Home/AWS Cost Optimization
GUIDE · UPDATED MAY 2026

AWS Cost Optimization in 2026: The Complete Guide to Reducing Your AWS Bill

10 strategies that actually reduce your AWS bill plus the full list of all 123 detection rules CostPatrol implements. Real scan data. Dollar amounts. CLI commands you can run today.

By Mohamed Shehabeldin, Founder of CostPatrol · 10 years AWS infrastructure engineering

Published February 2026 · Last updated May 2026 · Based on production AWS scans
$284/mo
Found in 1 region, 60 seconds
$1,112/mo
Found across 7 regions
$6,496/mo
Aurora consolidation alone
Contents
  1. What is AWS cost optimization?
  2. Why AWS bills grow out of control
  3. 10 strategies that reduce your bill
  4. AWS cost optimization tools
  5. Quick-start checklist
  6. FAQ

What is AWS cost optimization?

AWS cost optimization means paying only for the cloud resources you actually use. Not the resources someone spun up six months ago and forgot. Not the oversized database running at 3% CPU. Not the NAT Gateway silently processing $400/month in traffic that could route for free.

Every AWS account accumulates waste. Developers create test environments and move on. Default configurations stay in place because nobody revisits them. Storage tiers from 2020 remain unchanged even though cheaper options exist. The result is a monthly bill that grows 15-30% faster than actual usage.

Cost optimization is not about cutting corners. It is about eliminating waste so your budget goes toward resources that actually run your product. The savings are usually significant. Gartner estimates that organizations waste 27% of their cloud spend on average. In real scans, we consistently find 20-35% in recoverable waste.

Why AWS bills grow out of control

There are five patterns that cause AWS bills to creep up silently.

Orphaned resources

When you terminate an EC2 instance, its EBS volumes do not automatically delete unless you set DeleteOnTermination. Most teams do not. The result: volumes sit unattached for months or years, costing $0.10/GB/month (gp2) with zero purpose. In one production scan, we found an EBS volume unattached for 1,790 days costing $50/month. That is $2,950 burned on nothing.

Default configurations

AWS defaults are designed for correctness, not cost. CloudWatch log groups default to never expire. EBS volumes default to gp2 even though gp3 is 20% cheaper with better performance. RDS instances default to Multi-AZ even for development workloads. Every default left in place is money left on the table.

Over-provisioning

Teams pick an instance size during initial deployment and never revisit it. Traffic patterns change. Codebases get optimized. But the db.r5.2xlarge keeps running at 8% CPU because nobody wants to risk a resize. Across a fleet of RDS and EC2 instances, over-provisioning alone can account for 30-40% of compute spend.

Hidden data transfer costs

NAT Gateway charges $0.045 per GB of processed data. If your Lambda functions or ECS tasks call S3 or DynamoDB through a NAT Gateway, you are paying data processing fees for traffic that could route through a free VPC Gateway Endpoint. One scan found $1,112/month in waste, with NAT Gateway as the largest single contributor.

No automated monitoring

AWS Cost Explorer shows aggregate spend. It does not alert you when someone spins up an RDS instance in a test account and forgets about it. Without automated scanning, waste accumulates silently until someone notices the bill went up 40% and spends a week manually auditing every resource.

Want to know exactly how much waste is in your account?

Get free scan
Read-only access · Results in 2 minutes · Free under $5K/mo

10 strategies that actually reduce your AWS bill

Ordered by impact. Start at the top and work down. Each strategy includes a CLI command you can run right now.

Strategy 1

Delete orphaned EBS volumes

Common waste: $50-500/mo per account

Unattached EBS volumes are the most common source of waste in every AWS account. They accumulate silently because EC2 termination does not delete attached volumes by default.

Find all unattached volumes in your account:

aws ec2 describe-volumes \ --filters Name=status,Values=available \ --query "Volumes[].{ID:VolumeId,Size:Size,Created:CreateTime}" \ --output table

Snapshot anything you might need, then delete. Every unattached volume costs $0.10/GB/month (gp2) or $0.08/GB/month (gp3) with zero benefit.

Real result: $284/mo recovered from one region by cleaning up EBS volumes unattached for 1,790+ days.

Strategy 2

Right-size and consolidate RDS instances

Common waste: $200-6,500/mo per account

RDS is typically the second-largest line item after EC2. The most common problems: instances running at under 10% CPU utilization, databases provisioned as Multi-AZ for development workloads, and cluster sprawl where 17 small databases should be 2 or 3.

Check CPU utilization across your RDS fleet:

aws cloudwatch get-metric-statistics \ --namespace AWS/RDS \ --metric-name CPUUtilization \ --dimensions Name=DBInstanceIdentifier,Value=YOUR_INSTANCE \ --start-time $(date -u -d '14 days ago' +%Y-%m-%dT%H:%M:%S) \ --end-time $(date -u +%Y-%m-%dT%H:%M:%S) \ --period 86400 --statistics Average \ --output table

If average CPU is under 10% over 14 days, you are almost certainly over-provisioned. Drop one or two instance size classes.

Real result: $6,496/mo saved by consolidating 17 Aurora PostgreSQL clusters into 2.

Strategy 3

Replace NAT Gateway with VPC Gateway Endpoints

Common waste: $100-800/mo per VPC

NAT Gateway charges $0.045/GB for data processing. If your workloads in private subnets call S3 or DynamoDB, that traffic routes through NAT Gateway by default. VPC Gateway Endpoints route the same traffic for $0.

Check how much your NAT Gateways process:

aws cloudwatch get-metric-statistics \ --namespace AWS/NATGateway \ --metric-name BytesOutToDestination \ --dimensions Name=NatGatewayId,Value=YOUR_NAT_GW_ID \ --start-time $(date -u -d '30 days ago' +%Y-%m-%dT%H:%M:%S) \ --end-time $(date -u +%Y-%m-%dT%H:%M:%S) \ --period 2592000 --statistics Sum \ --output json

Add S3 and DynamoDB Gateway Endpoints to every VPC with private subnets. There is no downside. They are free, have no bandwidth limits, and reduce latency.

Real result: Largest single finding in a 7-region scan. NAT Gateway data processing was the top cost driver.

Strategy 4

Migrate EBS volumes from gp2 to gp3

Savings: 20% per volume

gp3 volumes cost $0.08/GB/month vs $0.10/GB/month for gp2. gp3 also provides 3,000 baseline IOPS and 125 MB/s throughput included in the price. gp2 provides 100 IOPS per GB with no baseline throughput guarantee. gp3 is cheaper AND faster for most workloads.

Find all gp2 volumes:

aws ec2 describe-volumes \ --filters Name=volume-type,Values=gp2 \ --query "Volumes[].{ID:VolumeId,Size:Size,State:State}" \ --output table

Migrate with zero downtime using aws ec2 modify-volume --volume-type gp3. The migration is live and does not require detaching the volume.

Strategy 5

Set CloudWatch log retention policies

Savings: $0.03/GB/month in perpetuity

CloudWatch Logs charge $0.03/GB/month for storage. The default retention is never expire. This means every log group grows forever. A Lambda function logging 1 GB/month accumulates 12 GB after a year, 60 GB after five years, costing $1.80/month for logs nobody will ever read.

Find log groups with no retention policy:

aws logs describe-log-groups \ --query "logGroups[?!retentionInDays].{Name:logGroupName,StoredBytes:storedBytes}" \ --output table

Set 30-day retention for most log groups. Use 90 days for production workloads where you need historical debugging. Anything older should go to S3 if you need long-term archival.

Strategy 6

Release unused Elastic IPs

Savings: $3.65/mo per unused EIP

Since February 2024, AWS charges $0.005/hour for ALL public IPv4 addresses, including Elastic IPs attached to running instances. But unassociated Elastic IPs are the easiest to eliminate: they serve no purpose and cost $3.65/month each.

aws ec2 describe-addresses \ --query "Addresses[?!InstanceId && !NetworkInterfaceId].{IP:PublicIp,AllocID:AllocationId}" \ --output table

Release every Elastic IP that is not associated to a running resource. If a team member reserved it "just in case," the IP address will be different on next allocation anyway.

Strategy 7

Clean up idle load balancers

Savings: $16-25/mo per idle ALB/NLB

Application Load Balancers cost a minimum of $16.20/month even with zero traffic ($0.0225/hour). Network Load Balancers cost $16.20/month as well. Load balancers left behind after decommissioning services accumulate quietly.

aws elbv2 describe-load-balancers \ --query "LoadBalancers[].{Name:LoadBalancerName,ARN:LoadBalancerArn,Type:Type}" \ --output table

Check each ALB's RequestCount metric and each NLB's ActiveFlowCount metric over the past 14 days. Zero traffic means safe to delete.

Strategy 8

Terminate stopped EC2 instances

Savings: EBS charges ($8-100+/mo per instance)

Stopped EC2 instances do not incur compute charges. But their EBS volumes keep billing. A stopped instance with a 500 GB gp2 root volume costs $50/month in storage alone. And since the instance is stopped, nobody notices.

aws ec2 describe-instances \ --filters Name=instance-state-name,Values=stopped \ --query "Reservations[].Instances[].{ID:InstanceId,Type:InstanceType,Stopped:StateTransitionReason}" \ --output table

For each stopped instance: if it has been stopped for more than 14 days and nobody claims ownership, create an AMI (which snapshots the volumes), then terminate the instance. You can always relaunch from the AMI.

Strategy 9

Delete old EBS snapshots

Savings: $0.05/GB/month per stale snapshot

EBS snapshots cost $0.05/GB/month. Automated backup tools often create daily snapshots without a retention policy. After a year, you might have 365 snapshots of the same volume, each storing incremental changes. The source volume may have been deleted months ago.

aws ec2 describe-snapshots --owner-ids self \ --query "Snapshots[?StartTime<='$(date -u -d '90 days ago' +%Y-%m-%d)'].{ID:SnapshotId,Size:VolumeSize,Created:StartTime,VolumeId:VolumeId}" \ --output table

Cross-reference snapshot VolumeIds against active volumes. If the source volume no longer exists and the snapshot is older than your retention requirement, delete it.

Strategy 10

Automate with daily scans

Prevents new waste from accumulating

Manual audits catch waste once. Automated daily scans catch it within 24 hours of creation. The difference between finding an idle RDS instance on day 1 vs day 90 is $1,440 in unnecessary spend for a db.r5.large.

Options for automated scanning:

AWS native: AWS Trusted Advisor runs checks automatically but requires Business Support ($29+/month per account) for cost optimization checks. It provides generic recommendations without fix commands.

Third-party: CostPatrol runs 123 detection rules daily and delivers findings to Slack with exact CLI fix commands and dollar amounts. It also detects cost anomalies every 6 hours. Free for accounts under $5K/month.

See our comparison of 12 AWS cost optimization tools for a full breakdown.

AWS cost optimization tools

You do not need to run these checks manually every week. The right tool automates detection and delivers findings where your team already works.

AWS native tools (free / included)

AWS Cost Explorer shows what you spent. Filter by service, account, tag, or time period. Good for understanding trends. Does not tell you what to fix.

AWS Trusted Advisor checks for basic optimization opportunities. Requires Business Support ($29+/month per account) for cost checks. Provides generic recommendations. No CLI commands, no Slack delivery, no anomaly detection.

AWS Compute Optimizer analyzes EC2 and Auto Scaling Group utilization and recommends right-sizing. EC2-only. Does not cover RDS, EBS, S3, NAT, or CloudWatch.

Third-party tools

For teams that want automated detection, fix commands, and team-friendly delivery (Slack, email, dashboards), third-party tools fill the gaps.

CostPatrol scans 38+ services, provides exact CLI fix commands with dollar amounts, detects cost anomalies every 6 hours, and delivers findings via Slack. Free under $5K/month. $199/month Pro. Try it free.

Vantage provides multi-cloud cost visibility with dashboards and reports. Free under $2,500/month tracked costs. Starts at $30/month.

CloudHealth (Flexera) is an enterprise governance platform. Minimum ~$45K/year. Best for organizations spending $200K+/month across multiple clouds.

For a detailed comparison with real pricing, see 12 Best AWS Cost Optimization Tools in 2026.

Quick-start checklist

Run through this in order. Most teams find significant savings in the first three items.

1. Delete all unattached EBS volumes (snapshot first if unsure)
2. Right-size any RDS instance under 10% average CPU
3. Add VPC Gateway Endpoints for S3 and DynamoDB in every VPC
4. Migrate all gp2 volumes to gp3 (zero-downtime, live migration)
5. Set retention policies on all CloudWatch log groups
6. Release every unassociated Elastic IP
7. Delete load balancers with zero traffic over 14 days
8. Snapshot and terminate EC2 instances stopped for 14+ days
9. Delete EBS snapshots where the source volume no longer exists
10. Set up automated daily scans to prevent waste from recurring

All 123 AWS Cost Optimization Detection Rules

The full list of optimization rules CostPatrol implements, grouped by AWS service. Every rule scans your AWS account read-only and surfaces findings with dollar amounts and CLI fix commands.

AMI (1)

  • [AMI-O001] Orphaned/Unused AMIs — Detect custom AMIs not used by any running instance or launch template whose backing snapshots incur ongoing storage costs

API Gateway (2)

  • [APIGW-O001] API Gateway Overuse (vs Function URLs/ALB) — Detect REST APIs that could migrate to HTTP APIs for up to 71% cost reduction. REST APIs cost $3.50/million requests vs $1.00/million for HTTP APIs.
  • [APIGW-O002] Unused API Gateway APIs — Detect REST APIs with zero requests over 30 days. Flagged for hygiene ā€” per-request pricing means $0 cost but unused APIs add clutter and security surface area.

AWS Backup (2)

  • [BKP-O001] Empty AWS Backup Vaults — Identify AWS Backup vaults with zero recovery points for cleanup
  • [BKP-O002] Cross-Region Backup in Non-Production — Identify backup plans with cross-region copies on non-production resources

AWS Config (1)

  • [CFG-O001] AWS Config in Unnecessary Regions — Detect AWS Config recorders enabled in regions with no or very few resources, creating unnecessary baseline costs

Architecture (1)

  • [ARCH-O001] Non-Production at Production Scale — Detect non-production EC2 instances using xlarge or larger types that can be downsized

CloudFront (2)

  • [CF-O001] CloudFront Price Class Mismatch — Detect CloudFront distributions using PriceClass_All that could save with a restricted price class
  • [CF-O002] Lambda@Edge to CloudFront Functions — Detect Lambda@Edge functions on viewer events that could be replaced with CloudFront Functions at 1/6 the price

CloudTrail (1)

  • [CT-O001] Duplicate CloudTrail Trails — Detect multiple active CloudTrail trails logging overlapping management events, creating redundant charges

CloudWatch (3)

  • [CW-O002] Orphaned CloudWatch Alarms — Detect CloudWatch alarms in INSUFFICIENT_DATA state that likely reference deleted resources
  • [CW-O003] CloudWatch Metric Streams Unfiltered — Identify CloudWatch Metric Streams that push all namespaces without include/exclude filters, incurring unnecessary cost
  • [CW-O004] Custom Metrics Audit — Detect namespaces with >100 custom metrics that may be driving up CloudWatch costs

CloudWatch Logs (3)

  • [CWL-O001] Excessive Log Retention — Identify CloudWatch Log Groups with retention > 30 days or never expires
  • [CWL-O002] Lambda Dual-Write Logging (CW + External APM) — Identify Lambda functions using an external APM extension (Datadog, New Relic, etc.) that are also writing logs to CloudWatch, paying double ingestion costs
  • [CWL-O003] CloudWatch Logs Ingestion Drivers — Detect log groups with >10GB stored and no retention policy that drive up storage costs

Compute Optimizer (1)

  • [CO-O001] Compute Optimizer Right-Sizing — Surface AWS Compute Optimizer OVER_PROVISIONED recommendations for EC2 instances

Data Transfer (2)

  • [DT-O001] Cross-Region Data Transfer Optimization — Detect high cross-region data transfer costs and recommend architectural optimizations
  • [DT-O002] Cross-AZ Data Transfer Optimization — Detect high cross-AZ data transfer costs and recommend co-location or caching strategies

DocumentDB (1)

  • [DOCDB-O001] DocumentDB I/O-Optimized Eligibility — Detect DocumentDB clusters where I/O costs are high enough to benefit from I/O-Optimized storage

DynamoDB (7)

  • [DDB-001] Over-Provisioned DynamoDB Tables — Detect DynamoDB tables with provisioned capacity using less than 30% of allocated
  • [DDB-002] On-Demand to Provisioned Migration — Detect on-demand DynamoDB tables with steady traffic that would be cheaper on provisioned capacity
  • [DDB-003] Unused DynamoDB Tables — Detect DynamoDB tables with zero read/write activity for 14 days
  • [DDB-004] Unused Global Secondary Indexes — Detect DynamoDB GSIs with zero read activity for 14 days
  • [DDB-005] Standard-IA Table Class Opportunity — Detect DynamoDB tables where Standard-IA class would reduce costs (storage-heavy, low-access)
  • [DDB-006] Missing TTL on Time-Series Data — Detect DynamoDB tables storing time-series data without TTL enabled
  • [DDB-007] PITR on Non-Production Tables — Detect Point-in-Time Recovery enabled on non-production DynamoDB tables

EBS (7)

  • [EBS-O001] GP2 to GP3 EBS Migration — Identify EBS GP2 volumes that can save 20% by migrating to GP3
  • [EBS-O002] Unattached EBS Volumes — Identify EBS volumes not attached to any instance (100% potential savings)
  • [EBS-O003] EBS Snapshot Archiving Opportunity — Identify completed EBS snapshots older than 180 days (>= 100 GB) in standard tier that can be archived for 75% storage cost savings
  • [EBS-O004] Idle Fast Snapshot Restore — Detect EBS snapshots with Fast Snapshot Restore enabled but no meaningful usage
  • [EBS-O005] GP3 Over-Provisioned IOPS/Throughput — Detect gp3 volumes paying for extra IOPS/throughput that is consistently underutilized
  • [EBS-O006] Stale EBS Snapshots — Identify orphaned (source volume deleted, age >30d) or aged (>90d) EBS snapshots without lifecycle management
  • [EBS-O007] EBS Low I/O Volumes — Identify io1/io2 volumes where actual IOPS usage is below 30% of provisioned capacity

EC2 (8)

  • [EC2-O001] EC2 Previous-Generation Instance Types — Identify EC2 instances running older, less cost-effective instance types
  • [EC2-O002] Idle EC2 Instances — Detect EC2 instances with consistently very low CPU utilization (< 5% max over 14 days)
  • [EC2-O003] EC2 Graviton Migration — Identify running x86 EC2 instances with Graviton (ARM) equivalents for 20-40% savings
  • [EC2-O004] Non-Production Scheduling (Off-Hours) — Detect non-production EC2 instances running 24/7 without an off-hours schedule, where savings of ~65% are achievable by stopping them outside business hours
  • [EC2-O005] EC2 Detailed Monitoring Enabled — Detect running EC2 instances with detailed monitoring enabled at $2.10/instance/month
  • [EC2-O006] Spot Instance Opportunity — Detect on-demand EC2 instances in Auto Scaling groups that could use Spot for 60-90% savings
  • [EC2-O007] Stopped EC2 with Attached Storage — Detect stopped EC2 instances still incurring EBS and associated Elastic IP costs
  • [EC2-O008] Oversized EC2 Instances — Detect EC2 instances that can be rightsized one size down based on low CPU usage

ECR (1)

  • [ECR-O001] ECR Missing Lifecycle Policy — Detect ECR repositories without lifecycle policies that are accumulating stale images and driving up storage costs

ECS (3)

  • [ECS-O002] ECS Fargate ARM64 Migration — Identify ECS Fargate services running on X86_64 that could save ~20% by migrating to ARM64 (Graviton)
  • [ECS-O003] ECS Fargate Ephemeral Storage Oversizing — Detect ECS Fargate services with ephemeral storage allocated above the free 20 GiB default, where reducing the allocation could save on per-GB-hour charges
  • [ECS-O004] ECS Service Right-Sizing — Detect ECS Fargate services with CPU and memory utilization below 30% that can be downsized

EFS (2)

  • [EFS-O001] EFS Lifecycle to Infrequent Access Missing — Identify EFS filesystems without lifecycle policies for transitioning data to Infrequent Access
  • [EFS-O002] EFS Provisioned Throughput Underutilization — Identify EFS filesystems with provisioned throughput where actual usage is below 50% of provisioned capacity

EKS (2)

  • [EKS-O001] EKS Extended Support Penalty — Detect EKS clusters running Kubernetes versions in extended support, which incur a 6x control plane cost ($0.60/hr vs $0.10/hr)
  • [EKS-O002] Idle EKS Clusters — Detect EKS clusters with no nodegroups or all nodegroups at 0 desired capacity

EMR (1)

  • [EMR-O001] EMR Idle/Long-Running Clusters — Detect EMR clusters in WAITING state (idle) or running for extended periods

ElastiCache (3)

  • [EC-O001] ElastiCache Idle Clusters — Detect ElastiCache clusters with zero connections over 14 days that can be deleted
  • [EC-O002] ElastiCache Graviton Migration — Detect ElastiCache clusters on Intel node types with Graviton equivalents for 10-20% savings
  • [EC-O003] ElastiCache Valkey Migration — Detect ElastiCache Redis clusters that could migrate to Valkey for ~20% savings

Elastic IP (2)

  • [EIP-O001] Orphaned Elastic IPs — Detect Elastic IP addresses not associated with any resource
  • [EIP-O002] Elastic IP on Stopped EC2 — Detect Elastic IP addresses attached to stopped EC2 instances

Elastic Load Balancing (4)

  • [ELB-O001] Idle Load Balancers — Identify ALB/NLB with no healthy targets or zero traffic over 14 days
  • [ELB-O002] ALB/NLB Sprawl (Consolidation) — Identify VPCs with 5+ ALBs/NLBs of the same scheme that could be consolidated to reduce base costs
  • [ELB-O003] Classic Load Balancer Migration — Identify Classic Load Balancers (CLBs) that should be migrated to ALB or NLB for cost savings and improved features
  • [ELB-O004] Underutilized Load Balancers — Identify ALB/NLB with fewer than 100 average daily requests/flows over the past 7 days

Glue (2)

  • [GLU-O001] Glue Development Endpoints Left Running — Detect Glue Development Endpoints in READY state that have not been modified in over 3 days. These endpoints incur continuous DPU charges and are typically forgotten after interactive development.
  • [GLU-O002] Glue Job DPU Oversizing — Detect Glue jobs with high DPU allocation but low actual utilization in recent runs

Governance (2)

  • [GOV-O001] Missing Budget Alerts — Detect AWS accounts without any budget alerts configured for cost visibility
  • [GOV-O002] Missing Cost Allocation Tags — Detect accounts where cost allocation tags are not activated, making spend attribution impossible

GuardDuty (1)

  • [GD-O001] GuardDuty Optional Features Audit — Detect GuardDuty detectors with all optional features enabled that may not all be needed

KMS (1)

  • [KMS-O001] Unused KMS Keys — Detect customer-managed KMS keys with no active grants

Keyspaces (1)

  • [KSP-O001] Keyspaces Table Storage Growth — Detect Keyspaces tables using on-demand mode with potential for provisioned capacity or storage optimization

Kinesis (1)

  • [KIN-O001] Kinesis Data Streams Provisioned Underutilization — Detect provisioned Kinesis streams with low utilization that can be downsized or switched to on-demand

Lambda (5)

  • [LAM-O001] Lambda ARM64 Migration — Identify Lambda functions running on x86 that could save 20% by migrating to ARM64 (Graviton2)
  • [LAM-O002] Lambda Memory Right-Sizing — Identify over-provisioned Lambda functions that could reduce memory allocation
  • [LAM-O003] Lambda Unused Functions — Detect Lambda functions with zero invocations over 30 days that have not been modified recently
  • [LAM-O004] Lambda Long Timeout — Detect Lambda functions with timeout >= 5 minutes where p99 duration uses < 30% of the timeout, suggesting timeout reduction or architectural changes
  • [LAM-O005] Lambda Provisioned Concurrency Waste — Detect Lambda functions with underutilized provisioned concurrency (< 50% utilization over 7 days)

MSK (2)

  • [MSK-O001] MSK Graviton Broker Family Upgrade — Detect MSK clusters using non-Graviton broker types that can migrate to Graviton for 10-24% savings
  • [MSK-O002] MSK Cluster Overprovisioning — Detect MSK clusters with low average CPU utilization across brokers indicating overprovisioning

MemoryDB (1)

  • [MDB-O001] MemoryDB Reserved Nodes Opportunity — Detect on-demand MemoryDB nodes without Reserved Instance coverage that could save 30-50%

NAT Gateway (2)

  • [NAT-O001] NAT Gateway vs VPC Endpoints — Identify NAT Gateways that could save costs with free VPC Gateway Endpoints for S3/DynamoDB
  • [NAT-O002] Redundant NAT Gateways (Single-AZ Consolidation) — Identify VPCs in non-production environments with multiple NAT Gateways that could be consolidated into one, and flag orphaned NAT Gateways with no route table references.

Neptune (1)

  • [NPT-O001] Neptune I/O-Optimized Eligibility — Detect Neptune clusters where I/O costs are high enough to benefit from I/O-Optimized storage

OpenSearch (2)

  • [OS-O001] OpenSearch Reserved Instance Opportunity — Detect OpenSearch domains running on-demand without RI coverage for potential 31-48% savings
  • [OS-O002] OpenSearch Idle/Oversized Domains — Detect OpenSearch domains with zero activity (idle) or low CPU utilization (oversized)

PrivateLink (1)

  • [VPE-O001] PrivateLink Interface Endpoint Idle ENI-Hours — Detect VPC interface endpoints with zero bytes processed that are wasting ENI-hours

Public IPv4 (1)

  • [IPV4-O001] Public IPv4 Audit — Detect potentially unnecessary public IPv4 addresses that incur avoidable charges

RDS (14)

  • [RDS-O001] Idle RDS Instances — Detect RDS instances with zero connections or low utilization (low CPU, low IOPS, few connections) over 14 days
  • [RDS-O002] RDS Storage Auto-Growth Runaway — Detect RDS instances with storage auto-scaling enabled that are either approaching the MaxAllocatedStorage ceiling or significantly over-provisioned relative to actual usage
  • [RDS-O003] RDS Backup Storage Overage — Detect stale manual snapshots and excess automated backup retention that increases RDS backup spend
  • [RDS-O004] RDS Multi-AZ on Non-Production Instances — Detect Multi-AZ enabled on non-production RDS instances ā€” Multi-AZ doubles the instance cost
  • [RDS-O005] RDS Cluster Sprawl — Detect multiple RDS clusters or instances of the same engine and environment in a region that could be consolidated
  • [RDS-O006] RDS GP2 to GP3 Storage Migration — Detect RDS instances using gp2 storage that should migrate to gp3 for better baseline IOPS and no burst credit concerns
  • [RDS-O007] RDS Oversized Instances (Right-Sizing) — Detect RDS instances with low CPU and connection utilization over 14 days that can be downsized to save cost
  • [RDS-O008] RDS Extended Support Charge Exposure — Detect RDS instances on engine versions in or approaching Extended Support with per-vCPU-hour charges
  • [RDS-O009] RDS/Aurora I/O-Optimized Eligibility — Detect Aurora clusters where I/O costs justify switching to I/O-Optimized storage (aurora-iopt1)
  • [RDS-O010] Burstable RDS CPU Credit Overcharges — Detect burstable RDS instances incurring surplus CPU credit charges from sustained bursting
  • [RDS-O011] Unused RDS Read Replicas — Detect read replicas with zero DatabaseConnections over 14 days that can be deleted
  • [RDS-O012] RDS Previous-Generation Instance Types — Detect RDS/Aurora instances on previous-generation families (db.r4, db.m4, db.t2, etc.) that can migrate to current-gen for better price/performance
  • [RDS-O013] RDS Graviton Migration — Detect RDS/Aurora instances on current-gen Intel families (db.m5, db.m6i, db.r5, db.r6i) that can migrate to Graviton for 10-20% savings
  • [RDS-O014] Aurora Serverless v2 Opportunity — Detect provisioned Aurora clusters with variable/low off-peak usage that would be cheaper on Aurora Serverless v2

Redshift (3)

  • [RS-O001] Redshift Serverless Reservations Opportunity — Detect Redshift Serverless workgroups with consistent base RPU usage that could benefit from reserved capacity
  • [RS-O002] Redshift Cluster Always-On / Idle Runtime — Detect idle Redshift clusters with zero connections that can be paused or migrated to serverless
  • [RS-O003] Redshift DC2/DS2 Modernization to RA3 — Detect Redshift clusters using legacy dc2/ds2 node types that should migrate to RA3

Reserved Instances (3)

  • [RI-O001] Reserved Instance Coverage Gaps — Detect instance types with low RI coverage and high on-demand spend
  • [RI-O002] Reserved Instance Utilization Waste — Detect Reserved Instances with low utilization (unused RI spend)
  • [RI-O003] RI Purchase Recommendations — Surface Cost Explorer RI purchase recommendations for EC2 compute

Route 53 (2)

  • [R53-O001] Route 53 CNAME to Alias — Detect CNAME records pointing to AWS resources that should be Alias records (free queries)
  • [R53-O002] Route 53 Hosted Zone Sprawl / Empty Zones — Detect Route 53 hosted zones with only default records (NS + SOA) that cost $0.50/month each

S3 (6)

  • [S3-O001] S3 Missing Lifecycle Rules — Identify large S3 buckets (> 100GB) without lifecycle policies for cost optimization
  • [S3-O002] S3 KMS Bucket Keys Missing — Detect S3 buckets using SSE-KMS encryption without S3 Bucket Keys, which reduces KMS API calls by ~99%
  • [S3-O003] S3 Versioned Bucket Noncurrent Bloat — Detect versioned buckets with noncurrent-object lifecycle gaps that can drive avoidable storage growth
  • [S3-O004] S3 Empty Buckets — Identify S3 buckets with zero objects for cleanup
  • [S3-O005] S3 Intelligent-Tiering Missing — Identify large S3 buckets (>100GB) in STANDARD storage without Intelligent-Tiering configuration
  • [S3-O006] S3 Incomplete Multipart Uploads — Detect buckets with stale incomplete multipart uploads and missing abort lifecycle controls

SageMaker (1)

  • [SGM-O001] SageMaker Idle Notebook Instances — Detect SageMaker notebook instances with low CPU utilization (< 5% max over 7 days)

Savings Plans (3)

  • [SP-O001] Savings Plans Coverage Gaps — Detect low Savings Plans coverage with high eligible spend
  • [SP-O002] Savings Plans Underutilization — Detect Savings Plans with low utilization (stranded commitment spend)
  • [SP-O003] Savings Plans Purchase Recommendations — Surface Cost Explorer Savings Plans purchase recommendations for compute workloads

Step Functions (1)

  • [SFN-O001] Step Functions Standard vs Express Mismatch — Detect Standard state machines that could save ~30% by switching to Express (high-volume, short-duration)

Systems Manager (1)

  • [SSM-O001] Secrets Manager to SSM Migration — Detect Secrets Manager secrets that could be cheaper as SSM SecureString parameters ($0.40/secret/mo savings)

Tagging (1)

  • [TAG-O001] Untagged EC2 Instances — Detect running EC2 instances missing all standard governance tags (Name, Environment, Team, CostCenter, Project)

Timestream (1)

  • [TS-O001] Timestream Memory Store Retention Oversizing — Detect Timestream tables with excessive memory store retention that should be reduced

Transfer Family (1)

  • [TF-O001] Transfer Family Idle SFTP Endpoints — Detect AWS Transfer Family servers with no file transfer activity over 14 days, indicating idle endpoints billed at $0.30/hr

Transit Gateway (1)

  • [TGW-O001] Transit Gateway Idle / Over-Engineered — Detect Transit Gateways with 0 or 1 attachments that are idle or unnecessary

VPC (1)

  • [VPC-O001] VPC Flow Logs Over-Scoping — Detect flow logs using expensive destinations (CloudWatch Logs vs S3), overly broad traffic filters, or VPC-level scope

VPN (1)

  • [VPN-O001] Inactive Site-to-Site VPN Connections — Identify Site-to-Site VPN connections where both tunnels are DOWN, indicating the connection is inactive and incurring unnecessary charges

Frequently asked questions

What is the best AWS cost optimization tool?

CostPatrol is a free AWS cost optimization tool that scans 38+ AWS services with 123 expert-encoded detection rules. CostPatrol identifies cost anomalies within 24 hours, prioritizes findings by monthly impact, and delivers copy-paste CLI fix commands to Slack daily. Read-only access via CloudFormation, no write permissions ever. Free under $5K/month AWS spend, $199/mo Pro for daily scans across up to 20 accounts. CostPatrol detects waste that AWS Cost Explorer and Trusted Advisor miss: orphaned EBS volumes, idle RDS instances, NAT Gateway sprawl, missing S3 lifecycle policies, and gp2-to-gp3 migration savings.

How much can I save with AWS cost optimization?

Most teams save 20-35% on their AWS bill with basic optimization. In real scans, we have found $284/mo from a single region (orphaned EBS volumes, idle RDS), $1,112/mo across 7 regions (NAT Gateway, CloudWatch logs, stale EC2), and $6,496/mo from database consolidation alone. The bigger and older the account, the more waste accumulates.

What is the fastest way to reduce my AWS bill?

Start with idle resources. Unattached EBS volumes, unused Elastic IPs, and stopped-but-billable RDS instances cost money every hour and serve no purpose. These are safe to remove immediately. In one scan, we found an EBS volume unattached for 1,790 days costing $50/month.

Is AWS Cost Explorer enough for cost optimization?

AWS Cost Explorer shows what you spent. It does not tell you what to do about it. Cost Explorer has no detection rules for idle resources, no CLI fix commands, no Slack alerts, and no anomaly detection beyond basic budget thresholds. It is a reporting tool, not an optimization tool. Most teams use it alongside a dedicated optimization tool.

What are the biggest sources of AWS waste?

The most common sources: (1) orphaned EBS volumes from terminated instances, (2) oversized RDS instances under 10% CPU, (3) NAT Gateway data processing when VPC endpoints would cost nothing, (4) CloudWatch log groups with no expiration, (5) idle load balancers with zero connections, (6) EBS volumes still on gp2 when gp3 is 20% cheaper.

How often should I optimize my AWS costs?

At minimum, monthly. But automated daily scans catch waste within 24 hours instead of letting it accumulate. The difference between finding an idle RDS instance on day 1 vs day 90 is $1,440 in unnecessary spend. CostPatrol runs optimization scans daily and anomaly detection every 6 hours.

What AWS services cost the most?

EC2 typically accounts for 40-60% of spend, followed by RDS (10-20%), S3 (5-15%), and data transfer (5-10%). But the highest-waste services are often NAT Gateway (silent data processing fees), CloudWatch (log retention with no expiration), and EBS (orphaned volumes). Nearly every account has waste in EBS and RDS.

Related

12 Best AWS Cost Optimization Tools
Honest comparison with real pricing data. Updated February 2026.
DIY vs Native vs CostPatrol vs Enterprise
Four approaches compared with real cost data.
$284/mo in Hidden Waste
Real scan: orphaned EBS volumes, idle RDS, EIP cleanup.
$6,496/mo in Aurora Savings
17 Aurora clusters consolidated to 2. Real scan data.

See what CostPatrol finds in your account

Free scan. Read-only access. No credit card. Your savings number in 2 minutes.

Find out in 2 minutes