displayName
Cost Anomaly Alerting Setup
workflowKind
operational
triggerType
on-demand
typicalCadence
per-milestone
complexity
cross-team
description
Designs and implements the cost anomaly detection and alerting
infrastructure -- defining anomaly detection thresholds using statistical
baselines (standard deviation bands, percentage-over-forecast) calibrated
per service and team to minimize false positives, configuring multi-tier
alert routing with severity levels mapped to cost impact magnitude
(informational, warning, critical), establishing escalation rules that
auto-notify team leads for moderate anomalies and trigger incident response
for critical spend spikes, integrating anomaly alerts with communication
channels (Slack, PagerDuty, email) with appropriate context including
affected resources, estimated daily run-rate, and suggested investigation
steps, creating anomaly investigation runbooks with common root-cause
patterns, setting up weekly anomaly review meetings to tune thresholds and
close resolved alerts, and building an anomaly historical log for pattern
recognition. Produces alerting architecture document, threshold
configuration, escalation matrix, and investigation runbooks. Excludes
anomaly remediation.