build.allanninal.dev

Part 6 of 7 · Compliance tracker series ~3 min read

What the compliance tracker costs

The tracker is one of the cheapest systems in this whole series. The daily tick reads a CSV from S3, does some date arithmetic, writes a few rows to DynamoDB, and posts a handful of messages to Slack. It calls no models on the tick. Bedrock fires only when somebody attaches a photo or PDF as evidence and once a month for the board summary. At typical SMB volume, the bill is under two dollars a month, fixed cost essentially zero.

Key takeaways

  • Around $1.80/month at typical SMB volume (around 60 recurring tasks).
  • Fixed AWS cost is essentially zero. No always-on compute, no NAT Gateway, no API Gateway.
  • The daily tick costs pennies — no model calls.
  • Bedrock fires only on evidence reading (a few times a month) and the monthly summary.
  • At 200 tasks the bill is around $4. At 600 tasks it’s around $11.

Cost at three volumes

Monthly cost at three task volumes, broken out by component A vertical stacked-bar chart showing monthly cost in US dollars at three task volumes. The leftmost bar represents 60 recurring tasks and shows a total around $1.80, dominated by the everything-else slice (Lambda, DynamoDB, S3, EventBridge Scheduler, CloudWatch) with a tiny sliver for Bedrock and a tiny sliver for Textract. The middle bar represents 200 tasks and shows a total around $4, with the same shape — the everything-else slice grows roughly linearly with task count because the daily tick still reads every task. The rightmost bar represents 600 tasks and shows a total around $11, with everything-else still dominant; Bedrock and Textract stay small in absolute terms because they only fire on the evidence-reading lane (a handful of attached photos or PDFs per month) and the monthly summary. Below the chart is a legend explaining the four sections of each bar: Bedrock (only on evidence reading and monthly summary), Textract (only on attached PDFs and photos), AWS Budgets and Secrets Manager (small fixed amounts), and an everything-else bucket for Lambda runtime, DynamoDB on-demand, S3, EventBridge Scheduler, SES (inbound and outbound), and CloudWatch. A note at the bottom: the daily tick is the dominant cost, and even that is fractions of a cent per task per day. $0 $5 $10 $15 $20 60 tasks ~$1.80 200 tasks ~$4 600 tasks ~$11 Bedrock (evidence reading + monthly summary) Textract (attached photos and PDFs only) AWS Budgets + Secrets Manager (fixed) Everything else (Lambda, DDB, S3, Scheduler, SES, CloudWatch) The daily tick is the dominant cost — and even that is fractions of a cent per task per day.
Fig 6. Monthly cost at three task volumes. Bedrock and Textract are small slivers because they only fire on the evidence-reading lane and the monthly summary. The dominant cost is the everything-else bucket: the daily tick reading every task.

Where the dollars actually go

Lambda runtime (the bulk). The scheduler runs once a day. Each tick reads the task CSV from S3, iterates the rows, computes the next due date for each, and decides on a move. At 60 tasks, that’s a few hundred milliseconds. At 600 tasks it’s under a second. Either way it’s pennies a month. Add the dispatch Lambda firing for each reminder (around five to twenty reminders a month at 60 tasks, fifty to a couple hundred at 600), the Function URL Lambda for done-and-evidence, the calendar-sync and drive-sync Lambdas — the Lambda total still lands under a dollar at all three volumes.

DynamoDB on-demand. Three small tables: ct-reminders, ct-done, ct-audit. Reads are dominant during the daily tick (one read per task per tick, plus cycle history). Writes are reminder events and audit rows. Pennies a month at any of these volumes.

S3 + Storage. The mirrored task CSV plus the evidence files (photos, signed forms, PDFs). A few megabytes total at SMB volume, growing slowly as proof accumulates. Cents a month.

EventBridge Scheduler. The daily tick rule plus deferred reminder rules from quiet-hours and holiday gates. A few invocations a day. Pennies.

SES. Inbound for the forwarding lane: $0.10 per thousand received messages (so a couple of cents a year for an SMB). Outbound for email-fallback reminders: $0.10 per thousand sent. Both are negligible at this scale.

Bedrock (only when something fires it). The daily tick uses no Bedrock. The evidence-reading lane fires Haiku 4.5 once per attached photo or PDF: a few thousand input tokens (the Textract output) and a few hundred output tokens (the one-line summary), so a fraction of a cent per read. At a few attachments a month, Bedrock costs cents. The monthly summary is one larger call: write a paragraph that summarizes the month’s reminders, completions, and overdue items; a couple of cents.

Textract (only on attached photos and PDFs). Per-page pricing; a typical attachment is one to a few pages. A few cents per read. At a few attachments a month, Textract is a few cents. At 600 tasks with twenty attachments per month, it lands around a dollar.

What doesn’t cost money

  • API Gateway. Replaced by Lambda Function URLs for the done-and-evidence endpoints.
  • NAT Gateway. Nothing is in a VPC. No NAT, no $32/month minimum.
  • Always-on compute. No EC2, no Fargate. The tracker sleeps 23.99 hours a day.
  • A Knowledge Base. The task list is structured rows, not free text — deterministic lookup beats vector search here. No embeddings, no Knowledge Base, no S3 Vectors needed.
  • Models on the tick. The daily decision is plain Python. Bedrock fires only on the evidence-reading lane and the monthly summary.

How the cost scales

Lambda runtime grows roughly linearly with task count, because every task is evaluated on every tick. DynamoDB grows linearly too. Bedrock and Textract are uncorrelated with task count — they only fire when somebody attaches evidence or it’s the first of the month. So the bill at 1,500 tasks is around $25; at 3,000 it’s around $50. Past those volumes the daily-tick model probably stops being right (you’d switch to a partial-tick that only evaluates tasks inside the union of all reminder windows), but those are optimizations for very large task lists — not redesigns.

Set an AWS Budgets alarm at $15/month so anything unusual pages you before the bill matters. The tracker’s normal-volume bill stays well under that ceiling.

Last post in the series: the engineering reference. Same system, drawn for engineers — service names, Lambda inventory, IAM scopes, DynamoDB schemas, SES rule set, and EventBridge Scheduler config.

All posts