Your First Alert: Budget

Alerting is one of the 5 A's of Cloud Security. There are countless metrics you can alert on in AWS, but the most important is the budget.

Most developers I speak to don't equate spend to security, but an unusual budget event is a big red flag for your AWS environment.

In a pay-as-you-go model like AWS, increased activity generally results in increased cost.

The upside of AWS is you ONLY pay for your usage.
The downside of AWS is you pay for ALL your usage.

The most damaging cause of unexpected activity in your account is compromised access keys that allows an attacker to use your account for their own purposes, like mining Bitcoin, or accessing potentially expense GenAI services. Denial-of-wallet attacks against your public-facing infrastructure will also show up in your billing statement.

Some fluctuation in your AWS bill is to be expected, but any big changes deserve to be investigated. I have seen development teams have no idea why their bill is the amount it is - This is crazy! In AWS, a technical decision is a buying decision.

Staying on top of your budget is applicable no matter what size of AWS usage - you should do this when you create your first AWS account, or your 101st.

Set up a Budget Alert

Don't overthink it, just set it up in the console for now. Infrastructure as Code (IaC) is great, and you should use it, but since this only needs to be created in your organization management account there's not a lot of ROI for automation in the early days of your AWS journey.

Steps

  1. Sign in to the AWS Management Console and navigate to the Billing Dashboard
  2. Select "Budgets" from the left navigation panel
  3. Click the "Create budget" button
  4. Choose "Use a template (simplified)" for a quicker setup
  5. Select "Monthly cost budget" template
  6. Enter your budget amount and threshold percentage (typically 80% and 100%)
  7. Add email recipients who should receive alerts
  8. Review your settings and click "Create budget"
  9. Verify the budget appears in your Budgets dashboard

When I doubt, or if you want to use more advanced settings, there's plenty of documentation available from AWS, but don't let that stop you from setting up something today.

Using a budget template (simplified) - AWS Cost Management
Learn how to create a budget using a simplified template in a single page workflow.
AWS Budgets Tutorial: Setup Billing Alerts - AWS
Learn to create AWS budgets and alerts to monitor and control your cloud spending.

Remember

  • Budgets are easy to come back and change later. There isn't much risk to do it, compared changing application code or stateful resources like databases.
  • Don't try to get it 💯 right first go. Just set up whatever you think is reasonable up to start with. It's better to get a false alert and fix it, than to get nothing at all.
  • There is a delay in AWS budget data. The final amount can change, even after the billing period. The cloud is eventually consistent.
  • Experiment with the projected spend calculations. Your results will vary depending on your usage and historical data.
  • Set up an alert even if you have credits. You really don't want to burn through them and then be surprised when it comes time to pay with your own money. Unfortunately I've seen this happen many times.

Set up your first AWS budget alert today—it takes less than 10 minutes and could save you thousands of dollars in unexpected charges. If you need help interpreting unusual spending patterns or want a security review of your AWS environment, reach out to me for a free 15-minute consultation.