Nuberio
  • Pricing
  • Blog
  • Tools
  • Security
  • About
Log inStart free →
Nuberio

Root cause, not noise.

Start free →

Product

  • Audit
  • Watch
  • Diagnose

Free Tools

  • CloudWatch Alarm Builder
  • CloudFormation Checker
  • CloudWatch Timestamp Converter

Compare

  • Vs PagerDuty
  • Vs incident.io
  • Vs Datadog
  • Vs Resolve.ai
  • Vs Rootly
  • Vs AWS DevOps Guru
  • Vs Squadcast
  • Vs Komodor / Klaudia
  • Vs Sentry
  • Vs Coroot
  • Vs Datadog Watchdog
  • Vs New Relic
  • Vs Grafana Cloud
  • Vs OpsGenie

Company

  • Pricing
  • Blog
  • Security
  • About

Connect

  • X (Twitter)
  • LinkedIn

© 2026 Nuberio. All rights reserved.

Privacy Policy · Cookie Policy · Security

Built at 2am, for a 2am.

← All posts

What CloudWatch alarms actually cost — and the three levers that actually reduce the bill

July 7, 2026·9 min read

Most CloudWatch alarm cost advice repeats the same claim: switch to composite alarms and cut your alarm count 60–70%. It's wrong in a specific way that matters. Composite alarms don't remove the underlying metric alarms — they sit on top of them, and they add $0.50/month each on top of what you're already paying. If you're optimizing for the AWS bill, composite alarms make it slightly worse, not better. They're still worth using — just not for the reason most guides give.

How much does a CloudWatch alarm actually cost?

A standard-resolution CloudWatch alarm costs $0.10 per alarm-metric per month, prorated hourly. Anomaly-detection alarms cost $0.30/month — three times the standard rate, because they track the actual metric value plus the upper and lower bounds of the expected range as three separate series. A composite alarm costs a flat $0.50/month regardless of how many underlying alarms it references. The first 10 alarm-metrics per month are free.

Alarm typeCostWhy
Standard resolution alarm$0.10 / alarm-metric / monthEvaluated on a 60-second period. First 10/month are free tier.
Anomaly detection alarm$0.30 / alarm / monthBills 3x standard — tracks the metric, plus the expected upper and lower bounds.
Composite alarm$0.50 / month flatOne flat fee no matter how many child alarms it combines with AND/OR/NOT.

The billing unit is the alarm-metric, not the alarm

This is the detail that breaks most cost-optimization advice: AWS bills per metric referenced inside an alarm, not per alarm you create. A single alarm using a metric math expression that references three metrics is billed as three alarm-metrics — even though it's one alarm, fires one state change, and sends one notification.

Per AWS's published CloudWatch pricing: "When your alarm references multiple metrics (such as in a metric math expression), you incur a cost for each metric referenced." An error-rate alarm computing (Errors / Invocations) * 100 is billed as 2 alarm-metrics, not 1 — because it references two underlying metrics, even with ReturnData: false on the intermediate ones.

This means the metric-math patterns that make alarms smarter (see the guide to CloudWatch metric math for the full set) don't reliably reduce the bill either. A fleet-wide MAX() across 10 ECS services' CPU metrics is billed as 10 alarm-metrics — the same as 10 separate per-service alarms — because all 10 raw metrics are still referenced. What changes is that you get one alarm state and one notification instead of 10, which is an operational win, not a billing one.

Myth: composite alarms cut your CloudWatch bill

A composite alarm evaluates the state of other alarms — it doesn't replace them. The child metric alarms still exist, still evaluate independently, and still bill at $0.10 each. The composite alarm is a fourth thing on top, billed at $0.50/month flat.

# 10 per-service CPU alarms — still bill individually at $0.10 each = $1.00/mo
HighCpuService1:
  Type: AWS::CloudWatch::Alarm
  Properties:
    AlarmName: service-1-cpu-high
    Namespace: AWS/ECS
    MetricName: CPUUtilization
    Dimensions:
      - Name: ServiceName
        Value: service-1
    Statistic: Average
    Period: 60
    EvaluationPeriods: 3
    Threshold: 85
    ComparisonOperator: GreaterThanThreshold
    TreatMissingData: notBreaching
# ... 9 more identical alarms for service-2 through service-10 ...

# Composite alarm on top — adds $0.50/mo, does not remove the 10 above
FleetCpuDegraded:
  Type: AWS::CloudWatch::CompositeAlarm
  DependsOn:
    - HighCpuService1
    # ... all 10 child alarms ...
  Properties:
    AlarmName: fleet-cpu-degraded
    AlarmDescription: Page only when 3+ services are CPU-saturated simultaneously
    AlarmRule: >-
      (ALARM("service-1-cpu-high") + ALARM("service-2-cpu-high") +
       ALARM("service-3-cpu-high")) >= 3
    AlarmActions:
      - YOUR_SNS_TOPIC_ARN

Total bill for this setup: 10 × $0.10 + $0.50 = $1.50/month — 50% more than the $1.00/month baseline of just the 10 alarms with no composite layer. What you get for that extra $0.50 isn't a cheaper bill. It's going from up to 10 possible pages during a fleet-wide CPU event down to exactly 1. That's the actual value of composite alarms: fewer notifications, not a lower invoice. If your goal is genuinely a lower AWS bill, a composite alarm is a small net cost, not a saving.

The three things that actually reduce your CloudWatch alarm bill

  • Prune alarms nobody acts on. Pull the ALARM-state history for the last 90 days per alarm. If an alarm has never fired, or has fired repeatedly with no runbook action taken, it's pure cost with no signal. Deleting it removes $0.10/month and — more importantly — one less thing to triage during an incident.
  • Stop mirroring prod alarm coverage 1:1 into every non-prod environment. A dev and staging environment rarely need the same alarm density as production. If your CloudFormation/Terraform stack deploys identical alarm sets per environment, you're paying 2-3x for coverage nobody is paged on.
  • Avoid anomaly detection unless the pattern genuinely varies by time of day or week. At 3x the standard rate, anomaly detection alarms are the most expensive alarm type per metric. They're worth it for traffic-shaped metrics (request count, queue depth) but are usually overkill for hard capacity limits like FreeStorageSpace or FreeableMemory, where a static threshold is both cheaper and clearer.

When alarm cost actually becomes real money

For a small team, the raw alarm bill is genuinely trivial. A 10-person startup running 50 alarm-metrics across one environment pays $5/month — $60/year. The bill becomes material only when alarm count multiplies across environments and services without pruning.

ScenarioAlarm-metricsMonthly costAnnual cost
50 resources, 1 alarm each, prod only50$5$60
50 resources, 4 alarms each, prod only200$20$240
50 resources, 4 alarms each, × 3 environments (dev/staging/prod)600$60$720
Even at $720/year, this is not the number to optimize first. A single 1-hour outage at a 10-person startup models out to $3,617 in engineering time, support load, and customer trust cost (full breakdown in the AWS outage cost article). Don't let a cost-cutting pass delete the one alarm that's the difference between catching that incident in 5 minutes and finding it from a customer complaint.

Related reading

  • → The 12 CloudWatch alarms every small AWS team should have
  • → Composite CloudWatch alarms: stop getting paged for things that aren't incidents
  • → CloudWatch metric math: how to build alarms no static threshold can match
  • → The real cost of a 1-hour AWS outage for a 10-person startup

Frequently asked questions

Frequently asked questions

Do composite alarms cost less than the metric alarms they combine?

No. Composite alarms cost a flat $0.50/month in addition to the child metric alarms, which continue to bill individually at $0.10 each. A composite alarm evaluates other alarms' states — it does not replace them. Their value is reducing the number of notifications during a correlated event, not lowering the AWS bill.

Does a metric math alarm cost less than separate alarms on the same metrics?

Usually not. AWS bills per metric referenced inside the alarm, including metrics marked ReturnData: false. An alarm computing an error rate from Errors and Invocations is billed as 2 alarm-metrics. A fleet-wide MAX() or SUM() across 10 resources' metrics is billed as 10 alarm-metrics — the same as 10 individual alarms. The benefit is fewer alarm states and notifications, not a smaller bill.

What is included in the CloudWatch alarms free tier?

The first 10 standard-resolution alarm-metrics per month are free. Beyond that, each standard alarm-metric costs $0.10/month, anomaly detection alarms cost $0.30/month, and composite alarms cost $0.50/month flat, all prorated hourly for the time the alarm exists.

Why are anomaly detection alarms three times more expensive than standard alarms?

An anomaly detection alarm tracks three time series internally: the actual metric value, and the computed upper and lower bounds of the expected range (the 'band'). AWS bills each of these as a standard alarm-metric, which is why anomaly detection costs $0.30/month — 3x the $0.10 standard rate — per alarm.

What's the fastest way to audit which CloudWatch alarms are worth keeping?

Pull each alarm's state-transition history for the last 90 days via the CloudWatch console or the DescribeAlarmHistory API. Alarms that never transitioned to ALARM are candidates for deletion if they're not covering a rare-but-critical failure mode. Alarms that fired repeatedly with no documented response (no runbook link, no on-call action taken) are noise — delete or raise the threshold rather than leaving them to page unnecessarily.

Related reading

  • → The 12 CloudWatch alarms every small AWS team should have
  • → Composite CloudWatch alarms: stop getting paged for things that aren't incidents
  • → CloudWatch metric math: how to build alarms no static threshold can match
  • → The real cost of a 1-hour AWS outage for a 10-person startup

Still debugging incidents manually?

Nuberio does this automatically — root cause in under 60 seconds, delivered to WhatsApp or Slack.

Try Nuberio free →
N

Nitesh Bhavsar

Founder, Nuberio

Published

July 2026

Updated

July 2026

Have feedback? [email protected]