Cost optimization - Amazon Web Services Support
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Cost optimization

You can use the following checks for the cost optimization category.

Amazon EC2 instances over-provisioned for Microsoft SQL Server

Description

Checks your Amazon Elastic Compute Cloud (Amazon EC2) instances that are running SQL Server in the past 24 hours. An SQL Server database has a compute capacity limit for each instance. An instance with SQL Server Standard edition can use up to 48 vCPUs. An instance with SQL Server Web can use up to 32 vCPUs. This check alerts you if an instance exceeds this vCPU limit.

If your instance is over-provisioned, you pay full price without realizing an improvement in performance. You can manage the number and size of your instances to help lower costs.

Estimated monthly savings are calculated by using the same instance family with the maximum number of vCPUs that an SQL Server instance can use and the On-Demand pricing. Actual savings will vary if you’re using Reserved Instances (RI) or if the instance isn’t running for a full day.

Note

Results for this check are automatically refreshed several times daily, and refresh requests are not allowed. It might take a few hours for changes to appear. Currently, you can’t exclude resources from this check.

Check ID

Qsdfp3A4L1

Alert Criteria
  • Red: An instance with SQL Server Standard edition has more than 48 vCPUs.

  • Red: An instance with SQL Server Web edition has more than 32 vCPUs.

Recommended Action

For SQL Server Standard edition, consider changing to an instance in the same instance family with 48 vCPUs. For SQL Server Web edition, consider changing to an instance in the same instance family with 32 vCPUs. If it is memory intensive, consider changing to memory optimized R5 instances. For more information, see Best Practices for Deploying Microsoft SQL Server on Amazon EC2.

Additional Resources
Report columns
  • Status

  • Region

  • Instance ID

  • Instance Type

  • vCPU

  • SQL Server Edition

  • Maximum vCPU

  • Recommended Instance Type

  • Estimated Monthly Savings

  • Last Updated Time

Amazon EC2 Instances Stopped

Description

Checks if there are Amazon EC2 instances that have been stopped for more than 30 days.

You can specify the allowed number of days value in the AllowedDays of Amazon Config parameters.

For more information, see Why am I being charged for Amazon EC2 when all my instances were terminated?

Note

Results for this check are automatically refreshed several times daily, and refresh requests are not allowed. It might take a few hours for changes to appear. Currently, you can’t exclude resources from this check.

Check ID

c18d2gz150

Source

AWS Config Managed Rule: ec2-stopped-instance

Alert Criteria
  • Yellow: There are Amazon EC2 instances stopped for more than the allowed number of days.

Recommended Action

Review the Amazon EC2 instances that have been stopped for 30 days or more. To avoid incuring unnecessary costs, terminate any instances that are no longer needed.

For more information, see Terminate your instance.

Additional Resources
Report columns
  • Status

  • Region

  • Resource

  • Amazon Config Rule

  • Input Parameters

  • Last Updated Time

Amazon S3 Incomplete Multipart Upload Abort Configuration

Description

Checks that each Amazon S3 bucket is configured with a lifecycle rule to abort multipart uploads that remain incomplete after 7 days. Using a lifecycle rule to abort these incomplete uploads and delete the associated storage is recommended.

Note

Results for this check are automatically refreshed one or more times each day, and refresh requests are not allowed. It might take a few hours for changes to appear. Currently, you can’t exclude resources from this check.

Check ID

c1cj39rr6v

Alert Criteria

Yellow: The lifecycle configuration bucket does not contain a lifecycle rule to abort all multipart uploads that remain incomplete after 7 days.

Recommended Action

Review lifecycle configuration for buckets without a lifecycle rule that would cleanup all incomplete multipart uploads. Uploads that are not completed after 24 hours are unlikely to be completed. Click here to follow instructions to create a lifecycle rule. It is recommended that this is applied to all objects in your bucket. If you have a need to apply other lifecycle actions to selected objects in your bucket, you can have multiple rules with different filters. Check the storage lens dashboard or call the ListMultipartUpload API for more information.

Additional Resources

Creating a lifecycle configuration

Discovering and Deleting Incomplete Multipart Uploads to Lower Amazon S3 Costs

Uploading and copying objects using multipart upload

Lifecycle configuration elements

Elements to describe lifecycle actions

Lifecycle configuration to abort multipart uploads

Report columns
  • Status

  • Region

  • Bucket Name

  • Bucket ARN

  • Lifecycle rule for deleting incomplete MPU

  • Days After Initiation

  • Last Updated Time

Idle Load Balancers

Description

Checks your Elastic Load Balancing configuration for load balancers that are idle.

Any load balancer that is configured accrues charges. If a load balancer has no associated back-end instances, or if network traffic is severely limited, the load balancer is not being used effectively. This check currently only checks for Classic Load Balancer type within ELB service. It does not include other ELB types (Application Load Balancer, Network Load Balancer).

Check ID

hjLMh88uM8

Alert Criteria
  • Yellow: A load balancer has no active back-end instances.

  • Yellow: A load balancer has no healthy back-end instances.

  • Yellow: A load balancer has had less than 100 requests per day for the last 7 days.

Recommended Action

If your load balancer has no active back-end instances, consider registering instances or deleting your load balancer. See Registering Your Amazon EC2 Instances with Your Load Balancer or Delete Your Load Balancer.

If your load balancer has no healthy back-end instances, see Troubleshooting Elastic Load Balancing: Health Check Configuration.

If your load balancer has had a low request count, consider deleting your load balancer. See Delete Your Load Balancer.

Additional Resources
Report columns
  • Region

  • Load Balancer Name

  • Reason

  • Estimated Monthly Savings

Inactive Amazon Network Firewall

Description

Checks your Amazon Network Firewall endpoints and alerts you when the Network Firewall appears to be inactive.

A Network Firewall is considered to be inactive if all its endpoints have no data processed the last 30 days. Network Firewall endpoints incur hourly charges. This check alerts you to Network Firewall with no data processed in the last 30 days. It’s a best practice to either remove unused Network Firewalls or update your architecture.

Check ID

c2vlfg0bfw

Alert Criteria
  • Yellow: The Network Firewall processed 0 bytes in the last 30 days.

  • Green: The Network Firewall processed more than 0 bytes in the last 30 days.

Recommended Action

If the Network Firewall wasn’t used in the last 30 days, then consider deleting the Network Firewall.

If a Transit Gateway is used for inter-VPC communication, then consider deploying your Network Firewalls in a centralized network inspection architectures. This can reduce the hourly charges on inactive Network Firewalls.

Additional Resources

Amazon Network Firewall Pricing

Inspection Deployment Models with Amazon Network Firewall

Report columns
  • Status

  • Region

  • Network Firewall Arn

  • VPC Id

  • Subnets

  • TotalBytesProcessed

  • Last Updated Time

Inactive VPC interface endpoints

Description

Checks your VPC interface endpoints and alerts you when the endpoints appear to be inactive. A VPC interface endpoint is considered to be inactive if it has no data processed in the last 30 days. VPC interface endpoints have hourly charges and data processing costs. This check alerts you about VPC interface endpoints with 0 data processed in the last 30 days. It’s a best practice to either remove unused VPC interface endpoints or update your architecture.

Check ID

c2vlfg0jp6

Alert Criteria
  • Yellow: VPC interface endpoint has processed 0 bytes in the last 30 days.

  • Green: VPC interface endpoint has processed more than 0 bytes in the last 30 days

Recommended Action

If the VPC interface endpoint had not been used in the last 30 days, consider deleting the VPC interface endpoint.

If Transit Gateway is used for inter-VPC communication, then consider deploying your VPC interface endpoints in a centralized architecture to reduce the hourly charges on inactive VPC interface endpoints.

Additional Resources
Report columns
  • Status

  • Region

  • VPC Endpoint Id

  • VPC Id

  • Subnet Ids

  • Service Name

  • TotalBytesProcessed

  • Last Updated Time

Inactive Gateway Load Balancer endpoints

Description

Checks your Gateway Load Balancer endpoints and warns when they appear to be inactive. A Gateway Load Balancer endpoint is considered to be underutilized if it has no data processed in the last 30 days. Gateway Load Balancer endpoints have hourly charges and data processed charges. This check alerts you to Gateway Load Balancer endpoints with 0 data processed in the last 30 days. We recommend that you either remove unused Gateway Load Balancer endpoints, or update your architecture.

Check ID

c2vlfg0k35

Alert Criteria
  • Yellow: Gateway Load Balancer endpoint processed 0 bytes in the last 30 days

  • Green: Gateway Load Balancer endpoint processed more than 0 bytes in the last 30 days

Recommended Action

If the Gateway Load Balancer endpoint has not been used in the last 30 days, consider deleting the VPC endpoint.

If Transit Gateway is used for inter-VPC communication, consider deploying your Gateway Load Balancer endpoints in a centralized network inspection architecture to reduce the hourly charges on inactive Gateway Load Balancer endpoints.

Additional Resources

Amazon PrivateLink Pricing

Centralized inspection architecture with Amazon Gateway Load Balancer and Amazon Transit Gateway

Report columns
  • Status

  • Region

  • VPC Endpoint Id

  • VPC Id

  • Subnet Id

  • Service Name

  • TotalBytesProcessed

  • Last Updated Time

Inactive NAT Gateways

Description

Checks your NAT Gateways for inactive gateways. A NAT Gateway is considered to be inactive if no data (0 bytes) was processed in the last 30 days. NAT Gateways have hourly charges and data processed charges.

Check ID

c2vlfg022t

Alert Criteria
  • Yellow: The NAT Gateway processed 0 bytes in the last 30 days

  • Green: The NAT Gateway processed more than 0 bytes in the last 30 days

Recommended Action

Consider deleting any NAT Gateways that weren’t used in the last 30 days and that aren’t required for external network access outside the VPC.

If a Transit Gateway is used for inter-VPC communication, then consider deploying a centralized NAT Gateway for egress to internet architecture. This can reduce the hourly cost from inactive NAT Gateways.

Additional Resources

NAT Gateway Pricing

Centralized egress to internet

Report columns
  • Status

  • Region

  • NAT Gateway Id

  • Subnet Id

  • VPC Id

  • TotalBytesFromDest

  • TotalBytesFromSrc

  • TotalBytes

  • Last Updated Time

Unassociated Elastic IP Addresses

Description

Checks for Elastic IP addresses (EIPs) that are not associated with a running Amazon Elastic Compute Cloud (Amazon EC2) instance.

EIPs are static IP addresses designed for dynamic cloud computing. Unlike traditional static IP addresses, EIPs mask the failure of an instance or Availability Zone by remapping a public IP address to another instance in your account. A nominal charge is imposed for an EIP that is not associated with a running instance.

Check ID

Z4AUBRNSmz

Alert Criteria

Yellow: An allocated Elastic IP address (EIP) is not associated with a running Amazon EC2 instance.

Recommended Action

Associate the EIP with a running active instance, or release the unassociated EIP. For more information, see Associating an Elastic IP Address with a Different Running Instance and Releasing an Elastic IP Address.

Additional Resources

Elastic IP Addresses

Report columns
  • Region

  • IP Address