Every AWS audit we have run in the last two years has produced at least 30% in savings without any performance impact. The savings are not exotic. They come from applying a short list of boring optimizations consistently. Here they are.
1. Right-size EC2 and RDS
The majority of EC2 and RDS instances we audit are running at under 15% CPU. Move them down one size and watch the bill drop. CloudWatch's Compute Optimizer gives you the recommendations for free.
2. Move to Graviton where possible
Graviton (arm64) instances are typically 20% cheaper and often faster for common workloads. Most modern Node.js, Python, and Java services run on Graviton without any code change.
3. Savings Plans and Reserved Instances
If you have any steady baseline usage, a 1-year Compute Savings Plan at no upfront saves 25–30% immediately. This is the single highest-leverage action in any audit.
Only commit to what you are confident will run for 12+ months. Leave burst capacity on on-demand pricing.
4. Kill idle resources
- Unused EBS volumes attached to deleted instances
- Old RDS snapshots and EBS snapshots past retention
- Elastic IPs not attached to a running resource
- NAT Gateways in dev/staging that should be shut off overnight
5. S3 lifecycle policies
Move data older than 30 days to Standard-IA, older than 90 to Glacier Instant Retrieval, and truly archival to Glacier Deep Archive. Set it once in Terraform and forget.
6. CloudWatch log retention
The default retention for CloudWatch Logs is "Never Expire." On a busy system this gets expensive fast. Set retention to 30–90 days for app logs and ship long-term logs to S3.
7. NAT Gateway data transfer
NAT Gateway charges per GB processed are the silent killer of AWS bills. Use VPC endpoints for S3, DynamoDB, and ECR. For cross-AZ traffic, audit which services actually need NAT and route the rest through VPC endpoints or private subnets correctly.
8. Spot for non-critical workloads
CI runners, batch jobs, and stateless background workers should run on Spot. Savings of 60–90% versus on-demand, with very low interruption rates for most instance families.
9. CloudFront + caching
Pushing static assets and cacheable API responses through CloudFront reduces both compute load and egress bandwidth cost. Measure your cache hit ratio — under 80% usually means the cache policy needs tuning.
10. Tag everything, then track it
Cost allocation tags + Cost Explorer let you see which service, environment, or team is spending what. You cannot optimize what you cannot attribute. Enforce tags via SCPs or Terraform policy.
Putting it all together
Do not try to do all ten at once. Run Cost Explorer for a week, pick the three biggest line items, and apply the relevant optimizations. Savings compound — every audit we run finds another 10% after the last one.
← Back to blog