Back to Course

Introduction to AWS Security

0% Complete
0/0 Steps
  1. Introduction

    About the course and authors
  2. AWS cloud architecture
  3. Security concerns with our architecture
  4. Regions and Availability Zones (AZs)
  5. Shared responsibility in the cloud
  6. [LAB] Create a billing alert to avoid surprise bills
  7. Infrastructure Security
    VPC networks
  8. Default VPCs
  9. [DEMO] Creating VPCs and Subnets
  10. How many VPCs should you use?
  11. [DEMO] Subnet, Route Table, and Gateway Configurations
  12. [LAB] [Challenge] Create a VPC with public and private subnets
  13. [DEMO] Security Groups (SGs)
  14. Security Groups Best Practices
  15. [DEMO] Network Access Control Lists (NACLs)
  16. [Cheat Sheet] SGs vs. NACLs
  17. [LAB] [Challenge] Configure security groups and NACLs to specific requirements
  18. Elastic Load Balancers
  19. [DEMO] AWS WAF
  20. [LAB] [Challenge] Deploy AWS WAF ACL for Application Load Balancer
  21. [DEMO] AWS Network Firewall - Part 1
  22. [DEMO] AWS Network Firewall - Part 2
  23. AWS Shield for DDoS Protection
  24. AWS Firewall Manager
  25. Identity and Access Management (IAM)
    Key Concepts of IAM in AWS
  26. [DEMO] Getting started with IAM in AWS
  27. [DEMO] Creating our first admin user
  28. Assigning permissions with policies
  29. IAM Roles
  30. [DEMO] Creating a role for EC2 instances to access S3 buckets
  31. End-User Management with Amazon Cognito
  32. Data Protection
    Data protection in the cloud
  33. EBS Data Protection and Encryption
  34. Amazon RDS Data Protection and Encryption
  35. Key Management with AWS KMS
  36. [DEMO] Creating a Symmetric Encryption KMS Key
  37. Amazon S3 Bucket Protection
    Understanding Bucket Ownership
  38. Managing Access to Buckets
  39. [Cheat Sheet] S3 Bucket Policies vs. ACLs vs. IAM Policies
  40. [LAB] [Challenge] Create an IAM role for secure access to S3 based on a scenario
  41. Using Signed URLs
  42. Encrypting S3 Data
  43. [DEMO] Enable S3 Object Versioning
  44. Amazon S3 Protection Summary
  45. Logging and Monitoring
    AWS Log Types and Auditing Options
  46. [DEMO] Enable S3 Server Access Logs
  47. AWS CloudTrail
  48. Amazon CloudWatch
  49. [DEMO] CloudTrail Security Automation with CloudWatch Logs and SNS
  50. Proper Logging and Monitoring
  51. Amazon GuardDuty
  52. [DEMO] Must-have AWS monitoring and alerting with SSK
  53. Wrap-up and Key Takeaways
    What now?
Lesson 6 of 53
In Progress

[LAB] Create a billing alert to avoid surprise bills

Christophe January 30, 2023

Lab Details 👨‍🔬

  • Length of time: < 10 minutes
  • Cost: $0.00
  • Difficulty: Easy

Scenario 🧪

Before you complete any of our labs in this course, we highly recommend that you spend a few minutes going through this lab because it will teach you how to configure billing monitoring and alerting to notify you if your AWS bill ever exceeds what you expect to pay.

Some of our labs are free, while others can cost some amount of money. This will be clearly noted in each lab before you start so that there are no surprises and you can choose to skip the labs that cost money if you want.

With that said, sometimes, resources can continue to cost you money if you forget to turn them off or delete them, in which case you could end up with a surprise bill. These are the scary stories you’ve heard about on social media in regards to the cloud. This lab is designed specifically to help prevent that.

For example, if you are OK with spending up to $5.00 on labs for this course, then you could set an alert that notifies you when you reach $5.00, or when you get close to that (say $4.00) that way you can investigate and see if something was left running before you exceed $5.00. This is just an example number, and you can select whatever dollar value you’re comfortable with.

Let’s get started by following the below steps.

Enable billing alerts

  1. Log into your AWS account
  2. Pull up the billing dashboard (you can search for “billing”)
  3. Click on Billing Preferences in the left-bar menu
  4. Enable “Receive Billing Alerts”
  5. Click on “Save Preferences”

Creating an alarm

  1. Search for the service “CloudWatch” and click on it
  2. Make sure your region is set to “N. Virginia” (billing metrics are stored in this region, so this is necessary)
  3. Click on “All alarms” in the left-bar menu
  4. Click on “Create alarm”
  5. Click on “Select metric”
  6. You should see a “Billing” option under “Metrics” but if you don’t, you can search for it in the search bar below “Metrics”
  7. Select “Total Estimated Charge”
  8. Select the row with the metric name “EstimatedCharges” and then click on “Select metric” in the bottom right
  9. Choose “Maximum” for the “Statistic” option if it’s not already
  10. You can keep the “Period” at “6 hours”
  11. For the “Threshold type” under “Conditions” you will want to select “Static”
  12. For the “Whenever EstimatedCharges is…” option, you can select whatever you’d like between Greater and Greater/Equal
    1. If you want to get notified when charges reach or exceed $5.00, then you would select “Greater/Equal”
    2. If you want to get notified when charges exceed $5.00, then you would select “Greater”
  13. Set your dollar value in the “than…” input box
  14. Expand the “Additional configuration” and make sure that you see:
    1. “Datapoints to alarm” “1 out of 1”
    2. “Missing data treatment” set to “Treat missing data as missing”
  15. Click on “Next”
  16. Under notification, make sure it’s set to “In alarm” and “Create new topic” for the SNS topic
  17. You can leave the default topic name if you’d like, then add your preferred email to receive the notification (you can add multiple emails)
  18. Click on “Create Topic”
  19. You should receive an email shortly after from “AWS Notification – Subscription Confirmation” → you will need to click on “Confirm subscription” which is their way of preventing spam.
    1. You should see a page that says “Subscription confirmed!”
    2. (If you don’t have the email yet, wait a few minutes and check you didn’t misspell the email or check your spam folder)
  20. Back to the AWS console, you can click on “Next”
  21. You can now name it something like “Billing threshold alarm” and you don’t have to put in a description
  22. Review your settings to make sure they look right, then “Create alarm”

You will now see your brand-new alarm. Initially, it will say that the state is “insufficient data” but give it a minute or two, and it will change to “OK.” If you don’t see it after a couple of minutes, you can refresh the page.

Now that you have a billing alert, you will get notified based on the dollar value you set, and based on whether you set it to greater or greater than/equal to.

Reviewing your costs

Of course, you don’t have to wait for an alarm to come through to check on how much you’re spending in AWS. You can go back to the Billing dashboard and you will see a summary on the main dashboard. It will show you:

  • Current month’s total forecast
  • Current MTD (Month-to-date) balance
  • Prior month for the same period with trend

You can also see additional breakdowns further down on this page, or in the “Cost explorer.” Feel free to check that out if you’re interested, but otherwise, let’s complete this lab!

If you have any issues with this lab, please comment below and we’ll take a look!


Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. Hello, I am stacked at step 6, search for bill indicates:
    Your search – billing – did not match any metrics.
    Tags such as EC2 instance name tags are not supported in metric search.
    Make sure that all words are spelled correctly.
    Try different keywords.
    Try fewer keywords.

    1. It can sometimes take a few minutes for metrics to show up after having created them, so that might be why. If you check again now and still don’t see it, try to go back through the steps from the start, and let me know if the issue persists!