Never Miss an AWS CostSpike

Daily Cost Explorer run (~24h lag). Slack when your percentage and dollar thresholds break versus a 7-day baseline. Deterministic rules, not ML or streaming agents, so spikes surface before month-end.

Start Monitoring My AWS AccountSign In
Built by AWS DevOps Pro engineer • Monitors real production accounts

No credit card required • Setup in under 5 minutes

What you get in Slack

Every alert is self-contained: totals, baseline, delta, your thresholds, and which services moved when that breakdown is enabled — no guessing, no anomaly score.

Slack · #alerts-aws

🚨 CostSpike Detected

Workspace

production-us-east

Date

2025-03-28

Current cost

$287.40

Baseline (7-day avg)

$182.10

Increase

+$105.30 (+57.8%)

Threshold

30% / $10

Top services (sample)

  • AmazonEC2+$62.10 vs baseline
  • Amazon VPC+$28.40 vs baseline
  • AWSLambda+$14.80 vs baseline

💡 AWS Cost Explorer can lag ~24h — numbers reflect the latest day available in CE.

Example alert · figures are illustrative

Start monitoring in minutes

One read-only IAM role with ExternalId — no org-wide admin, no agents, no ML tuning. Daily checks start as soon as Cost Explorer has enough history.

Minimal permissions

Cost Explorer read-only via a cross-account role. No write access, no data pipelines.

Quick setup

Create the role, paste ARN + ExternalId in CostSpike, set thresholds. Optional CloudFormation template.

Good fit for

  • ·Consultancies and MSPs watching client accounts
  • ·Teams without a full FinOps stack
  • ·Anyone who wants a clear rule, not a black box

Why CostSpike vs AWS Cost Anomaly Detection?

Same Cost Explorer data — you keep the formula, the thresholds, and Slack as the inbox.

Auditable baseline

Mean of account daily UnblendedCost for the seven days before the day you evaluate — excluding that day from the average.

AWS defaults: Cost Anomaly Detection uses statistical models per service; fine for exploration, weaker when you need a formula you can paste in a postmortem.

Dual-threshold gating

Fires only when both % over baseline and minimum USD increase pass — cuts noise on small accounts and tiny "significant" blips.

AWS defaults: Budgets focus on caps and forecasts; they don't implement this two-sided spike test out of the box.

Actionable Slack

Top services with current vs baseline and deltas — same CE slice as the headline numbers, no black-box score.

AWS defaults: Native anomaly mail can be easy to tune out; CostSpike is built around one channel with the math in the message.

Daily rhythm, official data

Scheduled daily run on the latest complete Cost Explorer day — same totals finance sees, weeks before the invoice story.

AWS defaults: Not a substitute for real-time infra metrics — ~24h CE lag means timely billing detection, not second-by-second spend.

Real examples: spikes CostSpike is designed to catch

Five realistic days where account spend jumps versus your recent average — the pattern CostSpike is built to flag early.

Evaluation day — latest complete account day in Cost Explorer (typically ~24h behind wall clock).

Baseline — mean daily UnblendedCost over the seven prior days, excluding the evaluation day so the spike isn't averaged into its own reference.

Alert — only if both % over baseline and USD delta exceed your thresholds (defaults 30% and $10).

Wrong instance size or family left running

Someone upgrades to a larger type for a test and forgets to revert. Your steady ~$150/day account suddenly prints ~$240 for the latest Cost Explorer day.

CostSpike: One clear jump vs the prior week's average — both % and absolute $ pass your thresholds, so you get a Slack alert with context.

AWS defaults: Cost Anomaly Detection relies on statistical models that can be opaque; Budgets need you to set fixed or forecast amounts per scope. Neither gives you this exact baseline formula out of the box.

NAT Gateway, egress, or inter-AZ traffic spike

A misconfigured job, a new integration, or a hotfix doubles network-related spend. The damage shows up as a sharp bump in daily account totals before finance sees the monthly bill.

CostSpike: Account-level daily unblended cost moves together — you get alerted on the spike, then use service breakdown where available to see EC2/VPC/data transfer.

AWS defaults: You can dig in Cost Explorer manually; native anomaly emails are easy to ignore or batch. CostSpike pushes the same class of problem to Slack with an explicit baseline comparison.

Runaway Lambda, ECS tasks, or retries after a deploy

A bug causes millions of invocations or tasks in one day. Spend is still "legitimate" usage — not a billing error — so it won't show up as a support ticket, only on the curve.

CostSpike: That day's cost vs the trailing week is an obvious step change; dual thresholds reduce noise from tiny day-to-day jitter on small accounts.

AWS defaults: ML-based anomalies may adapt to variable workloads over time, which can make behavior harder to reason about than a fixed "vs last week" rule.

One-off storage events (snapshots, cross-region copy, restore)

Operations clones a large volume, enables cross-region replication, or restores from Glacier for DR practice. Billing is correct — but the daily total is nothing like the prior week.

CostSpike: You still want to know immediately; the spike is deterministic relative to your baseline, not a vague "anomaly score."

AWS defaults: You might get a generic anomaly notice or nothing until month-end review, depending on account size and how services are grouped. CostSpike states current cost, baseline, and delta in one place.

Coverage gap: Savings Plan / RI expires and on-demand kicks in

Commitment ends or a workload moves AZs; a chunk of usage bills on-demand. Daily spend steps up and stays there — the first full day already diverges from the week before.

CostSpike: The rolling 7-day baseline (excluding today) still reflects the cheaper pattern, so the first expensive days stand out instead of waiting for a new "normal" to settle inside a black-box model.

AWS defaults: Cost Anomaly Detection and budgets are valuable but solve slightly different problems. CostSpike is deliberately a small, auditable layer: same math every time, your thresholds, Slack when it matters.

AWS Cost Anomaly Detection, Budgets, and Cost Explorer are complementary. CostSpike is for teams that want a predictable rule, Slack-native alerts, and numbers they can reproduce in a spreadsheet.

How it works

Three steps — same visual language end to end

1

Create IAM role

Read-only role with Cost Explorer access. Optional CloudFormation template.

Permissions: Cost Explorer read-only
2

Connect & configure

Add role ARN, ExternalId, and your thresholds. Connect your Slack webhook for notifications.

You need: ARN, ExternalId, webhook (optional)
3

Daily check & Slack

Scheduled once per day against the latest Cost Explorer day. If thresholds breach, CostSpike posts to Slack; detail in the message depends on your workspace settings. Data typically lags ~24h.

Rhythm: Daily job — not real-time streaming
Get started

No credit card required • Setup takes under 5 minutes

What CostSpike is — and what it's not

CostSpike is not

  • ·A full FinOps platform
  • ·A BI reporting tool
  • ·A cost savings optimizer

CostSpike is

A scheduled billing anomaly check plus Slack context: catch unusual daily account spend early and see which services moved when breakdown is available.

Ready to monitor daily AWS spend?

One read-only role, transparent thresholds, Slack when something breaks your baseline — not streaming infrastructure metrics.

No agents·No pipelines·No org-wide IAM
Start monitoring

Minimal access

Single read-only IAM role — Cost Explorer only

ExternalId trust — no org admin

No data ingestion — we query AWS billing APIs on schedule