1117 words
6 minutes
Automating AWS Cost Optimization with CloudWatch Anomaly Detection and AWS Budgets Actions
2025-05-22
IT
AWS
/
CloudWatch
/
Budgets
/
Automation
/
CostOptimization

Introduction#

Managing cloud costs effectively is a critical aspect of any successful AWS deployment. While AWS offers a wide range of tools for cost monitoring and management, proactively identifying and responding to unexpected cost increases is often a challenge. This article explores how to combine the power of CloudWatch Anomaly Detection with AWS Budgets Actions to create an automated cost optimization solution. This approach allows you to detect unusual spending patterns early and automatically trigger actions to mitigate potential cost overruns, ensuring your AWS environment remains within budget.

Understanding the Building Blocks#

Before diving into the implementation, let’s understand the key components involved:

  • AWS CloudWatch Anomaly Detection: This feature uses machine learning algorithms to automatically learn the typical behavior of your metrics and identify anomalies. You can apply anomaly detection to various cost-related metrics, such as estimated charges, service usage, or resource consumption. When an anomaly is detected, CloudWatch generates an alarm, providing an early warning of unusual spending.

  • AWS Budgets: AWS Budgets allows you to set custom budgets to track your AWS costs and usage. You can define budgets for specific accounts, services, or cost categories. Budgets can also trigger notifications when your actual or forecasted costs exceed a defined threshold.

  • AWS Budgets Actions: This feature expands upon the notification capabilities of AWS Budgets by enabling you to automatically execute actions in response to budget breaches. These actions can include stopping EC2 instances, modifying IAM policies, or running Lambda functions to perform custom remediation tasks.

Implementing Automated Cost Optimization#

Here’s a step-by-step guide to implementing automated cost optimization using CloudWatch Anomaly Detection and AWS Budgets Actions:

1. Create a CloudWatch Anomaly Detection Model:

First, you need to create a CloudWatch Anomaly Detection model for the cost-related metric you want to monitor. For example, let’s monitor the estimated charges for your entire AWS account.

  • Navigate to the CloudWatch console.
  • Select “Anomaly Detection” from the left-hand navigation pane.
  • Click “Create anomaly detection model.”
  • Choose the metric you want to monitor. In this case, select “AWS/Billing” as the namespace and “EstimatedCharges” as the metric name. Specify the currency as “USD”.
  • Configure the model parameters, such as the evaluation interval and the history data to use for training.
  • Set the anomaly detection band. This defines the sensitivity of the anomaly detection model. A wider band will result in fewer alarms, while a narrower band will result in more alarms.
  • Create an alarm that triggers when an anomaly is detected. You can configure the alarm to send a notification to an SNS topic.

Example CloudFormation snippet for creating a CloudWatch Anomaly Detection alarm:

Resources:
  BillingAnomalyAlarm:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmName: BillingAnomalyAlarm
      AlarmDescription: "Alarm triggered when billing anomaly is detected"
      MetricName: EstimatedCharges
      Namespace: AWS/Billing
      Statistic: Sum
      Period: 3600 # 1 hour
      EvaluationPeriods: 1
      ThresholdMetricId: e1
      ComparisonOperator: GreaterThanThreshold
      TreatMissingData: notBreaching
      Metrics:
        - Id: e1
          Expression: ANOMALY_DETECTION_BAND(m1, 2)
          Label: Anomaly Detection Band
          ReturnData: true
        - Id: m1
          MetricStat:
            Metric:
              MetricName: EstimatedCharges
              Namespace: AWS/Billing
            Period: 3600
            Stat: Sum
          ReturnData: false
      AlarmActions:
        - !Ref SNSTopic

2. Create an AWS Budget:

Next, create an AWS Budget to track your overall spending.

  • Navigate to the AWS Budgets console.
  • Click “Create budget.”
  • Choose the budget type. You can select “Cost budget” to track your overall spending or “Usage budget” to track your resource consumption.
  • Configure the budget scope. You can define the budget for your entire AWS account or for specific accounts, services, or cost categories.
  • Set the budget amount. This is the maximum amount you are willing to spend.
  • Configure the budget notifications. You can configure the budget to send notifications when your actual or forecasted costs exceed a defined threshold.

3. Create an AWS Budgets Action:

Now, create an AWS Budgets Action to automatically respond to budget breaches.

  • While creating or editing your budget, navigate to the “Define actions” section.
  • Click “Add action.”
  • Choose the action type. You can select from several action types, including:
    • Stop EC2 instances: This action stops EC2 instances that are contributing to the cost overrun.
    • Modify IAM policies: This action modifies IAM policies to restrict access to resources that are contributing to the cost overrun.
    • Run SSM automation documents: This action executes SSM Automation documents to perform more complex remediation tasks.
    • Run Lambda functions: This action invokes a Lambda function to perform custom remediation tasks.
  • Configure the action parameters, such as the EC2 instance IDs to stop, the IAM policy to modify, or the Lambda function to invoke.
  • Define the action execution policy. You can choose to automatically execute the action when the budget threshold is exceeded or require manual approval.

Example of a Lambda function to automatically stop EC2 instances based on tags:

import boto3

def lambda_handler(event, context):
    ec2 = boto3.client('ec2')
    # Define the tag key and value to identify instances to stop
    tag_key = 'CostOptimization'
    tag_value = 'StopOnBudgetBreach'

    # Find instances with the specified tag
    filters = [
        {
            'Name': 'tag:' + tag_key,
            'Values': [tag_value]
        },
        {
            'Name': 'instance-state-name',
            'Values': ['running']
        }
    ]
    instances = ec2.describe_instances(Filters=filters)

    instance_ids = []
    for reservation in instances['Reservations']:
        for instance in reservation['Instances']:
            instance_ids.append(instance['InstanceId'])

    # Stop the instances
    if instance_ids:
        print(f"Stopping instances: {instance_ids}")
        try:
            ec2.stop_instances(InstanceIds=instance_ids)
            return {
                'statusCode': 200,
                'body': f'Successfully stopped instances: {instance_ids}'
            }
        except Exception as e:
            print(f"Error stopping instances: {e}")
            return {
                'statusCode': 500,
                'body': f'Error stopping instances: {e}'
            }
    else:
        print("No instances found with the specified tag.")
        return {
            'statusCode': 200,
            'body': 'No instances found with the specified tag.'
        }

4. Integrate CloudWatch Alarm with Budgets Action:

To connect the CloudWatch Anomaly Detection alarm with the AWS Budgets Action, you can configure the alarm to invoke a Lambda function. This Lambda function can then trigger the Budgets Action. Alternatively, you can configure the SNS topic associated with the CloudWatch alarm to send a message to an SQS queue. The Budgets Action can then be configured to poll this SQS queue and trigger the action when a message is received.

This integration ensures that when CloudWatch detects an anomaly in your billing, the alarm triggers, which in turn activates the Lambda function or sends a message to the SQS queue, ultimately leading to the execution of the pre-defined Budgets Action to mitigate the cost overrun.

5. Testing and Monitoring:

After implementing the solution, it’s crucial to test and monitor its effectiveness.

  • Simulate a cost overrun by increasing resource consumption or deploying new resources.
  • Verify that the CloudWatch Anomaly Detection alarm is triggered.
  • Confirm that the AWS Budgets Action is executed and that the appropriate remediation tasks are performed.
  • Monitor the overall cost trends to ensure that the solution is effectively preventing cost overruns.

Benefits of Automated Cost Optimization#

Automating cost optimization using CloudWatch Anomaly Detection and AWS Budgets Actions offers several benefits:

  • Proactive cost management: Detect and respond to cost overruns before they significantly impact your budget.
  • Reduced manual effort: Automate remediation tasks, freeing up your team to focus on other priorities.
  • Improved cost visibility: Gain better insights into your cost trends and identify areas for optimization.
  • Enhanced cost control: Enforce cost policies and prevent unexpected spending.
  • Faster response times: Automatically respond to cost anomalies, minimizing the impact of over
Automating AWS Cost Optimization with CloudWatch Anomaly Detection and AWS Budgets Actions
https://en.dymripper.com/posts/2025-05-22-automating-aws-cost-optimization-with-cloudwatch-anomaly-detection-and-aws-budgets-actions/
Author
DYMripper
Published at
2025-05-22
Automating Server Hardening with Chef InSpec and Ansible
Automating Multi-Cloud Network Segmentation with Terraform and Consul