Cost optimization
You can use the following checks for the cost optimization category.
Check names
- Amazon EC2 instances over-provisioned for Microsoft SQL Server
- Amazon EC2 Instances Stopped
- Amazon S3 Incomplete Multipart Upload Abort Configuration
- Idle Load Balancers
- Inactive Amazon Network Firewall
- Inactive VPC interface endpoints
- Inactive Gateway Load Balancer endpoints
- Inactive NAT Gateways
- Unassociated Elastic IP Addresses
Amazon EC2 instances over-provisioned for Microsoft SQL Server
- Description
-
Checks your Amazon Elastic Compute Cloud (Amazon EC2) instances that are running SQL Server in the past 24 hours. An SQL Server database has a compute capacity limit for each instance. An instance with SQL Server Standard edition can use up to 48 vCPUs. An instance with SQL Server Web can use up to 32 vCPUs. This check alerts you if an instance exceeds this vCPU limit.
If your instance is over-provisioned, you pay full price without realizing an improvement in performance. You can manage the number and size of your instances to help lower costs.
Estimated monthly savings are calculated by using the same instance family with the maximum number of vCPUs that an SQL Server instance can use and the On-Demand pricing. Actual savings will vary if you’re using Reserved Instances (RI) or if the instance isn’t running for a full day.
Note
Results for this check are automatically refreshed several times daily, and refresh requests are not allowed. It might take a few hours for changes to appear. Currently, you can’t exclude resources from this check.
- Check ID
-
Qsdfp3A4L1
- Alert Criteria
-
-
Red: An instance with SQL Server Standard edition has more than 48 vCPUs.
-
Red: An instance with SQL Server Web edition has more than 32 vCPUs.
-
- Recommended Action
-
For SQL Server Standard edition, consider changing to an instance in the same instance family with 48 vCPUs. For SQL Server Web edition, consider changing to an instance in the same instance family with 32 vCPUs. If it is memory intensive, consider changing to memory optimized R5 instances. For more information, see Best Practices for Deploying Microsoft SQL Server on Amazon EC2.
- Additional Resources
-
-
You can use Launch Wizard
to simplify your SQL Server deployment on EC2.
- Report columns
-
-
Status
-
Region
-
Instance ID
-
Instance Type
-
vCPU
-
SQL Server Edition
-
Maximum vCPU
-
Recommended Instance Type
-
Estimated Monthly Savings
-
Last Updated Time
-
Amazon EC2 Instances Stopped
- Description
-
Checks if there are Amazon EC2 instances that have been stopped for more than 30 days.
You can specify the allowed number of days value in the AllowedDays of Amazon Config parameters.
For more information, see Why am I being charged for Amazon EC2 when all my instances were terminated?
Note
Results for this check are automatically refreshed several times daily, and refresh requests are not allowed. It might take a few hours for changes to appear. Currently, you can’t exclude resources from this check.
- Check ID
-
c18d2gz150
- Source
-
AWS Config Managed Rule: ec2-stopped-instance
- Alert Criteria
-
-
Yellow: There are Amazon EC2 instances stopped for more than the allowed number of days.
-
- Recommended Action
-
Review the Amazon EC2 instances that have been stopped for 30 days or more. To avoid incuring unnecessary costs, terminate any instances that are no longer needed.
For more information, see Terminate your instance.
- Additional Resources
- Report columns
-
-
Status
-
Region
-
Resource
-
Amazon Config Rule
-
Input Parameters
-
Last Updated Time
-
Amazon S3 Incomplete Multipart Upload Abort Configuration
- Description
-
Checks that each Amazon S3 bucket is configured with a lifecycle rule to abort multipart uploads that remain incomplete after 7 days. Using a lifecycle rule to abort these incomplete uploads and delete the associated storage is recommended.
Note
Results for this check are automatically refreshed one or more times each day, and refresh requests are not allowed. It might take a few hours for changes to appear. Currently, you can’t exclude resources from this check.
- Check ID
-
c1cj39rr6v
- Alert Criteria
-
Yellow: The lifecycle configuration bucket does not contain a lifecycle rule to abort all multipart uploads that remain incomplete after 7 days.
- Recommended Action
Review lifecycle configuration for buckets without a lifecycle rule that would cleanup all incomplete multipart uploads. Uploads that are not completed after 24 hours are unlikely to be completed. Click here to follow instructions to create a lifecycle rule. It is recommended that this is applied to all objects in your bucket. If you have a need to apply other lifecycle actions to selected objects in your bucket, you can have multiple rules with different filters. Check the storage lens dashboard or call the ListMultipartUpload API for more information.
- Additional Resources
-
Creating a lifecycle configuration
Discovering and Deleting Incomplete Multipart Uploads to Lower Amazon S3 Costs
Uploading and copying objects using multipart upload
Lifecycle configuration elements
- Report columns
-
-
Status
-
Region
-
Bucket Name
-
Bucket ARN
-
Lifecycle rule for deleting incomplete MPU
-
Days After Initiation
-
Last Updated Time
-
Idle Load Balancers
- Description
-
Checks your Elastic Load Balancing configuration for load balancers that are idle.
Any load balancer that is configured accrues charges. If a load balancer has no associated back-end instances, or if network traffic is severely limited, the load balancer is not being used effectively. This check currently only checks for Classic Load Balancer type within ELB service. It does not include other ELB types (Application Load Balancer, Network Load Balancer).
- Check ID
-
hjLMh88uM8
- Alert Criteria
-
-
Yellow: A load balancer has no active back-end instances.
-
Yellow: A load balancer has no healthy back-end instances.
-
Yellow: A load balancer has had less than 100 requests per day for the last 7 days.
-
- Recommended Action
-
If your load balancer has no active back-end instances, consider registering instances or deleting your load balancer. See Registering Your Amazon EC2 Instances with Your Load Balancer or Delete Your Load Balancer.
If your load balancer has no healthy back-end instances, see Troubleshooting Elastic Load Balancing: Health Check Configuration.
If your load balancer has had a low request count, consider deleting your load balancer. See Delete Your Load Balancer.
- Additional Resources
- Report columns
-
-
Region
-
Load Balancer Name
-
Reason
-
Estimated Monthly Savings
-
Inactive Amazon Network Firewall
- Description
-
Checks your Amazon Network Firewall endpoints and alerts you when the Network Firewall appears to be inactive.
A Network Firewall is considered to be inactive if all its endpoints have no data processed the last 30 days. Network Firewall endpoints incur hourly charges. This check alerts you to Network Firewall with no data processed in the last 30 days. It’s a best practice to either remove unused Network Firewalls or update your architecture.
- Check ID
-
c2vlfg0bfw
- Alert Criteria
-
-
Yellow: The Network Firewall processed 0 bytes in the last 30 days.
-
Green: The Network Firewall processed more than 0 bytes in the last 30 days.
-
- Recommended Action
-
If the Network Firewall wasn’t used in the last 30 days, then consider deleting the Network Firewall.
If a Transit Gateway is used for inter-VPC communication, then consider deploying your Network Firewalls in a centralized network inspection architectures. This can reduce the hourly charges on inactive Network Firewalls.
- Additional Resources
- Report columns
-
-
Status
-
Region
-
Network Firewall Arn
-
VPC Id
-
Subnets
-
TotalBytesProcessed
-
Last Updated Time
-
Inactive VPC interface endpoints
- Description
-
Checks your VPC interface endpoints and alerts you when the endpoints appear to be inactive. A VPC interface endpoint is considered to be inactive if it has no data processed in the last 30 days. VPC interface endpoints have hourly charges and data processing costs. This check alerts you about VPC interface endpoints with 0 data processed in the last 30 days. It’s a best practice to either remove unused VPC interface endpoints or update your architecture.
- Check ID
-
c2vlfg0jp6
- Alert Criteria
-
-
Yellow: VPC interface endpoint has processed 0 bytes in the last 30 days.
-
Green: VPC interface endpoint has processed more than 0 bytes in the last 30 days
-
- Recommended Action
-
If the VPC interface endpoint had not been used in the last 30 days, consider deleting the VPC interface endpoint.
If Transit Gateway is used for inter-VPC communication, then consider deploying your VPC interface endpoints in a centralized architecture to reduce the hourly charges on inactive VPC interface endpoints.
- Additional Resources
- Report columns
-
-
Status
-
Region
-
VPC Endpoint Id
-
VPC Id
-
Subnet Ids
-
Service Name
-
TotalBytesProcessed
-
Last Updated Time
-
Inactive Gateway Load Balancer endpoints
- Description
-
Checks your Gateway Load Balancer endpoints and warns when they appear to be inactive. A Gateway Load Balancer endpoint is considered to be underutilized if it has no data processed in the last 30 days. Gateway Load Balancer endpoints have hourly charges and data processed charges. This check alerts you to Gateway Load Balancer endpoints with 0 data processed in the last 30 days. We recommend that you either remove unused Gateway Load Balancer endpoints, or update your architecture.
- Check ID
-
c2vlfg0k35
- Alert Criteria
-
-
Yellow: Gateway Load Balancer endpoint processed 0 bytes in the last 30 days
-
Green: Gateway Load Balancer endpoint processed more than 0 bytes in the last 30 days
-
- Recommended Action
-
If the Gateway Load Balancer endpoint has not been used in the last 30 days, consider deleting the VPC endpoint.
If Transit Gateway is used for inter-VPC communication, consider deploying your Gateway Load Balancer endpoints in a centralized network inspection architecture to reduce the hourly charges on inactive Gateway Load Balancer endpoints.
- Additional Resources
-
Centralized inspection architecture with Amazon Gateway Load Balancer and Amazon Transit Gateway
- Report columns
-
-
Status
-
Region
-
VPC Endpoint Id
-
VPC Id
-
Subnet Id
-
Service Name
-
TotalBytesProcessed
-
Last Updated Time
-
Inactive NAT Gateways
- Description
-
Checks your NAT Gateways for inactive gateways. A NAT Gateway is considered to be inactive if no data (0 bytes) was processed in the last 30 days. NAT Gateways have hourly charges and data processed charges.
- Check ID
-
c2vlfg022t
- Alert Criteria
-
-
Yellow: The NAT Gateway processed 0 bytes in the last 30 days
-
Green: The NAT Gateway processed more than 0 bytes in the last 30 days
-
- Recommended Action
-
Consider deleting any NAT Gateways that weren’t used in the last 30 days and that aren’t required for external network access outside the VPC.
If a Transit Gateway is used for inter-VPC communication, then consider deploying a centralized NAT Gateway for egress to internet architecture. This can reduce the hourly cost from inactive NAT Gateways.
- Additional Resources
- Report columns
-
-
Status
-
Region
-
NAT Gateway Id
-
Subnet Id
-
VPC Id
-
TotalBytesFromDest
-
TotalBytesFromSrc
-
TotalBytes
-
Last Updated Time
-
Unassociated Elastic IP Addresses
- Description
-
Checks for Elastic IP addresses (EIPs) that are not associated with a running Amazon Elastic Compute Cloud (Amazon EC2) instance.
EIPs are static IP addresses designed for dynamic cloud computing. Unlike traditional static IP addresses, EIPs mask the failure of an instance or Availability Zone by remapping a public IP address to another instance in your account. A nominal charge is imposed for an EIP that is not associated with a running instance.
- Check ID
-
Z4AUBRNSmz
- Alert Criteria
-
Yellow: An allocated Elastic IP address (EIP) is not associated with a running Amazon EC2 instance.
- Recommended Action
-
Associate the EIP with a running active instance, or release the unassociated EIP. For more information, see Associating an Elastic IP Address with a Different Running Instance and Releasing an Elastic IP Address.
- Additional Resources
- Report columns
-
-
Region
-
IP Address
-