Cost Engineering on AWS: The 80/20 Wins

AWS bills grow by accident. Every engineer has the power to provision, few have the responsibility to deprovision, and the result compounds month over month. A first-pass cost audit on most AWS accounts recovers 15-30% of monthly spend with very little engineering effort.

Audit 1: orphan resources

EBS volumes detached from terminated instances. Elastic IPs not associated with anything. NAT Gateways in unused VPCs. Load balancers with zero registered targets. Snapshots from 2019. Cost Explorer + AWS Trusted Advisor + a half-day of cleanup.

Audit 2: right-sizing compute

Most EC2 fleets are sized for peak load that arrived once in 2022 and never came back. Compute Optimizer recommendations are usually 30-40% smaller than what you are running. Switching c5 to c7g (Graviton) is an additional 15-20% savings for compatible workloads.

Audit 3: storage class for S3

Logs and backups in S3 Standard cost 10x what they need to. Move objects older than 30 days to Standard-IA, older than 90 days to Glacier Instant Retrieval, older than 365 days to Glacier Deep Archive. Lifecycle policies make this automatic.

Audit 4: NAT Gateway data transfer

NAT Gateways charge per GB processed. If your private subnet talks to S3 or DynamoDB, route via VPC Endpoints (Gateway type, free). If you have heavy outbound to AWS APIs, use Interface Endpoints. We have seen single VPCs save $5K/month from this one change.

Audit 5: reserved capacity and Savings Plans

For predictable baseline load, Compute Savings Plans give 30-50% off on-demand for a 1- or 3-year commitment. Most accounts have at least 50% of their compute under a stable baseline. Cost Explorer recommendations show exactly what to commit.

What to install permanently

A monthly cost review meeting with engineering and finance. A budget alert per account. Tags on every resource (Owner, Project, Environment) that the build pipeline enforces. Cost Explorer dashboards by tag. The savings compound; the discipline is what saves the next $5K.