I'd add a cloudwatch alarm keeping track of the number of invocations you expect in a given hour. You can also set a concurrency threshold (a relatively new feature)
At Re:Invent last month, AWS introduced per-function concurrency limits that users can set. It can still rack up charges, but it offers a bit more control than before!
That's where you apply some software developer diligence and do proper testing and monitoring. You're saying right now that regular servers / instances allow developers to be lazy because hey, automatic caps.
Everyone makes mistakes. If a dev deploys something to a server with fixed costs that starts hammering CPU at least we won't be hit by literally thousands of dollars in extra charges.
