Cost Anomaly Detection in Cloudformation

Question

I'm trying to set up a Cost Anomaly Detection monitor + subscription in Cloudformation.

Creating this via the AWS Console is very easy and user friendly.
I set up a monitor with Linked Account, with a subscription that has a threshold of $100 with daily alert frequency, sending alerts to an e-mail.

Trying to do the above was not as clear when following the documentation and examples at
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ce-anomalymonitor.html

The documentation does not explain what "dimension" or "type" means in this context, and those terms are not used in the AWS Console.

```
Resources:
  AnomalyMonitor100Dollars:
    Type: AWS::CE::AnomalyMonitor
    Properties:
      MonitorName: AnomalyDetected_is_greater_than_100_dollars
      MonitorType: CUSTOM
      MonitorSpecification: !Sub '
        {
          "Dimensions" : {
            "Key" : "LINKED_ACCOUNT",
            "Values" : [ "${AWS::AccountId}" ]
          }
        }'

AnomalySubscription:
    Type: AWS::CE::AnomalySubscription
    Properties:
      SubscriptionName: AnomalyDetected_is_greater_than_100_dollars
      Threshold: 100
      Frequency: DAILY
      MonitorArnList:
        - !Ref AnomalyMonitor100Dollars
      Subscribers:
        [
          {
            "Type": "EMAIL",
            "Address": "xx@example.com"
          }
        ]

```

Using the above, Cloudformation reports the error

> "Linked accounts can only create AWS Services monitor (Service: CostExplorer, Status Code: 400..."

Guessing wildly, adding `'MonitorDimension: SERVICE'` to the monitor gives the error

> "MonitorDimension must be null for Custom monitor (Service: CostExplorer, Status Code: 400..."

Guessing more wildly, trying to change to `'MonitorType: DIMENSIONAL'` gives the error

> "Expression must be null for Dimensional monitor (Service: CostExplorer, Status Code: 400..."

No idea what expression this refers to.

I'm sure this is logical once you know the implementation, but I have no idea how to do this the correct way.

What am I missing?

Accepted Answer

When you create a MonitorDimension of SERVICE, this is the "default" monitor that watches each service. You don't want to specify anything other than what is below.
```
Resources: 
  AnomalyServiceMonitor:
    Type: 'AWS::CE::AnomalyMonitor'
    Properties:
      MonitorName: 'MonitorName'
      MonitorType: 'DIMENSIONAL'
      MonitorDimension: 'SERVICE'
```
In contrast, the other three types of monitors for Linked Accounts, Cost Categories, or Cost Allocation tags would be a CUSTOM type, not a DIMENSIONAL type. The MonitorDimension would not apply for these.

```
Resources:
   CustomAnomalyMonitorWithLinkedAccount:
    Type: 'AWS::CE::AnomalyMonitor'
    Properties:
      MonitorName: "MonitorName"
      MonitorType: "CUSTOM"
      MonitorSpecification: '
            {
              "Dimensions" : {
                "Key" : "LINKED_ACCOUNT",
                "Values" : [ "123456789012", "123456789013" ]
              }
            }'
```
These three require a MonitorSpecification to denote the tags, account numbers, Cost Categories, or whatever combination of dimensions you are trying to monitor. There are examples of each on the page you linked toward the bottom.

Cost Anomaly Detection in Cloudformation

Contenus pertinents