Why your AWS bill spiked after low-traffic app launches

After launching a lightweight AI learning-path generator with minimal traffic, one developer received a $31 AWS bill that made no sense. The tool, Clew Directive, averaged just 14 visits per month and used affordable Amazon Nova models—yet the cost tracker blamed expensive Claude Sonnet. A deeper investigation uncovered a surprising truth: the bill wasn’t for the app at all.

A tool innocent of its charges

Clew Directive is a stateless web application that generates personalized PDF learning paths based on user responses. It requires no accounts, databases, or storage, relying solely on AWS’s free-tier Nova models for inference. With such minimal infrastructure, a $31 monthly bill was impossible—yet the numbers didn’t lie.

The discrepancy first appeared in Umami analytics, which logged 14 visits from locations like the US, India, and Singapore, alongside a 93% bounce rate. Most traffic came from search engines and crawlers, not human users. If the app wasn’t causing the surge, something else was.

The model mix-up that misled cost tracking

The AWS cost dashboard initially pointed to Claude Sonnet 4.6 as the culprit. The problem? Clew Directive doesn’t use Sonnet at all. Its agents—Navigator, Scout, and Curator—run on Amazon Nova 2 Lite and Nova Micro, with IAM policies restricting access to Nova ARNs only. A Sonnet call would have been blocked outright.

Further investigation revealed another inconsistency: Amazon Q, an AI assistant used to diagnose the issue, quoted Haiku pricing at a fraction of the actual rate. This pattern—where tools misinterpreted data—highlighted a critical lesson: AI-generated insights must be verified against raw evidence.

Tracing the real source of the bill

The cost breakdown told a different story. Over 28 million tokens were processed across 8 active days, with two days accounting for 70% of the total cost. The shape of the spending was telling:

• Cache writes: 4.1M tokens ($15.33)
• Cache reads: 23.8M tokens ($7.14)
• Output: 346K tokens ($5.20)
• Input: 120K tokens ($0.36)

A web app with 14 visitors couldn’t generate this pattern. Heavy cache writes followed by extensive cache reads suggested an agent repeatedly accessing a large, fixed context. Clew Directive doesn’t use prompt caching, so the culprit had to be something else entirely.

The unexpected suspect: a weekend hackathon project

The breakthrough came when AWS CloudTrail logs revealed a role named vigil-crest-bedrock-role associated with a Claude Sonnet 4.6 model. This wasn’t Clew Directive—it was Vigil Crest, a separate project: an AI agent that triages hackathon challenges on Telegram.

Vigil Crest runs on an always-on EC2 instance (t3.micro) with AWS Bedrock, using the same Claude Sonnet model referenced in the bills. The agent caches a large context—persona prompts, stack configurations, and live challenge feeds—then repeatedly re-reads it during testing. This explained the cache-heavy cost pattern.

Clew Directive had zero commits during the billing period. All activity came from Vigil Crest, which was developed and tested over Memorial Day weekend. The project’s own article, published on May 24, confirmed its timeline. The $31 bill was simply Vigil Crest’s real work, filed under the wrong project name.

Lessons in cost attribution and AI troubleshooting

This incident underscores the importance of precise cost tracking and the limitations of AI-assisted debugging. While Amazon Q provided rapid access to CloudTrail and IAM policies—critical for identifying the role and timestamp—it also misattributed the charges three times. Raw data alone isn’t enough; human verification is essential.

For developers, the takeaway is clear:

• Audit billing anomalies by cross-referencing CloudTrail, Cost Explorer, and IAM policies.
• Recognize that AI tools can misinterpret context, requiring manual validation.
• Separate projects into distinct billing tags to avoid misattribution.

As AI tools become more integrated into workflows, developers must balance automation with scrutiny. The next time an AWS bill spikes unexpectedly, the real culprit might be hiding in plain sight—just outside the intended project.