Building Security Conscious Video Streaming Infrastructure on AWS, Lesson 4: Monitor Your Spending

Lesson 4: Monitor Your Spending

Welcome to the fourth installment of our series, highlighting lessons learned from actual AWS customers. This series also offers insights into how you can bolster the security of your AWS streaming infrastructure, and guard against financial loses that occur due to user error, or attacks like someone hijacking yous streaming channel and incurring huge charges on your account. For those interested in our previous article, you can find it here: Lesson 3: Prepare for Traffic Surges

It's easy to overlook minor details like hourly compute charges amidst the creative process and you could end up like one of my customers and inadvertently incur tens of thousands of dollars in AWS fees. IN order to prevent this from happening to you and your organization, we are going to set Billing Alarms in the AWS Console to notify you upon reaching your designated spending thresholds.

Let’s start with creating a billing alarm:

Important Before you create a billing alarm, you must set your Region to US East (N. Virginia). Billing metric data is stored in this Region and represents worldwide charges. You also must enable billing alerts for your account or in the management/payer account (if you are using consolidated billing). For more information, see Enabling billing alerts.

In this procedure, you create an alarm that sends a notification when your estimated charges for AWS exceed a defined threshold.

Enabling billing alerts Before you can create an alarm for your estimated charges, you must enable billing alerts, so that you can monitor your estimated AWS charges and create an alarm using billing metric data. After you enable billing alerts, you can't disable data collection, but you can delete any billing alarms that you created. After you enable billing alerts for the first time, it takes about 15 minutes before you can view billing data and set billing alarms.

Let's Get Started:

To enable the monitoring of estimated charges Open the AWS Billing console at https://console.aws.amazon.com/billing/. In the navigation pane, choose Billing Preferences. By Alert preferences choose Edit. Choose Receive CloudWatch Billing Alerts. Choose Save preferences.

Create a billing alarm

To create a billing alarm using the CloudWatch console Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/ In the navigation pane, choose Alarms, and then choose All alarms. Choose Create alarm. Choose Select metric. In Browse, choose Billing, and then choose Total Estimated Charge.

Note If you don't see the Billing/Total Estimated Charge metric, enable billing alerts, and change your Region to US East (N. Virginia). For more information, see Enabling billing alerts.

Select the box for the EstimatedCharges metric, and then choose Select metric.

For Statistic, choose Maximum. For Period, choose 6 hours. For Threshold type, choose Static. For Whenever EstimatedCharges is . . ., choose Greater. For than . . ., define the value that you want to cause your alarm to trigger. For example, 200 USD. The EstimatedCharges metric values are only in US dollars (USD), and the currency conversion is provided by Amazon Services LLC. For more information, see What is AWS Billing?.

Note After you define a threshold value, the preview graph displays your estimated charges for the current month.

Choose Additional Configuration and do the following: For Datapoints to alarm, specify 1 out of 1. For Missing data treatment, choose Treat missing data as missing.

Choose Next.

Under Notification, ensure that In alarm is selected. Then specify an Amazon SNS topic to be notified when your alarm is in the ALARM state. The Amazon SNS topic can include your email address so that you recieve email when the billing amount crosses the threshold that you specified.

You can select an existing Amazon SNS topic, Create a new Amazon SNS topic, or use a topic ARN to notify other account. If you want your alarm to send multiple notifications for the same alarm state or for different alarm states, choose Add notification.

Note: We are going to Create a topic in this example.

Topic is Created

Choose Next.

Under Name and description, enter a name for your alarm. The name must contain only UTF-8 characters, and can't contain ASCII control characters. (Optional) Enter a description of your alarm. The description can include markdown formatting, which is displayed only in the alarm Details tab in the CloudWatch console. The markdown can be useful to add links to runbooks or other internal resources.

Choose Next

Under Preview and create, make sure that your configuration is correct, and then choose Create alarm.

Once you create your alarm, you will see it listed in the console page for CloudWatch-Alarms

Be sure to Subscribe to the SNS topic, or you will see this:

After clicking on the subscription URL from the email sent by SNS, you will see all green:

Conclusion:

There you have it! You have created a billing alarm and if your threshold is exceeded, then you will get a notice. I set the bar at 200-300 USD, but you know what is normal for your organization, so plan accordingly. If your normal month is 10,000 USD in spending, then set your threshold at 9,000, or whatever makes sense to you. This way, you will get a heads up when you are getting close to gong over budget, and this will help avert potential financial disasters. Also, you can set up multiple alarms to let you know that you have approached, and exceeded your budget.

Thanks very much for reading and you can look forward to our last installment: Lesson 5: Trust the Well-Architected Framework