How I stopped a $2,000 AWS bill using 4 lines of Python (Open Source)

The $2,000 "Ouch" Moment

A few months ago, I was rushing to fix a connectivity issue for a client. I spun up a NAT Gateway in Terraform, deployed it, and high-fived the team. Ticket closed.

30 days later, the finance team pinged me.

"Why is the bill $2,000 higher this month?"

I had forgotten to tear it down. Even worse, I had routed a high-throughput S3 backup job through it, costing $0.045/GB for data processing.

My "safety net" at the time was CloudHealth, but that didn't help. Tools like CloudHealth and Vantage are autopsies—they tell you after the patient has died (and the money is gone).

I realized I didn't need better reporting. I needed a guardrail.

We have Linters for Code, Why Not for Cost?

We use black to format Python. We use tfsec to catch security holes. But for cost, we usually just "deploy and pray."

So, I spent my weekends building Relia (Open Source).

Think of it as ESLint for Cloud Costs. It sits in your terminal or CI pipeline, parses your Terraform plan, and tells you exactly how much your PR will cost before you merge it.

Most importantly: It blocks the build if you exceed your budget.

How to Set It Up (3 Minutes)

Relia is written in Python and runs locally. It doesn't send your Terraform code to any SaaS (I designed it to be privacy-first and offline-capable).

1. Install the CLI

pip install relia

2. Run a "Dry Run" Estimate

Go to your Terraform directory and run:

relia estimate .

You’ll get a breakdown like this:

📊 Relia Cost Estimate
+------------------+----------+------------+
| Resource         | Type     | Cost/Month |
+------------------+----------+------------+
| aws_instance.web | t3.large |     $60.00 |
| aws_nat_gateway  | standard |     $32.00 |
+------------------+----------+------------+
| Total            |          |     $92.00 |
+------------------+----------+------------+

3. The "Bill Shock" Blocker

This is where it gets cool. You can set a budget policy in a .relia.yaml file:

# .relia.yaml
budget: 500.0  # Total monthly cap
rules:
  aws_instance: 50.0 # No single instance > $50

Now, if a developer tries to sneak in a p3.8xlarge ($10,000/mo), the CLI will scream:

$ relia check .
❌ Budget Exceeded!
   Current: $10,092.00
   Limit:   $500.00

Adding it to GitHub Actions

To make this automatic, I added it to my PR workflow. Now, nobody can merge a PR that blows the budget.

# .github/workflows/cost-check.yml
- name: Check Cloud Cost
  uses: davidahmann/relia-action@v1
  with:
    budget: '500'

Why I Built This (vs. Using Infracost)

Infracost is a great tool, but I wanted something that was:

1. Fully Offline: Relia uses a bundled SQLite pricing database. It works on air-gapped machines.
2. Privacy-First: It never sends your Terraform plan or variables to a third-party API.
3. Python-Native: Easy for SREs to extend or script against.

Try it out

It’s open source (Apache 2.0). I’d love to hear if this saves you from a "Bill Shock" moment like it did for me.

• Repo: github.com/davidahmann/relia_oss
• Docs: davidahmann.github.io/relia_oss

Let me know what you think! 👇