Why most startups set up AWS cost alerts too late
The typical startup AWS cost alert story goes like this: month one, the bill is $200 and nobody thinks about it. Month three, it is $800 and someone makes a mental note to look into it. Month six, it is $2,400 and there is a Slack thread about 'what happened to our AWS bill.' By then, the waste has been running for months.
AWS provides a free billing alert system through CloudWatch and AWS Budgets. Setting up the right AWS cost alerts takes about 20 minutes and costs nothing. Yet most startups skip it entirely during the early sprint to ship — and pay for that decision every month until someone finally investigates.
Here are the five AWS cost alerts that every startup should configure on day one, in order of importance.
Alert 1: Monthly total spend threshold
The most basic AWS cost alert is a monthly budget threshold. Set it at 80% of your expected monthly spend, and again at 100%. When either threshold is crossed, AWS sends an email immediately.
This sounds obvious, but most startups either skip it or set it once and never update it as their infrastructure grows. A threshold set at $500 when you were a two-person team is useless when you are spending $3,000/month — it fires every month and gets ignored.
How to set it up
- 1Go to AWS Billing > Budgets > Create Budget
- 2Choose 'Cost budget', set the period to Monthly
- 3Set the budgeted amount to your expected monthly spend
- 4Add alert thresholds at 80% (forecasted) and 100% (actual)
- 5Add email recipients — include your whole engineering team, not just one person
The forecasted threshold at 80% is the important one. It fires before you hit the limit, giving you time to investigate and act. The actual threshold at 100% is a confirmation that something went wrong.
Alert 2: Per-service anomaly detection
A total spend alert tells you that something is wrong. Per-service AWS cost alerts tell you where. AWS Cost Anomaly Detection uses machine learning to establish a baseline for each service and alerts you when spend deviates significantly from the expected pattern.
This is the alert that catches the scenarios that kill startup budgets: a misconfigured auto-scaling group that spins up 50 instances overnight, a data transfer spike from a new feature that routes traffic inefficiently, or an RDS instance that was accidentally upgraded to a much larger size. These events cause sudden cost spikes that a monthly budget alert would not catch until the end of the month.
How to set it up
- 1Go to AWS Cost Management > Cost Anomaly Detection
- 2Create a monitor for 'AWS services' to cover all services at once
- 3Set an alert threshold — $50 is a good starting point for early-stage startups
- 4Add an SNS topic or email for notifications
- 5AWS needs 10-14 days of data to establish baselines, so set this up early
Cost Anomaly Detection is free to use. The only cost is the SNS notifications, which are fractions of a cent. There is no reason not to enable this on day one.
Alert 3: EC2 instance count alert
One of the most dangerous AWS cost scenarios for startups is a runaway auto-scaling group. A misconfigured scaling policy, a traffic spike from a bot, or a bug that causes high CPU can trigger scaling events that spin up dozens of instances before anyone notices. By the time the alert fires, you have already incurred hours of charges.
An EC2 instance count alert fires the moment your running instance count exceeds a threshold you define. It does not wait for the bill — it catches the event in real time.
How to set it up
- 1Go to CloudWatch > Alarms > Create Alarm
- 2Choose metric: EC2 > By Auto Scaling Group > GroupTotalInstances (or use EC2 > Per-Instance Metrics > StatusCheckFailed for a simpler count)
- 3Alternatively, use a CloudWatch metric filter on CloudTrail events for 'RunInstances'
- 4Set the threshold to 150% of your normal peak instance count
- 5Route the alarm to an SNS topic that sends SMS or Slack notifications for immediate visibility
For startups without auto-scaling, a simpler version of this alert is a CloudWatch alarm on the number of running instances in your account. If you normally run 5 instances and suddenly have 15, something is wrong.
Alert 4: Idle resource detection
The three alerts above catch acute problems — sudden spikes, runaway scaling, budget overruns. But the most common source of AWS cost waste for startups is chronic: resources that were provisioned for a purpose, served that purpose, and then kept running indefinitely.
A dev RDS instance running for six months after the feature shipped. An EC2 instance stopped but never terminated, billing for EBS and Elastic IPs. A load balancer with no healthy targets. These do not cause spikes — they cause a slow, steady climb in your AWS bill that is easy to rationalize as 'growth' until you actually look at what is running.
What to monitor
- ✓EC2 instances with CPU utilization under 5% for 14+ consecutive days
- ✓RDS instances with zero DatabaseConnections for 7+ days
- ✓EBS volumes in 'available' state (not attached to any instance)
- ✓Load balancers with zero healthy targets or zero RequestCount for 14+ days
- ✓Elastic IPs not associated with a running instance
You can build these CloudWatch alarms manually, but it requires a separate alarm for each resource and each metric — which does not scale as your infrastructure grows. This is the category of AWS cost alerts where a dedicated tool pays for itself immediately.
Driftak automates idle resource detection across all these resource types. It scans your AWS accounts on a schedule, checks actual utilization metrics, and sends escalating alerts through Slack, email, and Telegram when resources go idle. The first alert is a gentle nudge; if nobody acts, it escalates. Problems do not stay hidden.
Alert 5: Data transfer spike alert
Data transfer charges are one of the most surprising hidden AWS costs for startups. Traffic within the same Availability Zone is free. Traffic between AZs costs $0.01/GB each way. Traffic out to the internet costs $0.09/GB. NAT Gateway processing adds $0.045/GB on top of that.
A new feature that routes traffic through a NAT Gateway instead of a VPC endpoint, or a service that starts sending data across AZs, can add hundreds of dollars to your AWS bill before anyone notices. A data transfer spike alert catches this in real time.
How to set it up
- 1Go to CloudWatch > Alarms > Create Alarm
- 2Choose metric: EC2 > Per-Instance Metrics > NetworkOut, or VPC > NatGateway > BytesOutToDestination
- 3Set a threshold based on your normal daily data transfer volume — alert at 3x normal
- 4For NAT Gateway specifically, monitor NatGateway-BytesOutToDestination and alert if it exceeds your expected daily volume
- 5Route to SNS for immediate notification
Data transfer alerts are especially important when shipping new features that involve external API calls, file uploads, or cross-service communication. A single misconfigured service can generate thousands of dollars in data transfer charges in a matter of days.
The alert stack that actually works
These five AWS cost alerts form a layered defense: the monthly budget alert catches slow drift, anomaly detection catches sudden spikes, the instance count alert catches runaway scaling, idle resource detection catches chronic waste, and the data transfer alert catches networking surprises.
Together, they cover the scenarios that cause the most startup budget pain. None of them are expensive to set up. Most are free. The only cost is the 20 minutes it takes to configure them — and the cost of not having them is a surprise AWS bill that derails a sprint or, in the worst cases, a funding conversation.
Set them up today. If you want idle resource detection without building and maintaining CloudWatch alarms for every resource type, Driftak handles that layer automatically. Connect your AWS account in 5 minutes with read-only access and get your first scan results immediately — no agents, no code changes, no ongoing maintenance.