What CloudWatch alarms actually cost — and the three levers that actually reduce the bill
Most CloudWatch alarm cost advice repeats the same claim: switch to composite alarms and cut your alarm count 60–70%. It's wrong in a specific way that matters. Composite alarms don't remove the underlying metric alarms — they sit on top of them, and they add $0.50/month each on top of what you're already paying. If you're optimizing for the AWS bill, composite alarms make it slightly worse, not better. They're still worth using — just not for the reason most guides give.
How much does a CloudWatch alarm actually cost?
A standard-resolution CloudWatch alarm costs $0.10 per alarm-metric per month, prorated hourly. Anomaly-detection alarms cost $0.30/month — three times the standard rate, because they track the actual metric value plus the upper and lower bounds of the expected range as three separate series. A composite alarm costs a flat $0.50/month regardless of how many underlying alarms it references. The first 10 alarm-metrics per month are free.
| Alarm type | Cost | Why |
|---|---|---|
| Standard resolution alarm | $0.10 / alarm-metric / month | Evaluated on a 60-second period. First 10/month are free tier. |
| Anomaly detection alarm | $0.30 / alarm / month | Bills 3x standard — tracks the metric, plus the expected upper and lower bounds. |
| Composite alarm | $0.50 / month flat | One flat fee no matter how many child alarms it combines with AND/OR/NOT. |
The billing unit is the alarm-metric, not the alarm
This is the detail that breaks most cost-optimization advice: AWS bills per metric referenced inside an alarm, not per alarm you create. A single alarm using a metric math expression that references three metrics is billed as three alarm-metrics — even though it's one alarm, fires one state change, and sends one notification.
This means the metric-math patterns that make alarms smarter (see the guide to CloudWatch metric math for the full set) don't reliably reduce the bill either. A fleet-wide MAX() across 10 ECS services' CPU metrics is billed as 10 alarm-metrics — the same as 10 separate per-service alarms — because all 10 raw metrics are still referenced. What changes is that you get one alarm state and one notification instead of 10, which is an operational win, not a billing one.
Myth: composite alarms cut your CloudWatch bill
A composite alarm evaluates the state of other alarms — it doesn't replace them. The child metric alarms still exist, still evaluate independently, and still bill at $0.10 each. The composite alarm is a fourth thing on top, billed at $0.50/month flat.
# 10 per-service CPU alarms — still bill individually at $0.10 each = $1.00/mo
HighCpuService1:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: service-1-cpu-high
Namespace: AWS/ECS
MetricName: CPUUtilization
Dimensions:
- Name: ServiceName
Value: service-1
Statistic: Average
Period: 60
EvaluationPeriods: 3
Threshold: 85
ComparisonOperator: GreaterThanThreshold
TreatMissingData: notBreaching
# ... 9 more identical alarms for service-2 through service-10 ...
# Composite alarm on top — adds $0.50/mo, does not remove the 10 above
FleetCpuDegraded:
Type: AWS::CloudWatch::CompositeAlarm
DependsOn:
- HighCpuService1
# ... all 10 child alarms ...
Properties:
AlarmName: fleet-cpu-degraded
AlarmDescription: Page only when 3+ services are CPU-saturated simultaneously
AlarmRule: >-
(ALARM("service-1-cpu-high") + ALARM("service-2-cpu-high") +
ALARM("service-3-cpu-high")) >= 3
AlarmActions:
- YOUR_SNS_TOPIC_ARNTotal bill for this setup: 10 × $0.10 + $0.50 = $1.50/month — 50% more than the $1.00/month baseline of just the 10 alarms with no composite layer. What you get for that extra $0.50 isn't a cheaper bill. It's going from up to 10 possible pages during a fleet-wide CPU event down to exactly 1. That's the actual value of composite alarms: fewer notifications, not a lower invoice. If your goal is genuinely a lower AWS bill, a composite alarm is a small net cost, not a saving.
The three things that actually reduce your CloudWatch alarm bill
- Prune alarms nobody acts on. Pull the ALARM-state history for the last 90 days per alarm. If an alarm has never fired, or has fired repeatedly with no runbook action taken, it's pure cost with no signal. Deleting it removes $0.10/month and — more importantly — one less thing to triage during an incident.
- Stop mirroring prod alarm coverage 1:1 into every non-prod environment. A dev and staging environment rarely need the same alarm density as production. If your CloudFormation/Terraform stack deploys identical alarm sets per environment, you're paying 2-3x for coverage nobody is paged on.
- Avoid anomaly detection unless the pattern genuinely varies by time of day or week. At 3x the standard rate, anomaly detection alarms are the most expensive alarm type per metric. They're worth it for traffic-shaped metrics (request count, queue depth) but are usually overkill for hard capacity limits like FreeStorageSpace or FreeableMemory, where a static threshold is both cheaper and clearer.
When alarm cost actually becomes real money
For a small team, the raw alarm bill is genuinely trivial. A 10-person startup running 50 alarm-metrics across one environment pays $5/month — $60/year. The bill becomes material only when alarm count multiplies across environments and services without pruning.
| Scenario | Alarm-metrics | Monthly cost | Annual cost |
|---|---|---|---|
| 50 resources, 1 alarm each, prod only | 50 | $5 | $60 |
| 50 resources, 4 alarms each, prod only | 200 | $20 | $240 |
| 50 resources, 4 alarms each, × 3 environments (dev/staging/prod) | 600 | $60 | $720 |
Related reading
Frequently asked questions
Frequently asked questions
Do composite alarms cost less than the metric alarms they combine?
No. Composite alarms cost a flat $0.50/month in addition to the child metric alarms, which continue to bill individually at $0.10 each. A composite alarm evaluates other alarms' states — it does not replace them. Their value is reducing the number of notifications during a correlated event, not lowering the AWS bill.
Does a metric math alarm cost less than separate alarms on the same metrics?
Usually not. AWS bills per metric referenced inside the alarm, including metrics marked ReturnData: false. An alarm computing an error rate from Errors and Invocations is billed as 2 alarm-metrics. A fleet-wide MAX() or SUM() across 10 resources' metrics is billed as 10 alarm-metrics — the same as 10 individual alarms. The benefit is fewer alarm states and notifications, not a smaller bill.
What is included in the CloudWatch alarms free tier?
The first 10 standard-resolution alarm-metrics per month are free. Beyond that, each standard alarm-metric costs $0.10/month, anomaly detection alarms cost $0.30/month, and composite alarms cost $0.50/month flat, all prorated hourly for the time the alarm exists.
Why are anomaly detection alarms three times more expensive than standard alarms?
An anomaly detection alarm tracks three time series internally: the actual metric value, and the computed upper and lower bounds of the expected range (the 'band'). AWS bills each of these as a standard alarm-metric, which is why anomaly detection costs $0.30/month — 3x the $0.10 standard rate — per alarm.
What's the fastest way to audit which CloudWatch alarms are worth keeping?
Pull each alarm's state-transition history for the last 90 days via the CloudWatch console or the DescribeAlarmHistory API. Alarms that never transitioned to ALARM are candidates for deletion if they're not covering a rare-but-critical failure mode. Alarms that fired repeatedly with no documented response (no runbook link, no on-call action taken) are noise — delete or raise the threshold rather than leaving them to page unnecessarily.
Related reading
Still debugging incidents manually?
Nuberio does this automatically — root cause in under 60 seconds, delivered to WhatsApp or Slack.