Developer L. Cordero discovered a $31 AWS charge on the Clew Directive project, a tool designed for generating personalized AI learning paths. Despite receiving only 14 visits last month, the application faced unexpected costs that prompted an investigation using Amazon Q and Claude. Initial analysis of the bill indicated usage of Claude Sonnet, a model more expensive than the Amazon Nova 2 Lite and Nova Micro versions actually deployed in the project's repository.

Investigation using Amazon Q revealed that the costs were not traffic-related but originated from 28 million tokens of usage between May 24 and May 25, during Memorial Day weekend. The spending pattern consisted of 4.1 million cached write tokens ($15.33), 23.8 million cached read tokens ($7.14), 346,000 output tokens ($5.20), and 120,000 input tokens ($0.36). This high-cache usage signature was characteristic of an agent reasoning over a large, fixed context, which contrasted with the stateless operation of Clew Directive.

The true source of the charges was identified as Vigil Crest, a separate challenge-triage agent developed by Cordero during the same weekend. Vigil Crest utilizes Claude Sonnet and resides on the same EC2 infrastructure as Clew Directive, using an assumed IAM role that incurred costs assigned by AWS to the wrong project. The troubleshooting process highlighted that Amazon Q successfully retrieved CloudTrail and cost data but repeatedly misattributed the narrative to the wrong application. Conversely, Claude assisted in verifying technical inconsistencies by cross-referencing code logic and pricing models, forcing a correction of the narrative. Cordero concluded that the incident resulted from a misunderstanding of how AWS aggregates account-level Bedrock costs and a failure to distinguish between actual infrastructure usage and project tagging assumptions.

Developer L. Cordero discovered a $31 AWS charge on the Clew Directive project, a tool designed for generating personalized AI learning paths. Despite receiving only 14 visits last month, the application faced unexpected costs that prompted an investigation using Amazon Q and Claude. Initial analysis of the bill indicated usage of Claude Sonnet, a model more expensive than the Amazon Nova 2 Lite and Nova Micro versions actually deployed in the project's repository.

Investigation using Amazon Q revealed that the costs were not traffic-related but originated from 28 million tokens of usage between May 24 and May 25, during Memorial Day weekend. The spending pattern consisted of 4.1 million cached write tokens ($15.33), 23.8 million cached read tokens ($7.14), 346,000 output tokens ($5.20), and 120,000 input tokens ($0.36). This high-cache usage signature was characteristic of an agent reasoning over a large, fixed context, which contrasted with the stateless operation of Clew Directive.

The true source of the charges was identified as Vigil Crest, a separate challenge-triage agent developed by Cordero during the same weekend. Vigil Crest utilizes Claude Sonnet and resides on the same EC2 infrastructure as Clew Directive, using an assumed IAM role that incurred costs assigned by AWS to the wrong project. The troubleshooting process highlighted that Amazon Q successfully retrieved CloudTrail and cost data but repeatedly misattributed the narrative to the wrong application. Conversely, Claude assisted in verifying technical inconsistencies by cross-referencing code logic and pricing models, forcing a correction of the narrative. Cordero concluded that the incident resulted from a misunderstanding of how AWS aggregates account-level Bedrock costs and a failure to distinguish between actual infrastructure usage and project tagging assumptions.