AWS has recently made available the preview of AWS Cost Anomaly Detection, a new service to detect unusual spending patterns across AWS accounts. The goal is to improve cost controls and minimize unintended spend.
AWS Cost Anomaly Detection uses a machine learning model to learn spending patterns and adjust thresholds according to usage changes over time. The service targets both one-time cost spikes and gradual cost increases. For every spending anomaly in the Anomaly Detection dashboard, there are three main options: root cause analysis, view in Cost Explorer and submit assessment. This allows the user to analyze and determine the root cause of the anomaly, such as account, service, region, or the usage type that is driving the cost increase.
AWS Cost Anomaly Detection currently supports four different monitor types: AWS services, the only one that monitors services individually for anomalies, linked/member account, cost allocation tag and cost categories.
Analyzing spikes in costs that are not main contributors to the total cloud bill, Jesse DeRose, Cloud economist at The Duckbill Group, explains the benefits of AWS Cost Anomaly Detection:
The existing solutions for this problem require a lot of hands-on work to build a solution. You either need to know what your baseline spend is in the case of AWS Budgets, or you need to perform some kind of manual analysis via custom spreadsheets or business intelligence tools. But AWS Cost Anomaly Detection kind of gets rid of a lot of those things. It allows you to look at anomalous spend as a first-class citizen within AWS.
A step by step article on how to create a monitor and configure alerts is now available. User ydio on Reddit questions the benefits for small cloud deployments and the need of configuring notifications:
This appears to be suited for large environments tracking large amounts of spend. Unfortunately, this still will not stop kids from racking up a multi-thousand dollar bill and crying to AWS about it. If new users aren't setting up billing alerts today, they're not setting up anomaly alerts tomorrow.
Oliver Ewert, technical security consultant, highlights the advantage of detecting cost anomalies as a proxy for security alerts and issues:
Sometimes cost is the best way to identify misconfigurations, security issues or (most scarily) a compromised system. AWS Cost Anomaly Detection makes it more likely you'll find these issues before your finance team does. Did I mention it's free?
The new service is part of AWS Cost Management, and it is currently in preview and free to use; the user is charged only for the SNS notifications generated.