Budget Guard is an AI-driven AWS cost tracking and accountability system that provides real-time cost anomaly detection, budget tracking, and intelligent cost attribution across thousands of AWS accounts.
Budget Guard uses an event-driven microservices architecture with the following components:
- The Scout - Data collection service that aggregates cost and resource data from all AWS accounts
- The Detective - Anomaly detection service that identifies cost spikes, budget violations, and other anomalies
- The Investigator - Context enrichment service that adds deployment, commit, and CloudTrail context to anomalies
- The Dispatcher - Alert routing service that sends notifications via Slack, PagerDuty, email, and Teams
- DynamoDB Tables: Products, Metrics, Anomalies, Resource Mappings
- S3 + Athena: Time-series cost data from AWS Cost & Usage Reports
- DynamoDB Streams: Event streaming between services
- AWS AppSync: GraphQL API for frontend applications
- Cognito: Authentication and authorization
- Real-time Anomaly Detection: Detects cost spikes, new resources, budget violations, and more
- Intelligent Context: Automatically correlates anomalies with recent deployments and AWS activities
- Multi-Account Support: Monitors costs across thousands of AWS accounts
- Smart Alert Routing: Routes alerts based on severity with suppression for known deployments
- Product Attribution: Maps AWS resources to products and teams automatically
- Acquisition Tracking: Tracks cost reduction targets for acquired products
- COST_SPIKE: >50% increase day-over-day or >$1000 absolute
- NEW_RESOURCE: Expensive resource (>$100/day) not seen before
- MISSING_RESOURCE: Resource disappeared but still incurring costs
- BUDGET_VIOLATION: Exceeding monthly budget threshold
- UNTAGGED_RESOURCE: Missing required tags (Product, Team, Environment)
- ORPHANED_RESOURCE: No Infrastructure as Code reference found
- ACQUISITION_MISS: Not meeting cost reduction targets
- AWS SAM CLI installed
- Python 3.11+
- AWS credentials configured
- Google OAuth credentials (for Cognito)
- Slack webhook URL (optional)
- PagerDuty API token (optional)
aws cloudformation create-stack \
--stack-name budget-guard-iam \
--template-body file://infrastructure/iam-roles.yaml \
--capabilities CAPABILITY_NAMED_IAMDeploy the BudgetGuardRole in each AWS account you want to monitor:
# Get the template from the IAM stack outputs
aws cloudformation describe-stacks \
--stack-name budget-guard-iam \
--query 'Stacks[0].Outputs[?OutputKey==`CrossAccountRoleTemplate`].OutputValue' \
--output text > cross-account-role.json
# Deploy in each monitored account
aws cloudformation create-stack \
--stack-name budget-guard-cross-account \
--template-body file://cross-account-role.json \
--capabilities CAPABILITY_NAMED_IAMaws cloudformation create-stack \
--stack-name budget-guard-cognito \
--template-body file://infrastructure/cognito.yaml \
--parameters \
ParameterKey=GoogleClientId,ParameterValue=YOUR_GOOGLE_CLIENT_ID \
ParameterKey=GoogleClientSecret,ParameterValue=YOUR_GOOGLE_CLIENT_SECRET \
--capabilities CAPABILITY_IAMaws cloudformation create-stack \
--stack-name budget-guard-dynamodb \
--template-body file://infrastructure/dynamodb_tables.yaml# Build the application
sam build
# Deploy (first time)
sam deploy --guided \
--stack-name budget-guard \
--capabilities CAPABILITY_IAM \
--parameter-overrides \
SlackWebhookUrl=YOUR_SLACK_WEBHOOK \
PagerDutyToken=YOUR_PAGERDUTY_TOKEN \
PagerDutyServiceId=YOUR_SERVICE_ID \
GitHubToken=YOUR_GITHUB_TOKEN \
AlertEmail=alerts@yourcompany.com
# Subsequent deployments
sam deployProducts are stored in the DynamoDB Products table. Add a product using the AWS CLI:
aws dynamodb put-item \
--table-name budget-guard-products \
--item '{
"PK": {"S": "PRODUCT#video-platform"},
"SK": {"S": "METADATA"},
"name": {"S": "Video Platform"},
"type": {"S": "ACQUISITION"},
"teamId": {"S": "team-video"},
"monthlyBudget": {"N": "50000"},
"targetReduction": {"N": "0.30"},
"accounts": {"L": [{"S": "123456789012"}, {"S": "987654321098"}]},
"repos": {"L": [{"S": "github.com/company/video-api"}]}
}'Ensure all AWS resources are tagged with:
Product: The product IDTeam: The team IDEnvironment: prod/staging/devComponent: The component name
# Get product details with anomalies
query GetProduct {
product(id: "video-platform") {
name
monthlyBudget
currentMonthSpend
anomalies(status: ACTIVE) {
items {
type
severity
costImpact
detectedAt
}
}
}
}
# Get cost trend
query GetCostTrend {
costTrend(
productId: "video-platform"
groupBy: SERVICE
dateRange: { start: "2024-11-01", end: "2024-11-30" }
) {
timestamp
value
dimension
}
}# Acknowledge an anomaly
mutation AcknowledgeAnomaly {
acknowledgeAnomaly(
id: "anomaly-123"
notes: "Planned scaling for Black Friday"
) {
id
status
acknowledgedBy
}
}The system automatically creates CloudWatch dashboards for:
- Lambda function performance
- DynamoDB read/write capacity
- Anomaly detection rates
- Alert delivery success
All Lambda functions and AppSync API calls are traced with AWS X-Ray for debugging.
Budget Guard itself is designed to be cost-effective:
- DynamoDB on-demand pricing
- Lambda pay-per-invocation
- 90-day data retention with S3 archival
- Efficient batch processing
- All data encrypted at rest and in transit
- IAM roles with least privilege access
- Cognito authentication with MFA support
- Cross-account access via assumed roles
- No credentials stored in code
-
No cost data appearing
- Verify Cost & Usage Reports are enabled
- Check IAM permissions in monitored accounts
- Ensure Scout Lambda is running (check CloudWatch logs)
-
Anomalies not being detected
- Verify DynamoDB streams are enabled
- Check Detective Lambda logs
- Ensure historical data exists (30 days needed)
-
Alerts not being sent
- Verify webhook URLs and tokens
- Check Dispatcher Lambda logs
- Ensure anomalies are enriched (check Investigator logs)
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests
- Submit a pull request
Copyright (c) 2024. All rights reserved.