For those who don’t know the latest attachment discovered you can find more information in these very good articles:
- How an empty S3 bucket can make your AWS bill explode
- The AWS S3 Denial of Wallet amplification attack
Update: AWS updates the pricing after it: Amazon S3 will no longer charge for several HTTP error codes
Requirements
Your account on AWS needs at least the privileges to access to:
- AWS Billings
- AWS CloudWatch
- AWS SNS
Tools installed (Optional, needed only for the short version):
Short Version
You need to create a SNS Topic and get the ARN using this command below:
export SNS_TOPICARN=$(aws sns create-topic --name "billing-topic" \
--region "us-east-1"|jq -r ".TopicArn")
Now, create an email subscriber for that topic, which can be a mailing list or a single address. Repeat this command for each destination email.
Replace [email protected]
with your target email:
aws sns subscribe --topic-arn "${SNS_TOPICARN}" --protocol "email" \
--notification-endpoint "[email protected]" --no-cli-pager --region "us-east-1"
Checkout in your target email and click on the confirmation link received.
Now, create the alarm, in this command below we set the alarm to the 10$
daily based on threshold.
aws cloudwatch put-metric-alarm --alarm-name "Billing_TooHigh" \
--alarm-description "The expected bill is too high" --metric-name "EstimatedCharges" \
--namespace "AWS/Billing" --statistic "Maximum" --period 21600 --evaluation-periods 4 \
--threshold 10.0 --comparison-operator "GreaterThanThreshold" --region "us-east-1" \
--alarm-actions "${SNS_TOPICARN}"
Long Story
First of all, we need to jump over the region Nord Virginia (us-east-1)
. The billing metric is available only there.
Click on the right corner and select the region.
You need to create an SNS topic, that can be configured as multiple channels like:
- SMS.
- E-Mail.
- Android/IoS Notification.
- HTTP/S POST Requests.
- Amazon Data Firehose.
- Amazon SQS.
- AWS Lambda.
More details here: Subscribing to an Amazon SNS topic
In our example, we use the email
as a protocol subscriber.
Create SNS Topic
Search on the left corner SNS
and select the service Simple Notification Service
On the right corner click on Create Topic
OK, now configure like this screenshot below and click on the next
Type: Standard
Name: billing-topic
(or whatever you want)
Display Name: Billing Topic
Now you need to create a subscriber (to simplify you could see it as client
).
On the left click on Subscription
and then on the right corner click on Create Subscription
Use this configuration below:
Topic ARN: Select the billing-topic
Topic
Protocol: Email
Endpoint: Insert your target email, which can be a Mailing list or a specific email.
Click on Create Subscription
Create a Billing Alarm
Search on the left corner CloudWatch
and select the service CloudWatch
Select Alarm
-> Billing
on the left side.
If you don’t see it checkout the Region, you need to stay in
Nord Virginia (us-east-1)
On the right corner, you need to click on the Create Alarm
button.
Click on Select Metric
On the left dropdown select N.Virginia
and click on the Billing
section.
Select Total Estimated Charge
section
Select Estimated Changed
and then Select Metric
Select the option below:
- Statistic:
Maximum
- Period:
6 Hour
- Threshold:
Static
- Alarm Condition:
Greater
- Threshold:
10 USD
(or whatever you want)
And then Next
Select the alarm condition, more specifically:
- Alarm Trigger:
In Alarm
- Send Notification to the Following SNS Topic:
Select Existing SNS Topic
- Send a Notification to select
Billing Topic
and then Next
Insert a name and a description and then Next
And finally, click on Create Alarm
.