Agreed. AWS is downright hostile about giving you any idea about what resources you actually have deployed, to the point where it must be deliberately malicious. Even their billing page is terrible for tracing down the root cause of usage with the default configuration.

You have to go into third party tooling if you want any chance of seeing what’s actually going on, especially if there’s any odds of you deploying stuff in another region and even moreso if you have more than 1 account.

At this point, I’d say it should be a best practice of owning 2 AWS accounts, even as a hobbyist: one payer account with a HEAVILY locked down SCP and then a child account with the stuff you’re deploying.