AWS Cost Anomaly Detection
Start course
5h 1m

This section provides detail on the AWS management services relevant to the Solution Architect Associate exam. These services are used to help you audit, monitor and evaluate your AWS infrastructure and resources.  These management services form a core component of running resilient and performant architectures. 

Want more? Try a lab playground or do a Lab Challenge!

Learning Objectives

  • Understand the benefits of using AWS CloudWatch and audit logs to manage your infrastructure
  • Learn how to record and track API requests using AWS CloudTrail
  • Learn what AWS Config is and its components
  • Manage your accounts with AWS Organizations, including single sign-on with AWS SSO
  • Learn how to carry out logging with CloudWatch, CloudTrail, CloudFront, and VPC Flow Logs
  • Understand how to design cost-optimized architectures in AWS
  • Learn about AWS data transformation tools such as AWS Glue and data visualization services like Amazon Athena and QuickSight

Everyone has a story about an AWS bill -  and usually, it takes hearing just one of these stories for you to become obsessive about tracking your AWS spend. And while AWS budgets help with this paranoia, it’s not a perfect science. 

There may be times when you exceed your budget, but it’s because of business growth. You’re using more and racking up additional costs to better serve your customers - which is a good thing. Or there may be times where you’ve set a budget and you have a spike that’s not normal for your business but it remains under the threshold, so you don’t get alerted…which isn’t a good thing. 

This leads us to two fundamental truths: 

  1. Every business hates surprise spikes in cost and, 
  2. Every business contextualizes these spikes in costs and determines if they are “good” or “bad” based on their own unique spending patterns 

Analyzing these cost spikes used to be a very manual process but now there are tools that can help us automate it, and one of those is called AWS Cost Anomaly Detection. 

This service helps you gain an understanding of what is normal or not normal in terms of spending for your AWS accounts. And any time you have a random spike in spending that is deemed “not normal”, you can not only be alerted of that spike, but you can also investigate why it happened.

Like AWS Budgets, the first step in using Cost Anomaly Detection is to create an alert - which is called a cost monitor in this service. You can choose to evaluate your costs based on AWS service, or by linked accounts, cost allocation tags, or cost categories. 

This choice is dependent on how you track your costs in your cloud environment. Lets use an example - say you’re in an organization that segments cost by project. You can do this in many different ways in AWS.  For example, you may use AWS accounts to segment costs for each project or you may use tags, and tag resources based on a particular project or you may even create your own custom resource groupings using cost categories. Or perhaps you’re more interested in segmenting spend by AWS service, to monitor each service spend individually for your projects instead. So depending on how you filter your spend, you’ll choose the corresponding monitor to match. 

When you create a cost monitor, you have to specify a threshold which will determine when the service sends you a notification. This threshold is defined as the difference between actual spend and your normal spend pattern. For example, let’s say you set your threshold at $25.  And your normal spend is $50. When your daily spend reaches $75, which is $25 past your normal $50 spend, then you’ll be alerted of the anomaly. 

Keep in mind this threshold only defines when to alert you and does not determine what an anomaly looks like for your account. And actually, you don’t have to define that anywhere - the service will define what an anomaly looks like based on your own spending patterns by using machine learning. 

From there, you can choose to get notified as soon as the anomaly is detected, or in a daily or weekly summary. Instead of receiving a notification anytime an anomaly is detected, these daily or weekly summaries will consolidate all anomalies that occurred within that day or that week.

Once the anomaly reaches the threshold that you set, you can choose to get notified through email, SNS, or the AWS Chatbot service. 

However, occasionally, there may also be times where there is an anomaly in your account but it doesn’t reach the threshold you set to be notified. This is where the detection history section of the Cost Anomaly Detection dashboard comes in handy. You can view your entire history of anomalies.

In detection history, you can inspect each anomaly in further detail. When inspecting an anomaly, you can take several actions, for example: 

  • You can view the anomaly in cost explorer to filter out details on a more granular level. 
  • You can view the root cause analysis, which the service identifies as the “best guess” to what may have caused the spike. 
  • And you can also submit assessments of the anomaly to better train the model to better learn your unique patterns of spending. 

In summary, Cost Anomaly Detection helps detect one time cost spikes and continuous cost increases. This service is technically considered a free service, so consider using this in conjunction with AWS budgets. This combination of services will provide you more visibility into your spending patterns and any strange cost spikes, enabling you to better plan for the future. 

About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.