CloudAgent gives you AI agents that manage your cloud infrastructure. They handle tasks like security compliance, cost optimization, deployments, and monitoring. You remain in control as agents show you their plans, wait for your approval, then execute. Think of it as having a cloud operations team that works 24/7 without needing to hire an army of cloud experts.

How can AI agents be trusted with production cloud infrastructure?

You stay in control through approval workflows where every infrastructure change can require human approval before execution, custom security controls with granular access rules, complete audit trails of every action, self-hosted deployment options, and progressive trust models starting with read-only access.

How does it actually reduce costs?

CloudAgent agents delete unused resources, schedule non-production shutdowns, right-size infrastructure based on usage patterns, and recommend architectural optimizations. Early customers report 15-40% cost reduction within 90 days. Unlike dashboards, CloudAgent actually fixes the problems.

1. Assessment

Enumerate AWS Budgets
Retrieve budget configurations and notifications
Detect budgets missing notifications or valid subscribers
User: Select budgets to update and supply recipient details

2. Configuration

Create or update budget notifications
Create SNS topics (same account) when requested
Attach or update subscribers for budget notifications

3. Validation

Verify notifications and subscribers match requested state

1 Credits

Configure AWS Budgets Alerts

Overview

Configure AWS Budgets alerts for your existing budgets so owners and teams reliably receive spend notifications. The plan will enumerate every budget in the target account/region, collect full budget and notification metadata, detect missing or broken alerting (missing notifications, no subscribers, cross-account or policy issues), present remediation recommendations, guide you to select which budgets to update and which recipients to use, and then create or update notifications and SNS topics as requested. It preserves full audit data (API request IDs, timestamps, prior configurations) and verifies the final state, including subscription confirmation status and any remaining issues requiring user action.

Execution Details

Assessment

Purpose: build a complete, auditable inventory of budgets and their notification state, and surface issues to remediate.

Enumerate all AWS Budgets (handling pagination) and collect: budget name (unique key), budget type (COST/USAGE/RESERVATION/SAVINGS_PLANS), time unit, limit (amount/currency or usage unit), CostFilters/Scope (linked accounts, services, regions, tags), metadata/tags, description, and account/visibility context (management vs member account).
For each budget retrieve full configuration: thresholds/time windows, configured notifications (type, comparison operator, threshold value and type, state), and subscriber lists (EMAIL or SNS topic ARNs, subscription status).
Record service constraints and observed limits (e.g., max 10 notifications per budget; per-notification subscriber limits: up to 1 SNS + up to 10 email addresses).
Detect and flag problems: budgets with no notifications; notifications with no subscribers; unconfirmed or invalid email subscribers; invalid or cross-account SNS ARNs; encrypted SNS topics that may require KMS policy changes; SNS topics missing a Budgets publish statement (allowing budgets.amazonaws.com to Publish with aws:SourceAccount and aws:SourceArn conditions).
Classify issues by severity (A: no notifications, B: notifications but no subscribers, C: unconfirmed/invalid subscribers, D: SNS topic issues).
Produce machine-readable outputs for each step: an inventory JSON array, consolidated budget records (config, notifications, subscribers), remediation report, and include API metadata (request IDs, pagination tokens, timestamps) for auditing.

User selection & input (guided)

Purpose: get explicit authorization and exact configuration choices before making changes.

Deliver the consolidated inventory and remediation report and guide you through options and recommended configurations per budget.
Collect explicit user approvals: which budgets (by name and exact scope) are authorized to change and which to exclude.
For each selected budget collect desired notification definitions: NotificationType (ACTUAL/FORECASTED), ComparisonOperator, Threshold numeric value and ThresholdType (PERCENTAGE/ABSOLUTE_VALUE), and number of distinct notifications (within service limits).
Collect definitive subscriber endpoints: confirmed email addresses (valid format), existing SNS topic ARNs that are verified to be in the same account, or instructions to create new same-account SNS topics (topic name and encryption preference).
Collect owner/contact mapping and metadata to attach to resources (owner name, primary/secondary contact, escalation topic).
Collect preferences for confirmation/testing: whether to trigger subscription confirmation emails, require confirmation before finishing, and whether to run a test publish to SNS topics.
Record explicit, machine-readable consent including user identity marker, timestamp, and approved resource list.

Configuration

Purpose: apply approved changes—create/update notifications, create SNS topics on request, and attach subscribers—while backing up prior state and logging actions.

Create or update budget notifications:
- Prepare exact notification payloads per approval and validate against service rules (max 10 notifications per budget; subscriber limits; acceptable threshold ranges).
- Backup the prior notification JSON and subscriber lists for each budget to allow rollback and auditing.
- Apply updates and record service responses (success/failure, API request IDs, timestamps). On success, log a change record containing prior and new notification JSON and API metadata. On failure, capture error details and recommended remediation; continue other changes unless a systemic error occurs.
- Immediately re-fetch the budget notifications to confirm persistence and exact field matches.
Create SNS topics when requested:
- Collect topic inputs (name, display name, SSE/KMS choice, tags). Create topics only in the same account as the budget.
- If encryption is enabled, record KMS key ARN and note additional key-policy changes may be required.
- Add topic resource policy statements when needed to allow budgets.amazonaws.com to Publish (with aws:SourceAccount and aws:SourceArn conditions), and log policy changes.
- Optionally create initial email subscriptions (these will send confirmation emails to recipients).
- Produce mapping of created topic name -> ARN and log API metadata for auditing.
Add or update subscribers:
- For each notification, attach the approved list of email addresses and/or same-account SNS topic ARNs, validating each ARN exists and is same-account and that topic policies/KMS allow Budgets to publish.
- Record subscription operations and statuses (emails will be unconfirmed until users confirm; record which require action).
- Log previous and new subscriber lists for audit and rollback, and capture any failures with remediation guidance.
Deliverable: a consolidated change-result report listing per-budget success/failure status, API request IDs, timestamps, and next steps (e.g., confirm email subscriptions, update topic policies, or address encryption/KMS issues).

Validation

Purpose: verify changes match the requested state and surface any remaining discrepancies or user actions.

Re-retrieve notification configurations and subscribers for every changed budget and capture API response IDs/timestamps.
Confirm notifications exactly match intended fields (NotificationType, ComparisonOperator, Threshold and ThresholdType).
Confirm subscriber lists exactly match the approved list (email addresses and same-account SNS topic ARNs).
Report email subscription confirmation status (confirmed/unconfirmed) and explicitly list recipients that must confirm before they will receive alerts.
Verify SNS topics’ resource policies include the Budgets publish statement and that encrypted topics have KMS policies permitting SNS and Budgets actions; flag any remaining policy or encryption problems.
Produce a final machine-readable verification report per budget containing notification JSON, subscriber list, retrieval timestamps, API metadata, and any discrepancies or errors with recommended corrective steps for your approval.

Outputs & Audit Trail

Machine-readable inventory and consolidated budget records (config, notifications, subscribers).
Remediation report with classified issues and recommended fixes.
User consent record with explicit approvals and timestamps.
Full backups of prior notification and subscriber configurations for rollback.
Change-result report with per-budget success/failure, API request IDs/timestamps, and remediation guidance.
Final verification report showing exact post-change state and outstanding actions (e.g., unconfirmed emails, SNS policy/KMS issues).

Key constraints & checks the plan enforces

Observes service limits: max 10 notifications per budget; per notification up to 1 SNS topic + up to 10 email addresses.
Ensures SNS topics used for Budgets are in the same account as the budget; flags cross-account topics as unsupported.
Detects SNS topic encryption and highlights KMS policy implications.
Verifies topic resource policies allow budgets.amazonaws.com to Publish with appropriate aws:SourceAccount and aws:SourceArn conditions.
Captures API metadata (request IDs/timestamps) at each step to support auditing and troubleshooting.

If you want, I can convert this summary into a checklist you can use during review or extract a short action list of what you’ll be asked to provide during the user-selection step. Which would you prefer?