Adding budgets

How to automatically add budgets and alerts to managed accounts

Task: Add budget to exisiting / new accounts

First, create a new file called “budget.yml” and add a budget constraint of 100$ and respective alerting via email. A sample can be found below (based on this).

Description: "Basic Budget 100$"
    Type: "AWS::Budgets::Budget"
          Amount: 100
          Unit: USD
        TimeUnit: MONTHLY
          Start: 1225864800
          End: 1926864800
        BudgetType: COST
        - Notification:
            NotificationType: ACTUAL
            ComparisonOperator: GREATER_THAN
            Threshold: 99
            - SubscriptionType: EMAIL
              Address: <youremail>
        - Notification:
            NotificationType: ACTUAL
            ComparisonOperator: GREATER_THAN
            Threshold: 80
          - SubscriptionType: EMAIL
            Address: <youremail>
    Value: !Ref BudgetBase

Using CFCT solution

CFCT = (Customizations for AWS Control Tower Solution)[].

See also


  • If not done already, go to the s3 bucket “custom-control-tower-configuration-acccountid-region” and download the “” sample archive to your local machine. Unzip.
  • Go to the “custom_control_tower_configuration” folder
  • Copy your budget.yml to the templates/ folder and rename it to budget.template
  • Edit the manifest.yaml as follows - make sure to adjust OU and Region

# Control Tower Custom CloudFormation Resources

    - name: myBudget
      template_file: templates/budget.template
      deploy_method: stack_set
      deploy_to_ou: # :type: list
        - <YourOU> # OU Name
        - <YourRegion>


See also for more info.

  • Save file and zip Directory
  • Upload (no underscore!) to your s3 bucket (custom-control-tower-configuration-acccountid-region).
  • Code Pipeline is triggered. Wait for pipeline execution. This could take up to 15-20 minutes.
  • After pipeline execution is successfully completed, switch to AWS Management Console for the Core member account to validate that the budget is created is the specified member account.

CFCT s3 bucket

CF StackSet

Note: The CFCT solution does support changes of SCPs or CF templates out of the box (S3 Update triggers CodePipeline). However OU StackSet deployments “Auto Deploy” are not yet supported!

Using CloudFormation StackSets

  • In the AWS console of your root account, navigate to CloudFormation
  • Select StackSets
  • Create a new StackSet based on the existing budget CF template
  • Select “Service managed permissions”
  • Select “Deploy to organizational units (OUs)” - choose OU ID (look up in AWS Organisations)
  • Enable Auto Deploy

See also - - for more info.

Using Service Catalog

Note: In this solution, you would have to provide Account IDs manually. Constraints on OUs are not supported yet!

  • In the AWS console of your root account, navigate to ServiceCatalog
  • Create a new product based on the existing budget CF template
  • Create a new portfolio
  • Add Constraint “StackSet” and provide dedicated Account IDs - choose AWSControlTowerStackSetRole / AWSControlTowerExecution
  • Launch Portfolio
  • You can check the progress in CloudFormation by looking for the respective StackSet

Service Catalog Stackset Constraint