Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Cost Anomaly Detection in Cloudformation

0

I'm trying to set up a Cost Anomaly Detection monitor + subscription in Cloudformation.

Creating this via the AWS Console is very easy and user friendly. I set up a monitor with Linked Account, with a subscription that has a threshold of $100 with daily alert frequency, sending alerts to an e-mail.

Trying to do the above was not as clear when following the documentation and examples at https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ce-anomalymonitor.html

The documentation does not explain what "dimension" or "type" means in this context, and those terms are not used in the AWS Console.

Resources:
  AnomalyMonitor100Dollars:
    Type: AWS::CE::AnomalyMonitor
    Properties:
      MonitorName: AnomalyDetected_is_greater_than_100_dollars
      MonitorType: CUSTOM
      MonitorSpecification: !Sub '
        {
          "Dimensions" : {
            "Key" : "LINKED_ACCOUNT",
            "Values" : [ "${AWS::AccountId}" ]
          }
        }'

  AnomalySubscription:
    Type: AWS::CE::AnomalySubscription
    Properties:
      SubscriptionName: AnomalyDetected_is_greater_than_100_dollars
      Threshold: 100
      Frequency: DAILY
      MonitorArnList:
        - !Ref AnomalyMonitor100Dollars
      Subscribers:
        [
          {
            "Type": "EMAIL",
            "Address": "xx@example.com"
          }
        ]

Using the above, Cloudformation reports the error

"Linked accounts can only create AWS Services monitor (Service: CostExplorer, Status Code: 400..."

Guessing wildly, adding 'MonitorDimension: SERVICE' to the monitor gives the error

"MonitorDimension must be null for Custom monitor (Service: CostExplorer, Status Code: 400..."

Guessing more wildly, trying to change to 'MonitorType: DIMENSIONAL' gives the error

"Expression must be null for Dimensional monitor (Service: CostExplorer, Status Code: 400..."

No idea what expression this refers to.

I'm sure this is logical once you know the implementation, but I have no idea how to do this the correct way.

What am I missing?

Topics
Cloud Financial ManagementManagement & Governance
Tags
AWS CloudFormationAWS Cost Anomaly Detection
Language
English
asked 4 years ago2K views
1 Answer
1
Accepted Answer

When you create a MonitorDimension of SERVICE, this is the "default" monitor that watches each service. You don't want to specify anything other than what is below.

Resources: 
  AnomalyServiceMonitor:
    Type: 'AWS::CE::AnomalyMonitor'
    Properties:
      MonitorName: 'MonitorName'
      MonitorType: 'DIMENSIONAL'
      MonitorDimension: 'SERVICE'

In contrast, the other three types of monitors for Linked Accounts, Cost Categories, or Cost Allocation tags would be a CUSTOM type, not a DIMENSIONAL type. The MonitorDimension would not apply for these.

Resources:
   CustomAnomalyMonitorWithLinkedAccount:
    Type: 'AWS::CE::AnomalyMonitor'
    Properties:
      MonitorName: "MonitorName"
      MonitorType: "CUSTOM"
      MonitorSpecification: '
            {
              "Dimensions" : {
                "Key" : "LINKED_ACCOUNT",
                "Values" : [ "123456789012", "123456789013" ]
              }
            }'

These three require a MonitorSpecification to denote the tags, account numbers, Cost Categories, or whatever combination of dimensions you are trying to monitor. There are examples of each on the page you linked toward the bottom.

AWS
answered 4 years ago
EXPERT
reviewed 2 years ago
  • Philip
    4 years ago

    Thanks for the quick reply, setting just MonitorType: DIMENSIONAL and MonitorDimension: SERVICE worked.

    But where in the documentation is the description what MonitorType: DIMENSIONAL means - how should I have known that was the right answer?

  • JonnyV
    a year ago

    The section described by the statement "When you create a MonitorDimension of SERVICE, this is the "default" monitor that watches each service. You don't want to specify anything other than what is below." does not contain any reference to the the threshold or monitor type. How and where do we do that?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content