Cloud billing protection · alpha

Stop the bill before the bill stops you.

Cloud Watchdog detects dangerous cloud spend in minutes using your provider's usage metrics, reconciles dollars with the cost APIs once they catch up, and lets you opt-in to safe auto-stop on dev/staging only. Production stays locked by default. AWS is supported in alpha; Azure and Google Cloud are next.

10-min setup · no long-lived cloud credentials stored · cancel any auto-stop in 5 min

Slack · #alerts-aws
cloud-watchdog· Cloud Watchdog APPP1

Lambda invocations 32× over 7-day baseline

cw-test-fn · us-east-1 · env=dev

4,812 invocations in 5 min · budget hit at $42.18

Suggested

Throttle to 0

Auto-runs in

04:38

Example alert · not a live message

5 min

Detection window via CloudWatch

0

Production resources auto-stopped, ever

$19

Starter / month, founding price locked

10 min

Setup via CloudFormation template

Why native cloud-billing alerts fail startups

You don't need another dashboard. You need a circuit breaker.

Every major cloud's native billing tool has the same five structural gaps for teams under 50. Cloud Watchdog closes them one by one.

  • Gap 01

    8–24h budget delay

    Cloud-provider budget tools refresh ~3× a day. By the time the email arrives, the damage has already finished.

  • Gap 02

    Email to a dead inbox

    Default routing goes to root user. Your team moved to Slack two years ago.

  • Gap 03

    No per-resource granularity

    A NAT gateway or idle GPU can quietly burn $900/mo inside a $2k budget that never alerts.

  • Gap 04

    Email isn't a brake

    Native alerts notify. They never stop, throttle, or modify the resource that's bleeding.

  • Gap 05

    AI workloads break baselines

    GPU and agent recursion can compound thousands of dollars per hour. Daily ML is too slow.

How it works

Detection in minutes. Action only after you say so.

Read the security overview
01

Connect your cloud in 10 minutes

Deploy a small role template in your account (AWS today; Azure & GCP soon). Cloud Watchdog assumes that role with a per-account secret. No long-lived credentials stored.

02

Poll usage metrics every 1–5 min

Lambda, EC2, NAT, ECS, RDS, ELB on AWS today; equivalents on Azure/GCP next. Deterministic rules detect spikes against your 7-day baseline.

03

Slack alert with a Cancel button

Every action sends a Slack message with full context and a 5-minute cancel window before any auto-stop runs.

04

Find and kill idle waste every 6 hours

Unattached EBS volumes, unused Elastic IPs, idle NAT gateways, zero-connection RDS, low-CPU EC2, orphan snapshots. Each finding shows the exact monthly $ you save by removing it.

How alerts actually arrive

Slack + Email — not a dashboard you forget to open.

Every alert is dispatched to both channels. Slack messages include a Cancel button so you can call off an auto-stop in 5 minutes; emails carry the same context for whoever's reading on their phone at 11 pm.

Slack

#alerts-aws

Example Slack notification from Cloud Watchdog

Block-kit message with severity emoji, rule + resource details, and the 5-min Cancel + Throttle now buttons inline.

Email

alerts@cloudwatchdog.online

Example Email notification from Cloud Watchdog

Branded HTML email with the same severity coloring as Slack. Signed SPF + DKIM so it never lands in promotions.

What gets protected

Four guards, day-one.

Detect spikes in real-time, kill idle waste continuously. Both halves of the problem instead of just the alert half.

Live

Lambda runaway guard

Invocations, errors, duration, concurrency. Throttle to 0 on tagged dev functions before the recursion compounds.

10 ms

Slack-to-throttle path

Live

EC2 dev stop guard

Stop tagged dev/staging instances when usage spikes. Production-tagged resources are refused at the IAM layer.

0 prod

Resources ever stopped

Live

NAT egress watcher

Bytes processed and outbound traffic spikes — the silent six-figure category that AWS Budgets can't isolate.

<5 min

From spike to alert

Live

Idle resource sweeper

Detect unattached EBS volumes, unused Elastic IPs, idle NAT/RDS/EC2, and orphan snapshots every 6 hours. Each row shows exact monthly $ savings.

6 types

Waste categories scanned

Built for humans, not consoles

What CloudWatch makes hard, we make obvious.

Six concrete things the AWS Console + CloudWatch Alarms either don't do, charge extra for, or bury four clicks deep.

Unit-aware thresholds

70%, not 70

Pick CPU and type 70 — the form shows %. Pick NetworkOut and type 10 — the form shows MB. The rule list reads back "NetworkOut ≥ 10 MB" instead of CloudWatch's bare "10485760". One less mental conversion every time you read an alert.

Auto-suggest threshold

P95 × 1.2, in one click

CloudWatch makes you guess the threshold value. We measure the resource's last 7 days, compute P50/P95/P99, and propose a sensible number. One click fills in the input. Refine from there.

Full metric library

44 metrics across 7 services

EC2 (8 metrics including CPU credits + metadata-no-token), EBS (queue length, R/W throughput, idle time), RDS, Lambda, S3, NAT, ALB — every metric AWS Console shows on a per-resource graph, plus the rare ones nobody surfaces but matter for cost (S3 BucketSizeBytes, NAT BytesOutToDestination).

Multi-resource scope

One rule, many instances

Pick "all current + future EC2" so new instances get covered automatically — or hand-pick a subset by checkbox. CloudWatch forces one alarm per resource; you don't have to recreate the same rule 80 times.

Resource detail graphs

Every metric, one click

Click any resource → see the full AWS Console-style graph grid: every metric for that service, last 24 h, with a "Set alert on this metric" CTA right beside each graph. No tab-hopping into CloudWatch.

Suggested rules from inventory

Zero-config onboarding

Have 8 Lambdas? Suggested: runaway-invocation guard. Have a NAT gateway? Suggested: egress-spike alert. Cloud Watchdog reads your inventory and proposes the rules you'd otherwise spend an afternoon authoring.

Safety rails

Guard-rails baked in, not bolted on.

No long-lived credentials

Short-lived role assumption + per-account secret on every customer connection.

Read-only mode available

Run alert-only forever — no write permissions if you don’t want them.

Open-source role templates

Audit our CloudFormation (and equivalent Azure / Terraform) in public before you deploy.

No destructive actions

v0 only throttles, stops, or sets desired-count to 0 — all reversible.

No long-lived credentials

Short-lived role assumption + per-account secret on every customer connection.

Read-only mode available

Run alert-only forever — no write permissions if you don’t want them.

Open-source role templates

Audit our CloudFormation (and equivalent Azure / Terraform) in public before you deploy.

No destructive actions

v0 only throttles, stops, or sets desired-count to 0 — all reversible.

Pricing

Flat fee. Never a percentage of your AWS bill.

Limited time

Starter

Most popular

$29$19/ month

Founder pricing — locks in for life.

3 cloud accounts, 10 circuit breakers, 25 alert rules, idle-waste scanner, Slack + email.

Choose Starter

Team

Coming soon

$79/ month

5 cloud accounts, unlimited breakers, SMS + per-env tagging.

Notify me at launch

Scale

Coming soon

$299/ month

10 cloud accounts, team dashboard, audit log export, SLA.

Notify me at launch

Built by a founder, not a company

Stuck on setup, hit a bug, or want a feature? Reach out — I'll reply.

Cloud Watchdog is built and run by a single founder. If anything in the onboarding, alerts, or billing flow feels off — or you just want to chat about your cloud bill — drop me a line.

Bibek Jha

Founder · Cloud Watchdog

zhabibek4u@gmail.com

Replies within 24h

Connect your sandbox cloud account in 10 minutes.

Read-only by default. Slack alerts from day one. Auto-stop only on resources you tag.