Cost Anomaly Detection
Cost anomaly detection continuously monitors the daily cloud cost and informs you of abnormal usage trends. It minimizes the detection time and negative cost impacts. Cost anomaly alerts proactively notify you about anomaly events. For each detected event, cost anomaly insights help reduce the investigation and remediation efforts by providing thorough root cause analysis.
How Cost Anomaly Detection Works
Cost Monitors
- Default Cost Monitors: OCI automatically creates a default service monitor for the combination of a tenancy, service, and region (for example: tenancy 1, Compute, and Ashburn region).
- Custom Cost Monitors: You can create custom cost monitors by applying filters to analyze specific resources or workloads.Note
A cost monitor requires 60 days of historical data before it becomes active.
| Cost Monitor Scenario | How to Configure Cost Monitoring Scenarios |
|---|---|
| Monitor costs for resources in a child tenancy (business entity). |
Create a custom cost monitor with a filter, where Tenancy = Business Entity and other criteria as needed. |
| Monitor resources with a specific tags (for example, Cost Center and Application). | Create a custom cost monitor with filters, where Tag Namespace = Tag Namespace name, Tag key = CostCenter and value = 'CostCenter1' AND Tag Namespace = Tag Namespace name, Tag key = Application and Value = Application Name 1 . |
| Monitor specific compartment's cost (for example, Development compartment). | Create a Custom Cost Monitor with a filter, where Compartment = Development. |
| Service level cost for a specific region (for example, Compute in Ashburn). | Default monitors automatically monitor region specific service-level cost within a tenancy. |
Cost Anomaly Algorithms
Cost anomaly detection's algorithm uses machine learning considering yearly, weekly, and daily seasonality plus holiday effects to forecast daily cost data and automatically detect anomaly events. It learns from user provided feedback improving its accuracy.
- New resources created: Resources present on the event day but not on the previous day.
- Resources deleted: Resources not present on the event day but available on the previous day.
- Resource usage changes: Resources present on both days with changes in cost.
Cost Anomaly Alerts
Cost anomaly alerts are available for each cost monitor. If an anomaly is detected, and its cost variance exceeds the alert threshold, then an email alert is sent to the notification group. An email is sent once per day for each anomaly event.
A cost anomaly alert subscription, associated with a cost monitor, defines the alert threshold and email addresses to notify. Alert thresholds, set as an absolute value and as a percentage variance between the forecasted and actual costs, define the minimum cost variation required to trigger an alert. For example, if the anomaly's cost impact is $100 and the alert threshold is $500, OCI doesn't trigger an alert. If the expected cost is $100 and the actual cost is $120, an alert threshold of 10% triggers an alert.
You can use email aliases and distribution lists are to send out anomaly alerts. We recommend adding at least one actual email address to ensure that recipients receive alerts if another address becomes inactive.
Required IAM Policy
To use Oracle Cloud Infrastructure, an administrator must be a member of a group granted security access in a policy by a tenancy administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don't have permission or are unauthorized, verify with the tenancy administrator what type of access you have and which compartment your access works in.
If you're new to policies, see Getting Started with Policies and Common Policies.
| Use Case | IAM Policy |
|---|---|
| Administrator of Cost Anomaly Detection Features |
|
| View only access of Cost Anomaly Detection Features |
|