How to design an automated kill switch for an Athena data platform that disables service credentials within seconds of a scan threshold breach. What I Built This system provides an automated response to excessive AWS Athena scan costs generated by external services. It monitors Athena workgroup metrics and immediately revokes IAM access keys when pre-defined data processing thresholds are exceeded, preventing unmonitored cost spikes without requiring human intervention. System Architecture The architecture is composed of four distinct layers operating in sequence to monitor, route, and execute the revocation. Athena Workgroups - Dedicated workgroups for PowerBI and OpenMetadata that enforce a 1 GB per-query scan cutoff and publish CloudWatch metrics. CloudWatch Alarms - Three independent alarms monitoring the OpenMetadata workgroup for sustained high usage, high failure rates, and rapid consumption spikes.…