The 5 AWS Services That Secretly Drain Your Budget (and How to Stop Them)

AWS bills often creep up because of quiet services that run in the background. This guide shows the five most common drains, how to spot them fast, and simple fixes. Each section includes what it is, why it costs you, how to find it, how to reduce it, and copy‑paste commands.

---

1) NAT Gateways

What it is (simple): A door your private subnets use to reach the internet.

Why it drains budget: You pay for uptime and data processed. Many teams deploy one NAT Gateway per Availability Zone (even in dev/stage), so the meter runs 24/7.

Real‑life example: A dev VPC with three AZs keeps three NAT Gateways online all month. Even with low traffic, you still pay hourly and per‑GB fees.

How to find it

• Console: VPC → NAT Gateways → list per VPC/environment.
• Before running commands, double‑check your AWS profile and region.

aws ec2 describe-nat-gateways --query "NatGateways[*].{Id:NatGatewayId,State:State}"

How to reduce

• Consolidate to one NAT Gateway per VPC where downtime risk is low (dev/stage).
• Consider a NAT instance (EC2) for dev/stage and schedule on/off hours.
• Remove unused gateways after migrating traffic.

Why this matters: Cuts fixed hourly spend and per‑GB processing fees, especially outside production.

Sources

• NAT Gateway pricing: https://aws.amazon.com/vpc/pricing/
• NAT Gateway docs: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

---

2) Idle Load Balancers (ALB/NLB/CLB)

What it is: Traffic routers for your apps and services.

Why it drains budget: You are billed even when they serve zero requests. Blue/green or test stacks often leave idle LBs behind.

Real‑life example: A migration finished months ago, but an unused ALB remains. No targets attached—still charging monthly.

How to find it

• Console: EC2 → Load Balancers → filter by unused/no healthy targets.
• Check names and regions before running any command.

aws elbv2 describe-load-balancers   --query "LoadBalancers[*].{Name:LoadBalancerName,State:State.Code,Type:Type,Scheme:Scheme}"

aws elbv2 describe-target-groups   --query "TargetGroups[*].{Name:TargetGroupName,Arn:TargetGroupArn}"

How to reduce

• Delete LBs not attached to any active service/target group.
• Add teardown steps in CI/CD for ephemeral environments.
• Use AWS Config rules to flag idle LBs automatically.

Why this matters: Stops paying a monthly “base fee” for unused infrastructure.

Sources

• ELB pricing: https://aws.amazon.com/elasticloadbalancing/pricing/
• ELB docs: https://docs.aws.amazon.com/elasticloadbalancing/

---

3) Unattached EBS Volumes (Orphaned Storage)

What it is: Block storage for EC2 instances.

Why it drains budget: When an instance is terminated without “delete on termination,” its EBS volume can linger and keep billing.

Real‑life example: A spike‑test instance gets removed; its 500‑GB volume does not. Three months later, surprise charges for storage you don’t use.

How to find it

• Console: EC2 → Volumes → filter State = available (unattached).
• Confirm the correct account/region before removal.

aws ec2 describe-volumes   --filters "Name=status,Values=available"   --query "Volumes[*].{Id:VolumeId,SizeGiB:Size,Created:CreateTime}"

How to reduce

• Snapshot only what you truly need; delete the rest.
• Enable DeleteOnTermination on root volumes for future instances.
• Use a weekly Lambda to report or clean “available” volumes.

Why this matters: Eliminates ongoing storage charges with minimal risk.

Sources

• EBS pricing: https://aws.amazon.com/ebs/pricing/
• EBS docs: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes.html

---

4) CloudWatch Logs (Never‑Ending Retention)

What it is: Centralized logs for AWS services and your apps.

Why it drains budget: Default retention is forever. Log data piles up and storage costs grow quietly over time.

Real‑life example: Lambda logs from 2022 still retained at full detail. No one uses them, but you keep paying.

How to find it

• Console: CloudWatch → Logs → Log groups → check the Retention column.
• Verify log group names before applying changes.

# Example: set retention to 14 days for one group
aws logs put-retention-policy   --log-group-name "/aws/lambda/my-function"   --retention-in-days 14

How to reduce

• Set sensible retention (e.g., 7–30 days for most app logs).
• Export long‑term logs to S3 with lifecycle rules if needed.
• Script retention updates across all groups to keep things consistent.

Why this matters: Reduces a slow, silent cost that compounds over time.

Sources

• CloudWatch pricing: https://aws.amazon.com/cloudwatch/pricing/
• CloudWatch Logs docs: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html

---

5) Data Transfer (The Hidden Killer)

What it is: Charges for moving data—between AZs, regions, and out to the internet.

Why it drains budget: Cross‑AZ, cross‑region, and internet egress add up fast. Chatty multi‑region designs quietly grow costs.

Real‑life example: Service A in us‑east‑1 calls Service B in eu‑west‑1 for every request. Users stay steady but the bill climbs due to cross‑region traffic.

How to find it

• Cost Explorer: filter Usage Type = Data Transfer; group by Service/Region.
• Adjust dates and granularity before running the call.

aws ce get-cost-and-usage   --time-period Start=2025-10-01,End=2025-10-31   --granularity MONTHLY   --metrics "UnblendedCost"   --group-by Type=DIMENSION,Key=USAGE_TYPE

How to reduce

• Keep chatty services in the same AZ/region where possible.
• Use VPC endpoints (Interface/Gateway) to keep traffic on the AWS network.
• Put CloudFront in front of S3/ALB for caching and lower egress.
• Treat multi‑region as an explicit, costed decision—not the default.

Why this matters: Data transfer can dwarf compute/storage if left unchecked.

Sources

• Data transfer pricing: https://aws.amazon.com/ec2/pricing/on-demand/#Data_Transfer
• VPC endpoints: https://docs.aws.amazon.com/vpc/latest/privatelink/
• CloudFront pricing: https://aws.amazon.com/cloudfront/pricing/

---

Quick Wins Checklist (Run Monthly)

• [ ] One NAT Gateway for non‑critical VPCs (dev/stage)
• [ ] Delete idle ALBs/NLBs and orphaned target groups
• [ ] Clean available EBS volumes; enable DeleteOnTermination
• [ ] Set CloudWatch log retention (7–30 days) across all groups
• [ ] Reduce cross‑AZ/region chatter; use VPC endpoints and CloudFront

---

FAQ (Fast Clarifications)

• Can I just turn off CloudWatch Logs?
  
  Reduce volume via sampling or log levels, but keep enough to debug. Retention tuning + export‑to‑S3 is usually best.

• Are NAT instances safe?
  
  For dev/stage: often fine with schedules and patching. For prod: most teams prefer managed NAT Gateways for reliability and simplicity.

• How do I pinpoint cross‑region traffic?
  
  Start with Cost Explorer group‑bys, then trace with VPC Flow Logs or service metrics.

---

Wrap‑Up

These five areas cause the most frequent, fixable AWS waste:

• NAT Gateways
• Idle Load Balancers
• Unattached EBS Volumes
• CloudWatch Logs
• Data Transfer

Tackle them today, then schedule a monthly sweep. Most teams see double‑digit savings in the first month.

If this helped, follow @cloudwiseteam for more no‑fluff AWS cost tips.

If you want to automate AWS cost tracking and catch these leaks before they happen, check out CloudWise — the AI Copilot for AWS cost optimization.