Budget Actions Demo
Start course
5h 1m

This section provides detail on the AWS management services relevant to the Solution Architect Associate exam. These services are used to help you audit, monitor and evaluate your AWS infrastructure and resources.  These management services form a core component of running resilient and performant architectures. 

Want more? Try a lab playground or do a Lab Challenge!

Learning Objectives

  • Understand the benefits of using AWS CloudWatch and audit logs to manage your infrastructure
  • Learn how to record and track API requests using AWS CloudTrail
  • Learn what AWS Config is and its components
  • Manage your accounts with AWS Organizations, including single sign-on with AWS SSO
  • Learn how to carry out logging with CloudWatch, CloudTrail, CloudFront, and VPC Flow Logs
  • Understand how to design cost-optimized architectures in AWS
  • Learn about AWS data transformation tools such as AWS Glue and data visualization services like Amazon Athena and QuickSight

While Budget alerts are helpful in terms of providing information and visibility, it’s often not enough to solve the spending problem. Typically, you will need to follow that notification with some action. These actions can be manual, such as sending out angry emails to users of your AWS accounts telling them to shut down unneeded resources. Or you can automate specific actions using Budget Actions. 

There are three types of automated actions you can take once your budget alert is triggered:

  1. The first is IAM policies. With this action, you can choose to change the permissions of users and roles in your account. For example, once the alert is triggered, you may choose to decrease the level of permissions of your users or roles, by changing their policies to “read only policies” until you can figure out what’s going on with the budget. 
  2. The second is through Service Control Policies. This is a similar action that can help you change permissions at the AWS Organizations level or Organizational Unit level instead. For example, say your sandbox accounts have reached 80% of their budget, you can choose to limit the sandbox accounts permissions until resources are shut down. 
  3. And the third is by stopping EC2 and RDS instances by selecting the instances you want to stop once an alert threshold is crossed. 

For each of these actions, you can choose to apply the action automatically or through a manual approval process. If you choose the manual approval workflow, once your alert threshold has been reached, you will receive an email letting you know you have an action waiting for you. You can then login to the console and execute the action. If you choose to apply the action automatically, it will not wait for your approval and the action will be applied immediately. 

So let’s say I’ve already started the process of creating a new budget, and I’ve already created an alert. Now I need to add on an automated response for this alert. To do this, I’ll attach this new action to the alert I’ve already set up by clicking “add action”. 

From there, I’ll select an IAM role with appropriate permissions to run an action. This role uses an AWS-managed policy that has appropriate permissions to stop instances, and change permissions.

And then I can select which action to take. I’m going to choose to stop EC2 instances, as my account is just a sandbox and it’s the fastest way for me to save on cost.  From here, I’ll choose the Region, which is us-east-1, and then I’ll select the instance I want to shut down. 

Next, I can choose if I want this to happen automatically or go through a manual approval workflow. I’m going to choose the manual approval process, as I want to be extra safe and not shut down an instance I might need in the future. 

And then I’ll click create budget. Now we’re finally done, but I’m going to wait some time to see what happens when my budget threshold has been exceeded. 

When my alert is triggered, I get two notifications in my email. The first is a notification telling me that my budget has been exceeded. The second notification lets me know that an action is waiting for me in the console. Now I can go into the console to execute that action. Click on actions that require my approval. Scroll down to the actions section, and click the checkbox. And then click run action. Once I do that, I can go to the EC2 console, and check on my instance to see if it is in the stopped state. 

Looks like it is, so now we know my action worked.


About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.