AWS Budgets provide the ability to set custom budgets that can alert when costs exceed (or are forecasted to exceed) the budgeted amount. (Default configured budget is 1000 USD)
CloudFormationTerraformAWS CLI
Guided Walkthroughs
Configuration Packages
AI CloudAdvisor (Beta)
By Implementation
By Service Protected
Reference Guides
Other
Guided Walkthroughs
Configuration Packages
AI CloudAdvisor (Beta)
Configuration Stack0
By Service Protected
VPC Security Controls
EC2 Security Controls
IAM Security Controls
S3 Security Controls
RDS Security Controls
OpenSearch/Elasticsearch Security Controls
EFS Security Controls
Route53 Security Controls
DynamoDB Security Controls
ECR Security Controls
EMR Security
Lambda Security
CloudFormation Security
CodeX Security Controls
CloudFront Security
AWS Certificate Manager (ACM) Security
Logging & Monitoring Configurations
Backups & DR
Billing and Cost ManagementBy Implementation
Reference Guides
Other
Billing and Cost Management
AWS controls to help manage costs in an AWS environment. Controls include AWS Budgets and CloudWatch alarms.
Budget
AWS Budgets provide the ability to set custom budgets that can alert when costs exceed (or are forecasted to exceed) the budgeted amount. A notification has been configured when the actual costs exceed 80% of the budget (Default is 1000 USD).
CloudFormationTerraformAWS CLI
CloudWatch Alarms
A CloudWatch Alarm that triggers the AWS bill reaches the specified threshold (default: 100 USD).
CloudFormationTerraformAWS CLI
IAM Policy
A policy that allows starting or stopping a specific EC2 instance and modifying a specific security group (Programmatically and in the Console).
CloudFormationTerraformAWS CLI
Allows Launching EC2 Instances in a Specific Subnet, Programmatically and in the Console
Add to StackA policy that allows listing information for all EC2 objects and launching EC2 instances in a specific subnet. This policy also provides the permissions necessary to complete this action on the console.
CloudFormationTerraformAWS CLI
Allows Managing EC2 Security Groups Associated With a Specific VPC, Programmatically and in the Console
Add to StackA policy that allows managing Amazon EC2 security groups associated with a specific virtual private cloud (VPC). This policy also provides the permissions necessary to complete this action on the console.
CloudFormationTerraformAWS CLI
A policy hat allows full EC2 access within a specific region. This policy also provides the permissions necessary to complete this action on the console.
CloudFormationTerraformAWS CLI
Allow Users to Launch Approved Images and Use Existing Security Groups Only, Programmatically and in the Console.
Add to StackAn IAM policy that prevents users from creating their own security groups, and allows users to only launch approved AMIs (Amazon Machine Images). Approved images are identified with Tags (Example, Tag Key: Approved, Tag Value: True). This policy provides the permissions necessary to complete this action programmatically or from the console.
CloudFormationTerraformAWS CLI
Allow Starting or Stopping EC2 Instances Based on a User's Username, Programmatically and in the Console.
Add to StackAn IAM policy that allows an IAM user to start or stop EC2 instances, but only if the instance tag Owner has the value of that user's user name. This policy also provides the permissions necessary to complete this action on the console.
CloudFormationTerraformAWS CLI
An IAM policy that prevents users from terminating EC2 instances when the request does not come from a specified IP range. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only
CloudFormationTerraformAWS CLI
An IAM policy that prevents users from launching new EC2 Instances if they are not configured to use the new Instance Metadata Service (IMDSv2)
CloudFormationTerraformAWS CLI
Filter by source
Budget
CloudWatch Alarms
IAM Policy