AWS – Billing alerts

How to enable Remote Desktop on Windows Server 2019

One of the main attractions of using AWS is its pay-as-you-go model. You only pay for what you use, no more and no less. Unfortunately, this can sometimes result in what’s known as bill shock at the end of the month. This happens when you do something that you might not know is a charged service, or you do not know how much is charged for it, and you don’t find out until it’s too late. Especially when getting started, users may not fully appreciate the cost of the activities they’re undertaking.

Creating a budget and setting up alerts that get sent when you exceed that budget is good practice for all AWS accounts. For a development account, where you are only testing things out for short periods of time, you may never expect to exceed the free tier, so you can set a $1 budget and get alerted if charges exceed that amount, and then quickly find and remove any resources that you forgot about.

While you can create budgets via the AWS CLI tool, it is useful to know how the Billing dashboard works for administration purposes, so we will use the AWS console for this recipe.

Getting ready

By default, IAM users do not have access to the Billing section of the AWS console. Follow these steps in order to delegate access to an IAM user so that you can follow best practices and not use the root account unless it is absolutely necessary:

  1. Log in to your AWS account as the root user.
  2. Click the name of your account at the upper right of the console and then click My Account.


  1. Scroll down to IAM User and Role Access to Billing Information, as shown in the following diagram. Click Edit:

The Edit link to activate IAM access is subtle. It is indicated with the yellow arrow here.
  1. Check the box to Activate IAM Access, and then click Update:

Activating access to billing information for IAM users
  1. Go to the IAM dashboard and select the IAM user account (or group) that you wish to delegate for billing access.
  2. Add the following policy:
    "Statement": [
            "Effect": "Allow",
            "Action": [
            "Resource": [

Once these steps have been completed, you can log out of the root account and back in as the IAM user.

How to do it…

  1. Log in as an IAM user who has the rights to create budgets (not as the root user!) and navigate to the My Billing Dashboard via the user menu, which can be accessed by clicking on your name in the top right.
  2. The Billing dashboard displays your up-to-date usage for the month. Click on  Budgets on the left-hand menu.
  3. When you first arrive at the Budgets console, there will be no budgets to display.
    Click on the Create budget button to get started.
  4. Start by filling out the budget details, such as Cost for the measurement type,  Monthly for the period, and the budget amount. Select the Start date (which defaults to the first of the current month) and (optionally) the End date. Leave the End date field blank to create a rolling budget that is reset each month.
  5. Next, enter the notification details. This includes the threshold for notification, which we will set to 80% (of our budget) in forecasted use. For email notifications, simply enter the email addresses you want to receive the notifications. Click Create when you’re finished.
  6. You will be returned to the Budgets section of the Billing dashboard, and you will be able to see your newly created budget.
  7. For each of the budgets you create, you can select it to view its full details.

How it works…

The Billing dashboard is closely tied to the account itself, which is why it is not part of the regular services in the console. Accessing it via the user menu hints at the special access that it requires. Generally, you would configure a budget when you first open a new AWS account so that you don’t get any surprises in your bill at the end of the month.

If you get access denied messages in the Billing dashboard, it is most likely because you are using an IAM user and IAM access has not been enabled. You must use your root account credentials (such as those that you used to create the account) or enable IAM access. IAM access can only be enabled by the root user.

When you first arrive at the Billing section, you will see a high-level summary of your usage and expenses. As I performed this example in a new account, there’s not much to see at this point. The Month-to-Date Spend by Service graph on the right can be particularly useful if you want to find out what the most popular services you use are. This is a great place to start when you’re trying to reduce or optimize your AWS spending. We then navigate to the Budgets section and create a new budget.

Most of the details should be self-explanatory, and obvious for the purposes of budgeting. Your main choice is to decide whether you want to alert users on usage or costs. Cost budgets work against the dollar (or appropriate billing currency) amount you will be charged. Usage budgets work against a selected unit of usage, for example, instance hours or data transfer for EC2. A usage budget can only track one type of usage unit, so you will need to create multiple budgets to track the various units that you might be charged for. This is one reason why we prefer a cost budget, as it takes into account multiple forms of usage.

Specifying email addresses to alert is the simplest way to send any alerts from the budget. For more advanced use cases, you can specify an SNS topic to receive notifications. An example might be if you wanted to receive budget alerts on your phone via an SMS message, or send the alert to a different system automatically (via HTTP/JSON). Once finished, you can view all your budgets on the dashboard. You can repeat the process to create multiple budgets. This means that you can create budgets for forecast usage and actual usage, as well as for different time periods.

Comments are closed.