Cost Anomaly Detection
Architecture
Combine budgets with anomaly detection for comprehensive cost monitoring:
- AWS Budgets for threshold-based alerts
- AWS Cost Anomaly Detection for ML-based detection
- SNS Topics for unified notification delivery
- Lambda Functions for automated response actions
When to Use
This pattern is ideal when you need:
- Protection against runaway costs
- Detection of compromised credentials
- Identification of misconfigured resources
- Visibility into unexpected usage patterns
- Compliance with financial controls
Detection Strategies
| Strategy | Description |
|---|---|
| Threshold alerts | Fixed percentage triggers (50%, 75%, 100%) |
| Forecasted spend | Alerts based on projected end-of-period costs |
| Anomaly detection | ML-based detection of unusual patterns |
| Rate of change | Alerts when daily spend increases rapidly |
Implementation Strategy
- Create baseline budgets for normal spending
- Enable AWS Cost Anomaly Detection
- Configure SNS for unified alert delivery
- Set up Lambda for automated investigation
- Create runbooks for common anomaly types
Automated Responses
- Notify on-call teams via PagerDuty
- Post alerts to Slack/Teams channels
- Tag resources for investigation
- Generate incident tickets
- Temporarily restrict provisioning