AWS Cost Reporter (Terraform + Python)
A daily FinOps-style automation that pulls AWS spend from Cost Explorer, generates a PNG report (matplotlib), stores artifacts in private S3, and emails a time-limited pre-signed link via SNS. Built end-to-end with Terraform.
AWS Terraform Lambda EventBridge S3 SNS Python matplotlib
Architecture
EventBridge triggers a scheduled Lambda. The Lambda queries Cost Explorer, generates JSON + a PNG chart, uploads both to a private S3 reports bucket, and publishes an SNS notification email containing time-limited pre-signed URLs.
Schedule: EventBridge (daily)
Compute: Lambda (Python)
Data source: AWS Cost Explorer
Storage: S3 (private + encrypted)
Notification: SNS Email (confirmed subscription)
Access model: Pre-signed URLs (temporary access)
Tip: drop your PNG/SVG diagram into
/public and embed it here
later.
Key decisions
- Terraform-first so the full system can be deployed and torn down quickly.
- Lambda Layer for matplotlib/numpy (built via container) to keep the function package lean and runtime-compatible.
- Private-by-default reports shared via time-limited pre-signed URLs instead of opening up access.
- Separate artifacts vs reports (layer zip lives in an artifacts bucket; outputs live in the reports bucket).
Results
- Daily automated cost report with JSON + PNG output.
- Secure distribution model using pre-signed links.
- Clean “apply/destroy” lifecycle with Terraform.
- Clear upgrade path: PDF reports + SES HTML notifications, smarter alert thresholds, tighter IAM scope.