing on AWS shared infrastructure?
- 7How would you set up License Manager to prevent launching more than 100 SQL Server instances across your organization?