AWS Cost Management
Budgets
Set custom cost and usage thresholds with SNS alerts when exceeded
AWS Budgets lets you set custom spending and usage thresholds and sends SNS or email alerts when actual or forecasted costs approach or exceed those limits. Unlike Cost Explorer which is reactive analysis, Budgets is proactive guardrail - it tells you before or as you are overspending, not after the bill arrives. For cloud engineers, Budgets is the primary tool for enforcing financial accountability across teams and environments.
Budget Types and What They Track
AWS Budgets supports four distinct budget types, each tracking a different dimension of your AWS consumption:
| Budget Type | What It Tracks | Alert Triggers On |
|---|---|---|
| Cost | Dollar amount spent on AWS services | Actual or forecasted USD spend |
| Usage | Quantity of a specific resource used | Hours, requests, GB transferred etc. |
| Savings Plans utilization | % of Savings Plans commitment being used | Utilization falling below threshold (e.g. < 80%) |
| Savings Plans coverage | % of eligible spend covered by Savings Plans | Coverage dropping below threshold (e.g. < 70%) |
| Reservation utilization | % of Reserved Instance capacity being used | RI utilization dropping (e.g. < 80%) |
| Reservation coverage | % of eligible usage covered by RIs | Coverage dropping below threshold |
Usage budgets are valuable for tracking non-cost metrics like EC2 instance hours, S3 storage GB, or Lambda invocations. This lets you catch runaway usage before it translates to a large bill.
Alert Configuration and Thresholds
Each budget can have up to 10 alert thresholds. Each threshold independently specifies what to measure and when to fire:
| Alert Setting | Options | Notes |
|---|---|---|
| Threshold type | Actual spend or Forecasted spend | Forecasted alerts fire before you hit the limit |
| Threshold value | Absolute dollar amount or percentage of budget | 80% of budget is a common first alert |
| Comparison | Greater than | Alerts fire when threshold is exceeded |
| Notification type | Email, SNS topic | SNS enables automation (Lambda, Slack, PagerDuty) |
| Email recipients | Up to 10 email addresses per alert | Does not require SNS topic |
A common multi-threshold pattern for a $1,000 monthly budget:
| Alert # | Type | Threshold | Action |
|---|---|---|---|
| 1 | Actual | 50% ($500) | Email finance team - informational |
| 2 | Forecasted | 80% ($800) | Email + SNS - engineering team aware |
| 3 | Actual | 90% ($900) | SNS - trigger review meeting |
| 4 | Forecasted | 100% ($1,000) | SNS + page on-call - immediate action |
| 5 | Actual | 100% ($1,000) | SNS - budget breached, incident declared |
Budget Actions - Automated Responses
Budget Actions let you automatically apply IAM or Service Control Policies (SCPs) when a threshold is breached, without manual intervention. This is the feature that turns Budgets from an alerting tool into an enforcement tool.
| Action Type | What It Does | Use Case |
|---|---|---|
| Apply IAM policy | Attaches a deny policy to a role or user | Block a team from launching new resources |
| Apply SCP | Attaches an SCP to an OU or account | Organization-wide enforcement for an account |
| Target EC2/RDS | Stop EC2 instances or RDS instances | Shut down non-production resources automatically |
Actions can be configured to run automatically when the threshold is crossed, or require manual approval (the action is queued and someone must approve it in the console or via API).
Budget Actions that apply SCPs can block all resource creation in an account, including by administrators. Test your IAM/SCP policies carefully in a non-production account before attaching them to a Budget Action. Always ensure you have an emergency break-glass mechanism.
# Example IAM deny policy to attach via Budget Action
# Blocks launching new EC2 instances when budget is exceeded
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"ec2:RunInstances",
"ec2:StartInstances"
],
"Resource": "*"
}
]
}Scoping Budgets with Filters
Budgets support the same filtering dimensions as Cost Explorer. You can scope a budget to any combination of:
| Filter | Example | Typical Use |
|---|---|---|
| Account | Specific linked account IDs | Per-team or per-environment budgets |
| Service | Amazon EC2, Amazon RDS | Service-specific cost control |
| Region | us-east-1, ap-south-1 | Regional cost caps |
| Tag | Environment=production | Cost control by workload or project |
| Usage type | BoxUsage:t3.large | Cap a specific instance type's usage |
| Purchase option | On-Demand only | Alert on unplanned On-Demand spend above commitment |
A common pattern in organizations is to create a budget per team using cost allocation tags, plus a top-level budget on the management account for the total organization. This gives both team-level accountability and an executive-level guardrail.
Budgets Pricing
AWS Budgets pricing is straightforward but has a free tier trap that surprises teams:
| Tier | Price | Notes |
|---|---|---|
| First 2 budgets | Free | Free tier - applies per account, not per organization |
| Additional budgets | $0.02/budget/day (~$0.62/month) | Charged per active budget |
| Budget Actions | $0.10/action/day (~$3/month) | Charged per configured action, not per execution |
| Reports (deprecated) | Separate pricing | Budget Reports feature has its own pricing |
Budget Actions are charged $0.10 per action per day regardless of whether they execute. If you configure 10 actions across 5 budgets, that's $1/day ($30/month) just for the actions sitting idle. Audit your Budget Actions regularly and remove unused ones.
Interview Focus Points
- 1How would you implement a hard budget cap that automatically stops non-production EC2 instances when a team exceeds their monthly budget?
- 2What is the difference between actual and forecasted budget alerts? In what scenario would a forecasted alert fire but the actual alert not fire?
- 3How do Budget Actions differ from just sending an SNS notification and having a Lambda function react to it?
- 4A company has 30 AWS accounts across 5 teams - how would you structure Budgets for cost accountability?
- 5Why might a team's budget alert fire but their actual spend be lower than the threshold by month end?
- 6What are Savings Plans utilization budgets and how are they different from cost budgets?
- 7How does Budget scoping by tags require cost allocation tags to be set up correctly - what breaks if tags are missing?
- 8Walk me through setting up a budget that alerts when EC2 On-Demand spend exceeds $500 in a single account.