How to Track AI Spend on Amazon Bedrock with IAM Cost Allocation
By ● min read
<h2>Introduction</h2>
<p>As organizations accelerate their adoption of AI on Amazon Bedrock, finance and engineering leaders face a familiar challenge: understanding exactly who is spending what. Without granular cost visibility, teams struggle to optimize model usage, allocate budgets, and prove ROI. That’s where the new <strong>IAM principal cost allocation</strong> feature for Amazon Bedrock comes in. This guide walks you through setting it up step by step, so you can map model inference costs back to specific users, roles, or teams. You’ll also learn how to complement this with AWS Agent Registry for agent governance and how to access the cutting-edge <em>Claude Mythos</em> model preview. By the end, you’ll have a clear, actionable path to mastering AI cost management.</p><figure style="margin:20px 0"><img src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2023/08/13/AWS-WIR-default.png" alt="How to Track AI Spend on Amazon Bedrock with IAM Cost Allocation" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px">Source: aws.amazon.com</figcaption></figure>
<h2>What You Need</h2>
<p>Before you begin, ensure you have the following prerequisites:</p>
<ul>
<li>An active <strong>AWS Account</strong> with Amazon Bedrock enabled in at least one region (e.g., us-east-1).</li>
<li>Permissions to create and manage IAM users, roles, and tags (typically <code>iam:*</code> or specific tag-related actions).</li>
<li>Access to the <strong>AWS Billing and Cost Management</strong> console. You’ll need billing administrator privileges to activate tag-based cost allocation.</li>
<li>Familiarity with <strong>AWS Cost Explorer</strong> or the <strong>Cost and Usage Report (CUR)</strong> to analyze the resulting data.</li>
<li>For optional extras: AWS CLI or SDK installed (to interact with Agent Registry) and an approval for the <strong>Project Glasswing</strong> research preview if you wish to use Claude Mythos.</li>
</ul>
<h2>Step-by-Step Instructions</h2>
<h3>Step 1: Identify IAM Users and Roles to Tag</h3>
<p>Start by listing the IAM principals (users or roles) that are accessing Amazon Bedrock. These could be developers building AI agents, data scientists running foundation model evaluations, or automated CI/CD pipelines. Use the IAM console to review existing users and roles, or plan new ones if needed. For each principal, decide on the tags that align with your organizational structure—common examples are <code>team</code>, <code>cost-center</code>, <code>project</code>, or <code>environment</code>.</p>
<h3>Step 2: Apply Tags to IAM Principals</h3>
<p>Navigate to the IAM console and select a user or role. Under the <strong>Tags</strong> tab, add one or more key‑value pairs. For instance:</p>
<ul>
<li><strong>team</strong> : <em>engineering</em></li>
<li><strong>cost-center</strong> : <em>12345</em></li>
</ul>
<p>You can apply tags using the AWS Management Console, AWS CLI (<code>aws iam tag-user</code> or <code>aws iam tag-role</code>), or infrastructure‑as‑code tools. Ensure that the tag keys you choose are consistent across all principals to simplify reporting.</p>
<h3>Step 3: Activate Tags in Billing and Cost Management</h3>
<p>Now go to the <strong>AWS Billing and Cost Management</strong> console. Under <strong>Cost Allocation Tags</strong>, find the tag keys you just created. Select each key and choose <strong>Activate</strong>. This tells AWS to start recording those tag values in your cost data. Activation can take up to 24 hours to take full effect, so plan accordingly. Once active, the tags appear in Cost Explorer and in the detailed Cost and Usage Report.</p>
<h3>Step 4: View AI Costs by Tag</h3>
<p>After activation, open <strong>AWS Cost Explorer</strong>. Create a new report and group by the tag key (e.g., <code>team</code>). You’ll see Bedrock model inference costs broken down by the tagged principals. Alternatively, query your Cost and Usage Report via Athena or QuickSight for deeper analysis. This visibility lets you track spending per team, cost center, or project, answering the key question “who is spending what on AI?”.</p><figure style="margin:20px 0"><img src="https://a0.awsstatic.com/aws-blog/images/Voiced_by_Amazon_Polly_EN.png" alt="How to Track AI Spend on Amazon Bedrock with IAM Cost Allocation" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px">Source: aws.amazon.com</figcaption></figure>
<h3>Step 5: (Optional) Explore AWS Agent Registry for Centralized Governance</h3>
<p>While cost allocation is critical, managing AI agents at scale is another challenge. Amazon Bedrock AgentCore now provides a <strong>private catalog</strong> for agents, tools, and MCP servers. To use it, access the AgentCore Console. You can search semantically or by keyword to discover existing agents, helping teams avoid duplication. Approval workflows and CloudTrail audit trails ensure governance. Integrate the registry with your development workflow via the AWS CLI, SDK, or as an MCP server queryable from IDEs.</p>
<h3>Step 6: (Optional) Request Access to Claude Mythos Preview</h3>
<p>For advanced cybersecurity and reasoning tasks, you can request a gated preview of Anthropic’s <strong>Claude Mythos</strong> model through Amazon Bedrock. This preview, part of Project Glasswing, is limited to allowlisted organizations—priority is given to internet‑critical companies and open‑source maintainers. If your use case involves vulnerability discovery or complex code analysis, submit a request via your AWS account team. Once approved, you can invoke the model using the standard Bedrock API, now with cost visibility from your new tags.</p>
<h2>Tips and Best Practices</h2>
<ul>
<li><strong>Plan your tagging strategy</strong> before you start. Choose tag keys that reflect your chargeback or show‑back model. Avoid personal identifiers—stick to team, project, or cost center.</li>
<li><strong>Automate tag application</strong> using IAM policies that require tags at resource creation. This ensures every new user or role is automatically accounted for.</li>
<li><strong>Monitor cost data regularly</strong>. Set up anomaly detection in Cost Explorer to catch unexpected spikes in Bedrock usage, such as a runaway agent loop.</li>
<li><strong>Combine IAM cost allocation with Agent Registry</strong>. Tag your agents similarly to users, so you can correlate agent‑level spend with the IAM principal that invoked it.</li>
<li><strong>Use the Cost and Usage Report</strong> for advanced analysis. Export it to Amazon S3 and query it with Athena for custom reports—this gives you the most granular data.</li>
<li><strong>Stay informed about preview models</strong> like Claude Mythos. They often require separate tagging considerations; confirm that your IAM principals have the necessary permissions to invoke the model.</li>
</ul>
<p>With these steps, you’re now equipped to bring full cost transparency to your AI initiatives on Amazon Bedrock. No more guesswork—just clear, actionable insights that help you scale AI responsibly.</p>
Tags: