AWS Cost Explorer and Budgets: A Cloud Cost Monitoring Guide
Quick summary: A practical guide to AWS cost monitoring — Cost Explorer analysis patterns, budget alerts, anomaly detection, cost allocation tags, and the monitoring practices that prevent surprise bills.
Key Takeaways
- A practical guide to AWS cost monitoring — Cost Explorer analysis patterns, budget alerts, anomaly detection, cost allocation tags, and the monitoring practices that prevent surprise bills
- A practical guide to AWS cost monitoring — Cost Explorer analysis patterns, budget alerts, anomaly detection, cost allocation tags, and the monitoring practices that prevent surprise bills
Table of Contents
The most expensive AWS resource is the one you forgot about. Surprise bills do not come from services you are actively monitoring — they come from resources provisioned for a test, a forgotten experiment, or a service that scaled beyond expectations while no one was watching.
AWS provides native cost monitoring tools that, when properly configured, eliminate surprise bills and provide the visibility needed for informed spending decisions. Cost Explorer analyzes where money goes. Budgets alert when spending exceeds thresholds. Cost Anomaly Detection catches unexpected charges before they accumulate. Together, they form the monitoring layer of a cost optimization practice.
Cost Explorer: Understanding Your Spend
Cost Explorer is the primary tool for analyzing AWS spending. It provides visualization and filtering across multiple dimensions — service, account, Region, tag, instance type, and usage type.
Essential Views
Monthly spend by service: The first view every AWS account owner should create. This shows which services consume the most spend and how that distribution changes over time.
Filter by: Time (monthly), Group by: Service
Daily spend trend: Identifies spending spikes as they happen instead of at month-end.
Filter by: Time (daily, last 14 days), Group by: Service
Spend by account (multi-account): In an AWS Organization, this view shows per-account costs — essential for cost attribution to teams and products.
Filter by: Time (monthly), Group by: Linked Account
Spend by tag: Shows costs grouped by your cost allocation tags (environment, project, team, application).
Filter by: Time (monthly), Group by: Tag (e.g., Environment)
Cost Explorer Reports
Save frequently used views as reports for quick access:
| Report | Filters | Purpose |
|---|---|---|
| Monthly service breakdown | Monthly, group by service | Executive overview |
| Daily EC2 costs | Daily, filter service=EC2 | Compute cost tracking |
| Production vs development | Monthly, group by tag:Environment | Environment cost comparison |
| Per-team attribution | Monthly, group by tag:Team | Team cost accountability |
| RI/SP coverage | Monthly, coverage report | Commitment discount utilization |
Right-Sizing Recommendations
Cost Explorer includes right-sizing recommendations for EC2 instances:
- Identifies instances that are consistently underutilized (CPU < 40%, network < 10%)
- Recommends smaller instance types or instance family changes
- Shows estimated monthly savings per recommendation
- Considers 14 days of CloudWatch metrics for accuracy
Limitation: Right-sizing recommendations only cover EC2. For RDS, ElastiCache, OpenSearch, and other services, use AWS Compute Optimizer or manual analysis.
AWS Budgets: Proactive Alerts
Budgets set spending thresholds and alert when actual or forecasted costs exceed them. Unlike Cost Explorer (reactive analysis), Budgets provide proactive notification before costs become problems.
Budget Types
| Budget Type | Monitors | Use Case |
|---|---|---|
| Cost budget | Dollar amount | Total spend or per-service spend |
| Usage budget | Service usage (hours, requests, GB) | Specific resource consumption |
| Savings Plan budget | SP utilization and coverage | Ensure commitments are being used |
| RI budget | RI utilization and coverage | Ensure reservations are being used |
Budget Configuration
Account-level cost budget:
Name: Monthly Total Spend
Amount: $10,000
Period: Monthly
Alert 1: 80% of budget (actual) → Email: finance-team@company.com
Alert 2: 100% of budget (actual) → Email: finance-team@company.com, SNS: ops-alerts
Alert 3: 100% of budget (forecasted) → Email: engineering-leads@company.comThe forecasted alert is critical — it fires when AWS predicts you will exceed the budget, giving you time to act before costs actually breach the threshold.
Per-service budgets:
EC2 Budget: $5,000/month
RDS Budget: $2,000/month
Lambda Budget: $500/month
S3 Budget: $1,000/monthService-level budgets identify which service is driving a cost increase. An account-level budget tells you that you are over budget; a service-level budget tells you why.
Per-account budgets (multi-account):
Production Account: $8,000/month
Staging Account: $1,500/month
Development Account: $500/month
Sandbox Accounts: $200/month eachPer-account budgets prevent any single account from driving unexpected organization-wide costs.
Budget Actions
Beyond alerts, Budgets can take automated actions when thresholds are exceeded:
| Action | Effect | Use Case |
|---|---|---|
| SNS notification | Alert humans | Primary alert mechanism |
| IAM policy | Restrict actions | Prevent new resource creation in sandbox accounts |
| SCP (via Lambda) | Organization-level restriction | Prevent spending in non-production accounts |
| Lambda function | Custom remediation | Stop non-critical instances, notify Slack |
Example: Sandbox auto-shutdown When a sandbox account exceeds $200/month, a Budget Action triggers a Lambda function that:
- Lists all running EC2 instances and RDS databases
- Stops non-protected resources (those without a
do-not-stoptag) - Sends a Slack notification to the account owner
- Applies a restrictive IAM policy preventing new resource launches
This prevents sandbox experimentation from generating unexpected charges.
Cost Anomaly Detection
AWS Cost Anomaly Detection uses machine learning to identify unusual spending patterns — charges that deviate from your historical baseline.
How It Works
- You create monitors scoped to services, accounts, or cost categories
- Anomaly Detection learns your spending patterns over 2-4 weeks
- When spending deviates significantly from the learned pattern, an anomaly is flagged
- Alerts are sent via SNS or email with details about the anomalous charges
Monitor Configuration
| Monitor Scope | What It Catches | Best For |
|---|---|---|
| AWS services | Unusual spending on any AWS service | Broad coverage, default starting point |
| Linked accounts | Unusual spending in specific accounts | Multi-account organizations |
| Cost categories | Unusual spending in cost categories | Team or project-level monitoring |
| Cost allocation tags | Unusual spending on tagged resources | Application-level monitoring |
Recommended setup:
- One monitor for all AWS services (catches everything)
- Individual monitors for high-spend services (EC2, RDS, Lambda) with lower alert thresholds
- Per-account monitors for production and development accounts
Alert Thresholds
Configure the minimum dollar impact for alerts:
- $10 — Catches small anomalies (good for development accounts)
- $100 — Catches meaningful anomalies (good for production accounts)
- $1,000 — Catches significant anomalies only (good for high-spend organizations)
Lower thresholds generate more alerts. Start with $100 and adjust based on your organization’s spending patterns and alert tolerance.
Cost Allocation Tags
Tags are the foundation of granular cost attribution. Without tags, you can only analyze costs by service and account. With tags, you can analyze costs by team, project, application, environment, and any other dimension that matters to your organization.
Tag Strategy
| Tag Key | Purpose | Example Values |
|---|---|---|
Environment | Separate production from non-production | production, staging, development, sandbox |
Team | Attribute costs to teams | platform, frontend, data, security |
Project | Attribute costs to projects | order-service, analytics-pipeline, marketing-site |
Application | Attribute costs to applications | api, dashboard, worker, scheduler |
CostCenter | Finance department attribution | CC-1001, CC-2050 |
Owner | Individual accountability | alice@company.com |
Activating Cost Allocation Tags
Tags exist on resources but are not automatically available in Cost Explorer. You must activate them:
- AWS-generated tags — AWS creates tags like
aws:createdBy. Activate these in the Billing console. - User-defined tags — Your custom tags. Activate them in the Billing console under Cost Allocation Tags.
- Wait 24 hours — Activated tags appear in Cost Explorer the next day.
Important: Tags are not retroactive. Once activated, they only apply to future cost data. If you activate tags in July, June cost data will not have tag-based attribution. Start tagging early.
Tag Enforcement
Tags are only useful if they are consistently applied. Enforce tagging with:
AWS Config rules:
required-tags— Flags resources missing required tags- Configure auto-remediation to notify resource owners
Service Control Policies:
- Deny resource creation without required tags (for critical tags like Environment and Team)
Infrastructure as Code:
- Define required tags in your Terraform modules or CDK constructs
- Fail CI/CD pipelines that create resources without tags
Tag enforcement in IaC → Config rules catch missed resources → Budget alerts catch spending → Cost Explorer analyzes attributionCost Reports and Exports
AWS Cost and Usage Report (CUR)
The most detailed cost data available — line-item billing data for every resource:
- Delivered to S3 as CSV or Parquet files
- Updated multiple times daily
- Queryable with Athena for custom analysis
- Input for third-party cost management tools (Vantage, CloudHealth, Spot.io)
Setup: Create a CUR report in the Billing console. Enable Athena integration for SQL-based analysis. Store in a dedicated S3 bucket in your Log Archive or shared services account.
CUR + Athena Queries
Top 10 most expensive resources this month:
SELECT line_item_resource_id,
line_item_product_code,
SUM(line_item_unblended_cost) AS total_cost
FROM cur_database.cur_table
WHERE month = '7' AND year = '2026'
GROUP BY line_item_resource_id, line_item_product_code
ORDER BY total_cost DESC
LIMIT 10Daily cost by service for the last 30 days:
SELECT line_item_usage_start_date AS usage_date,
line_item_product_code AS service,
SUM(line_item_unblended_cost) AS daily_cost
FROM cur_database.cur_table
WHERE line_item_usage_start_date >= date_add('day', -30, current_date)
GROUP BY line_item_usage_start_date, line_item_product_code
ORDER BY usage_date DESC, daily_cost DESCUntagged resource costs:
SELECT line_item_product_code AS service,
SUM(line_item_unblended_cost) AS untagged_cost
FROM cur_database.cur_table
WHERE month = '7'
AND (resource_tags_user_team IS NULL OR resource_tags_user_team = '')
GROUP BY line_item_product_code
ORDER BY untagged_cost DESCSavings Plans and Reserved Instances Monitoring
Coverage vs Utilization
Two metrics determine whether your commitment discounts are working:
Coverage — What percentage of your eligible usage is covered by Savings Plans or Reserved Instances? Low coverage means you are paying on-demand prices for usage that could be discounted.
Utilization — What percentage of your purchased Savings Plans or Reserved Instances is being used? Low utilization means you are paying for commitments that are not being consumed.
| Metric | Target | Action If Below Target |
|---|---|---|
| Coverage > 80% | Purchase additional commitments | Analyze uncovered usage for commitment opportunities |
| Utilization > 95% | Right-size or increase usage | Investigate why committed capacity is unused |
Monitoring Commitments
Set up Savings Plan and RI budgets to track utilization:
Savings Plan Utilization Budget:
Threshold: Below 80% utilization
Alert: Email finance team
Action: Review commitment sizingCost Explorer’s RI and SP reports show:
- Current coverage and utilization percentages
- Amortized vs unblended cost comparison
- Recommendations for new purchases based on usage patterns
- Expiring commitments that need renewal
Building a Cost Monitoring Practice
Weekly Cost Review
A 15-minute weekly review prevents cost surprises:
- Check Cost Explorer daily trend — Any unusual spikes in the last 7 days?
- Review anomaly alerts — Any flagged anomalies that were not investigated?
- Check budget status — Any budgets approaching thresholds?
- Review right-sizing recommendations — Any easy wins to implement?
- Check commitment utilization — Are RIs and SPs being used?
Monthly Cost Report
A structured monthly report for stakeholders:
- Total spend vs budget (over/under by how much)
- Spend by service (top 5 services and month-over-month change)
- Spend by team/account (cost attribution)
- Savings achieved (right-sizing, commitment discounts, waste removal)
- Action items for next month
Quarterly Optimization Sprint
Dedicate time each quarter for deeper cost optimization:
- Review and adjust Reserved Instance and Savings Plan commitments
- Implement accumulated right-sizing recommendations
- Clean up unused resources (unattached EBS volumes, idle load balancers, unused Elastic IPs)
- Review data transfer costs and architecture for optimization opportunities
- Update tagging strategy and enforce compliance
Common Mistakes
Mistake 1: No Budget Alerts
The simplest and most impactful cost control — a budget alert that fires when spending exceeds expected levels. Without alerts, the first indication of a cost problem is the monthly bill, by which point the damage is done. Set up budget alerts on day one of every AWS account.
Mistake 2: Monitoring Total Cost Only
A total cost budget of $10,000/month tells you when you are over budget. It does not tell you why. Combine account-level budgets with service-level and tag-based budgets for actionable attribution.
Mistake 3: Inconsistent Tagging
If 40% of your resources are untagged, 40% of your costs cannot be attributed to teams or projects. Tag enforcement through SCPs, Config rules, and IaC is the prerequisite for meaningful cost attribution.
Mistake 4: Ignoring Forecasted Alerts
Budget alerts based on actual spend fire after you have already spent the money. Forecasted alerts fire when AWS predicts you will exceed your budget — giving you time to investigate and act. Always configure both actual and forecasted alerts.
Getting Started
Cost monitoring is not a tool configuration exercise — it is a practice. The tools (Cost Explorer, Budgets, Anomaly Detection) are straightforward to set up. The practice (weekly reviews, monthly reports, quarterly optimization) is what turns visibility into savings.
For a comprehensive cost optimization assessment, including monitoring setup, tag strategy, commitment planning, and ongoing cost management through our managed services, talk to our team.
