It is advisable to configure Billing Alarms to identify potential attacks related to bitcoin mining or botnet instance deployments, and other unusual activity in your account.
Alarms should reach an actively monitored email account, SMS or instant messaging.
You can also use AWS Cost Anomaly Detection to detect anomalies using Machine Learning without the need to establish thresholds, configuring alerts and making root cause analysis about costs