While Budget alerts are helpful in terms of providing information and visibility, it’s often not enough to solve the spending problem. Typically, you will need to follow that notification with some action. These actions can be manual, such as sending out angry emails to users of your AWS accounts telling them to shut down unneeded resources. Or you can automate specific actions using Budget Actions. 

There are three types of automated actions you can take once your budget alert is triggered:

1. The first is IAM policies. With this action, you can choose to change the permissions of users and roles in your account. For example, once the alert is triggered, you may choose to decrease the level of permissions of your users or roles, by changing their policies to “read only policies” until you can figure out what’s going on with the budget. 
2. The second is through Service Control Policies. This is a similar action that can help you change permissions at the AWS Organizations level or Organizational Unit level instead. For example, say your sandbox accounts have reached 80% of their budget, you can choose to limit the sandbox accounts permissions until resources are shut down. 
3. And the third is by stopping EC2 and RDS instances by selecting the instances you want to stop once an alert threshold is crossed. 

For each of these actions, you can choose to apply the action automatically or through a manual approval process. If you choose the manual approval workflow, once your alert threshold has been reached, you will receive an email letting you know you have an action waiting for you. You can then login to the console and execute the action. If you choose to apply the action automatically, it will not wait for your approval and the action will be applied immediately. 

So let’s say I’ve already started the process of creating a new budget, and I’ve already created an alert. Now I need to add on an automated response for this alert. To do this, I’ll attach this new action to the alert I’ve already set up by clicking “add action”. 

From there, I’ll select an IAM role with appropriate permissions to run an action. This role uses an AWS-managed policy that has appropriate permissions to stop instances, and change permissions.

And then I can select which action to take. I’m going to choose to stop EC2 instances, as my account is just a sandbox and it’s the fastest way for me to save on cost.  From here, I’ll choose the Region, which is us-east-1, and then I’ll select the instance I want to shut down. 

Next, I can choose if I want this to happen automatically or go through a manual approval workflow. I’m going to choose the manual approval process, as I want to be extra safe and not shut down an instance I might need in the future. 

And then I’ll click create budget. Now we’re finally done, but I’m going to wait some time to see what happens when my budget threshold has been exceeded. 

When my alert is triggered, I get two notifications in my email. The first is a notification telling me that my budget has been exceeded. The second notification lets me know that an action is waiting for me in the console. Now I can go into the console to execute that action. Click on actions that require my approval. Scroll down to the actions section, and click the checkbox. And then click run action. Once I do that, I can go to the EC2 console, and check on my instance to see if it is in the stopped state. 

Looks like it is, so now we know my action worked.