AWS controls to help manage costs in an AWS environment. Controls include AWS Budgets, Cost Explorer and CloudWatch alarms.

Cost Explorer
Cost Explorer Cost Category Department with two rules

This template creates a Cost Category named 'Department' with two rules. The rules specify that the cost associated with the 'Engineering' department should be linked to the AWS account '111111111111', and the cost associated with the 'Marketing' department should be linked to the AWS account '222222222222'. This Cost Category can be used across products in the AWS Billing and Cost Management console.

CloudFormationTerraform
Cost Explorer Anomaly Subscription with Percentage-Based and Absolute Thresholds (OR condition)

This template creates an anomaly subscription with a combination of percentage-based threshold and absolute threshold using the OR operator. The subscription is configured with a threshold expression, frequency, and a list of subscribers. The monitor ARN list is empty.

CloudFormationTerraform
Cost Explorer Anomaly Subscription with Percentage-Based and Absolute Thresholds (AND condition)

This template creates an anomaly subscription with a combination of percentage-based threshold and absolute threshold using the AND operator. The subscription is configured with a threshold expression, frequency, and a list of subscribers. The monitor ARN list is empty.

CloudFormationTerraform
Cost Explorer Anomaly Subscription Using a Percentage-Based Threshold

This template creates an anomaly subscription with a percentage-based threshold. The subscription is configured with a threshold expression, frequency, and a list of subscribers. The monitor ARN list is empty.

CloudFormationTerraform
Cost Explorer Anomaly Monitoring with Email Notifications

This template creates an anomaly subscription and attaches two anomaly monitors to it. The monitors are specified by their ARNs and the subscription is configured with a threshold, frequency, and a list of subscribers.

CloudFormationTerraform
Cost Explorer Anomaly Monitor with Linked Account

This template creates a custom anomaly monitor with a linked account. The monitor is of type CUSTOM and the monitor specification includes the specified linked account.

CloudFormationTerraform
Cost Explorer Anomaly Monitor with Cost Category

This template creates a custom anomaly monitor with a Cost Category. The monitor is of type CUSTOM and the monitor specification includes the specified Cost Category.

CloudFormationTerraform
Cost Explorer Anomaly Monitor with Tags

This template creates a custom anomaly monitor with tags. The monitor is of type CUSTOM and the monitor specification includes the specified tags.

CloudFormationTerraform
Cost Explorer Service monitor

This template creates a service anomaly monitor. The monitor is of type DIMENSIONAL and is based on the SERVICE dimension.

CloudFormationTerraform
EC2
Allows Starting or Stopping an EC2 Instance and Modifying a Security Group

A policy that allows starting or stopping a specific EC2 instance and modifying a specific security group (Programmatically and in the Console).

CloudFormationTerraformAWS CLI
Allows Launching EC2 Instances in a Specific Subnet, Programmatically and in the Console

A policy that allows listing information for all EC2 objects and launching EC2 instances in a specific subnet. This policy also provides the permissions necessary to complete this action on the console.

CloudFormationTerraformAWS CLI
Allows Managing EC2 Security Groups Associated With a Specific VPC, Programmatically and in the Console

A policy that allows managing Amazon EC2 security groups associated with a specific virtual private cloud (VPC). This policy also provides the permissions necessary to complete this action on the console.

CloudFormationTerraformAWS CLI
Allows Full EC2 Access Within a Specific Region, Programmatically and in the Console

A policy hat allows full EC2 access within a specific region. This policy also provides the permissions necessary to complete this action on the console.

CloudFormationTerraformAWS CLI
Allow Users to Launch Approved Images and Use Existing Security Groups Only, Programmatically and in the Console.

An IAM policy that prevents users from creating their own security groups, and allows users to only launch approved AMIs (Amazon Machine Images). Approved images are identified with Tags (Example, Tag Key: Approved, Tag Value: True). This policy provides the permissions necessary to complete this action programmatically or from the console.

CloudFormationTerraformAWS CLI
Allow Starting or Stopping EC2 Instances Based on a User's Username, Programmatically and in the Console.

An IAM policy that allows an IAM user to start or stop EC2 instances, but only if the instance tag Owner has the value of that user's user name. This policy also provides the permissions necessary to complete this action on the console.

CloudFormationTerraformAWS CLI
Limit Terminating EC2 Instances to an IP Address Range

An IAM policy that prevents users from terminating EC2 instances when the request does not come from a specified IP range. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only

CloudFormationTerraformAWS CLI
Require the Use of IMDSv2 When Launching EC2 Instances

An IAM policy that prevents users from launching new EC2 Instances if they are not configured to use the new Instance Metadata Service (IMDSv2)

CloudFormationTerraformAWS CLI