AWS Cost Explorer and Budgets: A Cloud Cost Management Guide

The most expensive AWS resource is the one you forgot about. Surprise bills do not come from services you are actively monitoring — they come from resources provisioned for a test, a forgotten experiment, or a service that scaled beyond expectations while no one was watching.

AWS provides native cloud cost management tools that, when properly configured, eliminate surprise bills and provide the visibility needed for informed spending decisions. Cost Explorer analyzes where money goes. Budgets alert when spending exceeds thresholds. Cost Anomaly Detection catches unexpected charges before they accumulate. Together, they form the monitoring layer of a cost optimization and FinOps practice.

Cost Explorer: Understanding Your Spend

Cost Explorer is the primary tool for analyzing AWS spending. It provides visualization and filtering across multiple dimensions — service, account, Region, tag, instance type, and usage type.

Essential Views

Monthly spend by service: The first view every AWS account owner should create. This shows which services consume the most spend and how that distribution changes over time.

Filter by: Time (monthly), Group by: Service

Daily spend trend: Identifies spending spikes as they happen instead of at month-end.

Filter by: Time (daily, last 14 days), Group by: Service

Spend by account (multi-account): In an AWS Organization, this view shows per-account costs — essential for cost attribution to teams and products.

Filter by: Time (monthly), Group by: Linked Account

Spend by tag: Shows costs grouped by your cost allocation tags (environment, project, team, application).

Filter by: Time (monthly), Group by: Tag (e.g., Environment)

Cost Explorer Reports

Save frequently used views as reports for quick access:

Right-Sizing Recommendations

Cost Explorer includes right-sizing recommendations for EC2 instances:

• Identifies instances that are consistently underutilized (CPU < 40%, network < 10%)
• Recommends smaller instance types or instance family changes
• Shows estimated monthly savings per recommendation
• Considers 14 days of CloudWatch metrics for accuracy

Limitation: Right-sizing recommendations only cover EC2. For RDS, ElastiCache, OpenSearch, and other services, use AWS Compute Optimizer or manual analysis.

AWS Budgets: Proactive Alerts

Budgets set spending thresholds and alert when actual or forecasted costs exceed them. Unlike Cost Explorer (reactive analysis), Budgets provide proactive notification before costs become problems.

Budget Types

Budget Configuration

Account-level cost budget:

Name: Monthly Total Spend
Amount: $10,000
Period: Monthly
Alert 1: 80% of budget (actual) → Email: finance-team@company.com
Alert 2: 100% of budget (actual) → Email: finance-team@company.com, SNS: ops-alerts
Alert 3: 100% of budget (forecasted) → Email: engineering-leads@company.com

The forecasted alert is critical — it fires when AWS predicts you will exceed the budget, giving you time to act before costs actually breach the threshold.

Per-service budgets:

EC2 Budget: $5,000/month
RDS Budget: $2,000/month
Lambda Budget: $500/month
S3 Budget: $1,000/month

Service-level budgets identify which service is driving a cost increase. An account-level budget tells you that you are over budget; a service-level budget tells you why.

Per-account budgets (multi-account):

Production Account: $8,000/month
Staging Account: $1,500/month
Development Account: $500/month
Sandbox Accounts: $200/month each

Per-account budgets prevent any single account from driving unexpected organization-wide costs.

Budget Actions

Beyond alerts, Budgets can take automated actions when thresholds are exceeded:

Example: Sandbox auto-shutdown When a sandbox account exceeds $200/month, a Budget Action triggers a Lambda function that:

1. Lists all running EC2 instances and RDS databases
2. Stops non-protected resources (those without a do-not-stop tag)
3. Sends a Slack notification to the account owner
4. Applies a restrictive IAM policy preventing new resource launches

This prevents sandbox experimentation from generating unexpected charges.

Cost Anomaly Detection

AWS Cost Anomaly Detection uses machine learning to identify unusual spending patterns — charges that deviate from your historical baseline.

How It Works

1. You create monitors scoped to services, accounts, or cost categories
2. Anomaly Detection learns your spending patterns over 2-4 weeks
3. When spending deviates significantly from the learned pattern, an anomaly is flagged
4. Alerts are sent via SNS or email with details about the anomalous charges

Monitor Configuration

Recommended setup:

1. One monitor for all AWS services (catches everything)
2. Individual monitors for high-spend services (EC2, RDS, Lambda) with lower alert thresholds
3. Per-account monitors for production and development accounts

Alert Thresholds

Configure the minimum dollar impact for alerts:

• $10 — Catches small anomalies (good for development accounts)
• $100 — Catches meaningful anomalies (good for production accounts)
• $1,000 — Catches significant anomalies only (good for high-spend organizations)

Lower thresholds generate more alerts. Start with $100 and adjust based on your organization’s spending patterns and alert tolerance.

Cost Allocation Tags

Tags are the foundation of granular cost attribution. Without tags, you can only analyze costs by service and account. With tags, you can analyze costs by team, project, application, environment, and any other dimension that matters to your organization.

Tag Strategy

Activating Cost Allocation Tags

Tags exist on resources but are not automatically available in Cost Explorer. You must activate them:

1. AWS-generated tags — AWS creates tags like aws:createdBy. Activate these in the Billing console.
2. User-defined tags — Your custom tags. Activate them in the Billing console under Cost Allocation Tags.
3. Wait 24 hours — Activated tags appear in Cost Explorer the next day.

Important: Tags are not retroactive. Once activated, they only apply to future cost data. If you activate tags in July, June cost data will not have tag-based attribution. Start tagging early.

Tag Enforcement

Tags are only useful if they are consistently applied. Enforce tagging with:

AWS Config rules:

• required-tags — Flags resources missing required tags
• Configure auto-remediation to notify resource owners

Service Control Policies:

• Deny resource creation without required tags (for critical tags like Environment and Team)

Infrastructure as Code:

• Define required tags in your Terraform modules or CDK constructs
• Fail CI/CD pipelines that create resources without tags

Tag enforcement in IaC → Config rules catch missed resources → Budget alerts catch spending → Cost Explorer analyzes attribution

Cost Reports and Exports

AWS Cost and Usage Report (CUR) and CUR 2.0

The most detailed cost data available — line-item billing data for every resource:

• Delivered to S3 as CSV or Parquet files
• Updated multiple times daily
• Queryable with Athena for custom analysis
• Input for third-party cost management tools (Vantage, CloudHealth, Spot.io)

Setup: Create a CUR report in the Billing console. Enable Athena integration for SQL-based analysis. Store in a dedicated S3 bucket in your Log Archive or shared services account.

CUR 2.0 (Data Exports) — Migration Required: AWS launched CUR 2.0 (also called Data Exports) as the next-generation billing export. Key differences from legacy CUR:

• Parquet-first schema — Better compression and Athena query performance
• New column names — Some legacy CUR column names changed; existing Athena queries will need updates
• Split line items — Savings Plan and RI discount line items are structured differently
• Legacy CUR sunset — AWS has indicated legacy CUR will eventually be deprecated. New AWS accounts should use Data Exports from the start; existing accounts should plan migration

If you have existing CUR pipelines (Athena queries, Glue crawlers, third-party tools), test your queries against a CUR 2.0 export in a dev environment before migrating production reporting.

CUR + Athena Queries

Top 10 most expensive resources this month:

SELECT line_item_resource_id,
       line_item_product_code,
       SUM(line_item_unblended_cost) AS total_cost
FROM cur_database.cur_table
WHERE month = '7' AND year = '2026'
GROUP BY line_item_resource_id, line_item_product_code
ORDER BY total_cost DESC
LIMIT 10

Daily cost by service for the last 30 days:

SELECT line_item_usage_start_date AS usage_date,
       line_item_product_code AS service,
       SUM(line_item_unblended_cost) AS daily_cost
FROM cur_database.cur_table
WHERE line_item_usage_start_date >= date_add('day', -30, current_date)
GROUP BY line_item_usage_start_date, line_item_product_code
ORDER BY usage_date DESC, daily_cost DESC

Untagged resource costs:

SELECT line_item_product_code AS service,
       SUM(line_item_unblended_cost) AS untagged_cost
FROM cur_database.cur_table
WHERE month = '7'
  AND (resource_tags_user_team IS NULL OR resource_tags_user_team = '')
GROUP BY line_item_product_code
ORDER BY untagged_cost DESC

AWS Cost Optimization Hub: Consolidated Recommendations

The AWS Cost Optimization Hub (generally available since 2023, significantly expanded through 2025) is the single most efficient starting point for cost reduction. It aggregates recommendations from three sources:

• AWS Compute Optimizer — right-sizing recommendations for EC2, EBS, Lambda, ECS, RDS
• AWS Trusted Advisor — idle/underutilized resources, cost savings checks
• Cost Explorer — RI and Savings Plan purchase recommendations

Rather than checking three separate dashboards, Cost Optimization Hub presents all recommendations in one prioritized list with estimated annual savings for each.

Key Features

Cost Efficiency Score: A single percentage (0–100%) that benchmarks your environment against AWS best practices. Use it as your top-of-funnel KPI for FinOps. A score of 60% means approximately 40% of your eligible spend has actionable recommendations.

Filtering and status tracking: Mark recommendations as planned, in-progress, or completed. Filter by service, account, or region. Track how much savings your team has captured over time.

Action: Review Cost Optimization Hub monthly as part of your cost review cadence. Export recommendations to a spreadsheet or Jira at the start of each quarter and assign owners.

Savings Plans and Reserved Instances Monitoring

Coverage vs Utilization

Two metrics determine whether your commitment discounts are working:

Coverage — What percentage of your eligible usage is covered by Savings Plans or Reserved Instances? Low coverage means you are paying on-demand prices for usage that could be discounted.

Utilization — What percentage of your purchased Savings Plans or Reserved Instances is being used? Low utilization means you are paying for commitments that are not being consumed.

Monitoring Commitments

Set up Savings Plan and RI budgets to track utilization:

Savings Plan Utilization Budget:
  Threshold: Below 80% utilization
  Alert: Email finance team
  Action: Review commitment sizing

Cost Explorer’s RI and SP reports show:

• Current coverage and utilization percentages
• Amortized vs unblended cost comparison
• Recommendations for new purchases based on usage patterns
• Expiring commitments that need renewal

Building a Cost Monitoring Practice

Weekly Cost Review

A 15-minute weekly review prevents cost surprises:

1. Check Cost Explorer daily trend — Any unusual spikes in the last 7 days?
2. Review anomaly alerts — Any flagged anomalies that were not investigated?
3. Check budget status — Any budgets approaching thresholds?
4. Review right-sizing recommendations — Any easy wins to implement?
5. Check commitment utilization — Are RIs and SPs being used?

Monthly Cost Report

A structured monthly report for stakeholders:

• Total spend vs budget (over/under by how much)
• Spend by service (top 5 services and month-over-month change)
• Spend by team/account (cost attribution)
• Savings achieved (right-sizing, commitment discounts, waste removal)
• Action items for next month

Quarterly Optimization Sprint

Dedicate time each quarter for deeper cost optimization:

• Review and adjust Reserved Instance and Savings Plan commitments
• Implement accumulated right-sizing recommendations
• Clean up unused resources (unattached EBS volumes, idle load balancers, unused Elastic IPs)
• Review data transfer costs and architecture for optimization opportunities
• Update tagging strategy and enforce compliance

Common Mistakes

Mistake 1: No Budget Alerts

The simplest and most impactful cost control — a budget alert that fires when spending exceeds expected levels. Without alerts, the first indication of a cost problem is the monthly bill, by which point the damage is done. Set up budget alerts on day one of every AWS account.

Mistake 2: Monitoring Total Cost Only

A total cost budget of $10,000/month tells you when you are over budget. It does not tell you why. Combine account-level budgets with service-level and tag-based budgets for actionable attribution.

Mistake 3: Inconsistent Tagging

If 40% of your resources are untagged, 40% of your costs cannot be attributed to teams or projects. Tag enforcement through SCPs, Config rules, and IaC is the prerequisite for meaningful cost attribution.

Mistake 4: Ignoring Forecasted Alerts

Budget alerts based on actual spend fire after you have already spent the money. Forecasted alerts fire when AWS predicts you will exceed your budget — giving you time to investigate and act. Always configure both actual and forecasted alerts.

Getting Started

Cost monitoring is not a tool configuration exercise — it is a practice. The tools (Cost Explorer, Budgets, Anomaly Detection) are straightforward to set up. The practice (weekly reviews, monthly reports, quarterly optimization) is what turns visibility into savings.

For a comprehensive cost optimization assessment, including monitoring setup, tag strategy, commitment planning, and ongoing cost management through our managed services, talk to our team.

Contact us to optimize your AWS costs →