How to catch cloud spending anomalies before they spike

Monitoring for cloud spending anomalies helps you identify cost issues that budgets miss. For example, if your monthly cloud spending suddenly doubles from $2,000 to $4,000 but remains under your $5,000 budget, a budget alert would not trigger. However, anomaly detection would flag this unusual increase for investigation. Anomaly detection helps you catch issues like misconfigured autoscaling, forgotten resources, or unauthorized usage before they significantly impact costs.

Most cloud providers offer machine learning-based anomaly detection that learns your normal usage patterns and alerts you when spending deviates from the baseline. You can configure anomaly detection with AWS Cost Anomaly Detection and Azure Cost Management using Terraform.

Why monitor for spending anomalies

Monitoring for cloud spending anomalies addresses the following operational challenges:

Catch cost spikes that budgets miss: A budget alert only fires when spending crosses an absolute threshold. Anomaly detection flags unusual patterns regardless of the absolute amount. A sudden doubling of spending within budget limits is just as worth investigating as an overage.

Reduce time to detection for infrastructure issues: Misconfigured autoscaling, forgotten dev environments, or runaway data transfer costs can silently accumulate for days before a billing review catches them. Automated anomaly detection gives you near-real-time visibility into spending changes as they happen.

Identify unauthorized or unexpected usage: Unusual spending patterns can indicate unauthorized resource creation or a compromised account. Anomaly detection provides an early signal that warrants investigation before costs escalate further.

Automate cost governance across teams: Manual spending reviews are inconsistent and reactive. Continuous anomaly detection creates a proactive baseline so teams spend less time reviewing dashboards and more time responding to genuine issues.

Set up anomaly detection in AWS

The following is an example Terraform configuration that sets up cost anomaly detection with email alerts in AWS. This configuration detects the EC2 spending scenario described in the introduction.

resource "aws_ce_anomaly_monitor" "test" {
  name              = "AWSServiceMonitor"
  monitor_type      = "DIMENSIONAL"
  monitor_dimension = "SERVICE"
}

resource "aws_ce_anomaly_subscription" "test" {
  name      = "DAILYSUBSCRIPTION"
  frequency = "DAILY"

  monitor_arn_list = [
    aws_ce_anomaly_monitor.test.arn
  ]

  subscriber {
    type    = "EMAIL"
    address = "cloud-costs@example.com"
  }

  threshold_expression {
    dimension {
      key           = "ANOMALY_TOTAL_IMPACT_ABSOLUTE"
      match_options = ["GREATER_THAN_OR_EQUAL"]
      values        = ["100"]
    }
  }
}

The example includes the following key components:

aws_ce_anomaly_monitor: Tracks spending patterns across all AWS services including EC2, S3, and Lambda.
frequency = "DAILY": Sends a daily summary of detected anomalies.
threshold_expression: Alerts when the anomaly's financial impact meets or exceeds $100.

Running terraform apply creates an anomaly monitor and subscription that delivers a daily digest to cloud-costs@example.com whenever AWS detects spending that deviates from your baseline by $100 or more.

Set up anomaly detection in Azure

The following is an example Terraform configuration that creates a cost anomaly alert in Azure. Azure Cost Management sends an email when it detects unusual spending patterns in the specified subscription.

resource "azurerm_cost_anomaly_alert" "example" {
  name            = "daily-anomaly-alert"
  display_name    = "Daily Cost Anomaly Alert"
  email_subject   = "Cost Anomaly Detected"
  email_addresses = ["cloud-costs@example.com"]
  subscription_id = "/subscriptions/00000000-0000-0000-0000-000000000000"
}

Running terraform apply creates an anomaly alert that monitors the subscription and sends email notifications when Azure Cost Management detects unusual spending.

Note

Google Cloud Platform does not offer a native Terraform resource for spending anomaly detection. Use the Google Cloud Billing console to enable budget alerts and anomaly notifications manually. Refer to the Google Cloud anomaly detection overview for details.

HashiCorp resources

Learn how to create cloud budgets to set spending thresholds alongside anomaly detection for complete cost coverage.
Use HCP Terraform cost estimation to preview cost impact before applying infrastructure changes.
Start learning Terraform with the Get started tutorials.
Read the aws_ce_anomaly_subscription resource documentation for AWS anomaly detection configuration options.
Read the azurerm_cost_anomaly_alert resource documentation for Azure anomaly alert configuration options.

External resources

AWS Cost Anomaly Detection: Getting started with AWS Cost Anomaly Detection
Azure Cost Management: Identify anomalies and unexpected changes in cost
Google Cloud: Anomaly detection overview

Next steps

In this section of Manage cost, you learned how to set up cloud spending anomaly detection using Terraform to catch unusual patterns before they become costly. Manage cost is part of the Optimize systems pillar.

To learn more about managing resources with Terraform, view the following resources: