Since I have multiple AWS accounts, one thing that I wanted to do was to monitor all my AWS accounts billing to be notified when there is a sudden unexpected increase in costs. All of my AWS accounts are members of an AWS Organization. Managing multiple AWS accounts can be challenging, especially when it comes to monitoring costs. To proactively address potential cost spikes, we can use AWS Budget Alerts. However I did not want to have to set these up manually in each AWS account.
To streamline this process, we can leverage AWS CloudFormation StackSets. By creating a single StackSet, we can deploy the necessary resources to enable Budget Alerts across all accounts within our AWS Organization. This will also allow us to have Budget Alerts automatically created when a new AWS account is added to the AWS Organization.
For each AWS account, I wanted to create an AWS Budget of $50, with a Budget Alert sent to a SNS topic and then to an email address for when 50% of the Budget has been execed ($25), 100% of the Budget ($50), 200% of the Budget ($100) and 300% of the Budget ($200).
This is a diagram of the planned setup within the AWS account:
To automate the budget alert setup, we’ll use a CloudFormation template. This template defines the AWS Budget, specifies the notification thresholds, and creates an SNS topic to deliver alerts. The template includes a placeholder email address ([email protected]) for the SNS subscription. Important: Replace this placeholder with the email address where you want to receive budget notifications. The complete template is provided below for your reference.
AWSTemplateFormatVersion: '2010-09-09'
Description: 'AWS Budget Alert Stack Set with SNS Notification'
Resources:
SNSTopic:
Type: 'AWS::SNS::Topic'
Properties:
TopicName: 'BudgetAlertsTopic'
KmsMasterKeyId: 'alias/aws/sns' # Using the default AWS-managed KMS key for SNS encryption
Subscription:
- Protocol: 'email'
Endpoint: '[email protected]'
SNSTopicPolicy:
Type: 'AWS::SNS::TopicPolicy'
Properties:
Topics:
- !Ref SNSTopic
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Principal:
Service: 'budgets.amazonaws.com'
Action: 'sns:Publish'
Resource: !Ref SNSTopic
Budget:
Type: 'AWS::Budgets::Budget'
Properties:
Budget:
BudgetName: 'MonthlyBudget'
BudgetLimit:
Amount: 50
Unit: 'USD'
TimeUnit: 'MONTHLY'
BudgetType: 'COST'
NotificationsWithSubscribers:
- Notification:
NotificationType: 'ACTUAL'
ComparisonOperator: 'GREATER_THAN'
Threshold: 50
ThresholdType: 'PERCENTAGE'
Subscribers:
- SubscriptionType: 'SNS'
Address: !Ref SNSTopic
- Notification:
NotificationType: 'ACTUAL'
ComparisonOperator: 'GREATER_THAN'
Threshold: 100
ThresholdType: 'PERCENTAGE'
Subscribers:
- SubscriptionType: 'SNS'
Address: !Ref SNSTopic
- Notification:
NotificationType: 'ACTUAL'
ComparisonOperator: 'GREATER_THAN'
Threshold: 200
ThresholdType: 'PERCENTAGE'
Subscribers:
- SubscriptionType: 'SNS'
Address: !Ref SNSTopic
- Notification:
NotificationType: 'ACTUAL'
ComparisonOperator: 'GREATER_THAN'
Threshold: 300
ThresholdType: 'PERCENTAGE'
Subscribers:
- SubscriptionType: 'SNS'
Address: !Ref SNSTopic
Outputs:
BudgetName:
Description: 'The name of the created budget'
Value: !Ref Budget
SNSTopicARN:
Description: 'The ARN of the SNS topic'
Value: !Ref SNSTopic
With the CloudFormation template ready, let’s deploy it using AWS CloudFormation StackSets to create budgets across your AWS accounts. In the AWS Management Console, navigate to CloudFormation and select “StackSets.” Click on “Create StackSet” to begin. You’ll be presented with a screen similar to the one in the following screenshot. Choose the “Upload a template file” option, upload your template file, and click “Next” to proceed. (See the screenshot below for a visual guide.)
Now, let’s give our StackSet a name! Something like MyBudgetAlerts will do. Pop that in the name field and hit “Next.” (See the screenshot below for a visual guide.)
On the next screen we can keep the Default settings. Click next. (See the screenshot below for a visual guide.)
Now, we’ll configure how our StackSet gets deployed. In the “Add stacks to stack set” section, make sure “Deploy new stacks” is selected. Next, under “Deployment targets,” choose “Deploy to organization.” This will automatically deploy our budget alerts to all the accounts within your AWS Organization (except for the root account, which is usually just for management). For the region, we can stick with us-east-1 for now as we only need to deploy it to a single region. Click “Next” to proceed.
You’ll now land on a review page where you can double-check all the configurations for your StackSet. Once you’ve confirmed everything is correct, go ahead and click “Submit” to launch your budget alerts!
And we’re off! CloudFormation will now work its magic, deploying the StackSet to all the accounts in your AWS organization. You can keep an eye on its progress in the AWS Console. Meanwhile, SNS will send an email to each account’s address (the ones you specified earlier), so make sure to click the confirmation link in each email. Once that’s done, you’ll be all set to receive those budget alerts!
Feel free to grab a copy of the template from my GitHub repo: https://github.com/kdambiec/public-cloudformation-budget-alert-stackset.
Leave a reply