The 5 AWS charges silently draining your budget (and how to fix each one)
I've reviewed a lot of cloud bills over 7 years as a DevOps engineer.
The waste isn't exotic. It's not misconfigured Kubernetes clusters or obscure data transfer fees nobody knew existed. It's the same five things, over and over, on teams that genuinely believe they're managing costs well.
Here's what they are — and exactly how to fix each one.
1. Dev and staging RDS running 24/7
Your production database needs to run continuously. Your dev database does not.
A db.r5.xlarge runs ~$876/month. If your team uses it 8 hours a day on weekdays, you're paying for 720 hours and using roughly 170. That's $626/month funding nothing.
The fix is a Lambda schedule. Takes 20 minutes to set up, runs forever:
# Stop dev RDS at 7pm every weekday
aws events put-rule \
--name "StopDevRDS" \
--schedule-expression "cron(0 17 ? * MON-FRI *)" \
--state ENABLED
# Start it at 8am
aws events put-rule \
--name "StartDevRDS" \
--schedule-expression "cron(0 8 ? * MON-FRI *)" \
--state ENABLED
Typical saving: 65% on affected instances.
The objection I always hear: "But what if someone needs it on the weekend?" In 7 years I've seen this come up twice. The fix: add a manual start button in your internal tooling. A single Lambda invocation.
2. Everything on On-Demand pricing
On-Demand is the rack rate. The price AWS publishes because they have to, not because they expect serious workloads to stay there.
If you've had stable compute running for 6+ months — and most teams have — you're paying a 30-45% premium for flexibility you're not using.
Compute Savings Plans are the easiest path. No instance family commitment, no region lock-in:
# See exactly how much you'd save
aws savingsplans describe-savings-plans-purchase-recommendation \
--savings-plans-type COMPUTE_SP \
--term-in-years ONE_YEAR \
--payment-option NO_UPFRONT \
--lookback-period-in-days THIRTY_DAYS
Run that. Read the output. The "Estimated Monthly Savings" figure is money you're leaving on the table every month you wait.
Typical saving: 30-45% on covered compute. Zero architecture changes required.
3. Unattached EBS volumes
When you terminate an EC2 instance, AWS doesn't automatically delete the attached EBS volume. Unless you explicitly configured it to do so when you launched the instance, the volume sits there — charged at $0.10/GB/month — indefinitely.
Find them:
aws ec2 describe-volumes \
--filters Name=status,Values=available \
--query 'Volumes[*].{ID:VolumeId,Size:Size,Created:CreateTime,Type:VolumeType}' \
--output table
Review the output. Anything created more than 30 days ago from an instance that no longer exists is almost certainly orphaned. Snapshot it for $0.05/GB/month if you're not sure, then delete the volume.
I've found $200–$1,400/month from this command alone. The worst case I've seen: a team that migrated to EKS 18 months prior and left 67 volumes from their old EC2 fleet running the whole time.
Typical saving: variable, but this takes 10 minutes to audit.
4. S3 storage never tiered
S3 Standard is $0.023/GB/month. S3 Glacier Instant Retrieval is $0.004/GB/month.
Your logs from 2023 don't need Standard. Neither do your backups, your old deployment artifacts, or the compliance exports nobody has opened since they were generated.
A lifecycle policy fixes this automatically:
aws s3api put-bucket-lifecycle-configuration \
--bucket your-bucket-name \
--lifecycle-configuration '{
"Rules": [{
"ID": "AutoTier",
"Status": "Enabled",
"Filter": {"Prefix": ""},
"Transitions": [
{"Days": 30, "StorageClass": "STANDARD_IA"},
{"Days": 90, "StorageClass": "GLACIER_IR"}
]
}]
}'
Set it once. It runs forever. Data moves through tiers automatically as it ages.
Typical saving: 30-60% on storage older than 90 days.
5. NAT Gateway data processing charges
This one surprises people every time.
NAT Gateway charges $0.045 per GB processed — in both directions. If your microservices are calling AWS APIs (S3, DynamoDB, SQS) through a NAT Gateway instead of VPC endpoints, you're paying per-GB for every single request.
At scale this adds up fast. I've seen teams with $800/month NAT Gateway bills that dropped to $60 after adding two free endpoints.
The S3 and DynamoDB Gateway endpoints are free:
# Free endpoint for S3 — traffic no longer routes through NAT
aws ec2 create-vpc-endpoint \
--vpc-id vpc-xxxxxxxxx \
--service-name com.amazonaws.eu-west-1.s3 \
--route-table-ids rtb-xxxxxxxxx
# Free endpoint for DynamoDB
aws ec2 create-vpc-endpoint \
--vpc-id vpc-xxxxxxxxx \
--service-name com.amazonaws.eu-west-1.dynamodb \
--route-table-ids rtb-xxxxxxxxx
Typical saving: 10-40% of your NAT Gateway bill.
The pattern underneath all of this
None of these are obscure. Every experienced AWS engineer knows they exist.
The reason they accumulate anyway is always the same: the team is busy, the bill is complex, and nobody has sat down to look systematically. Cost Explorer shows you the numbers. It doesn't tell you which specific instances to reschedule, which volumes are orphaned, or which buckets have never had a lifecycle rule.
That's the gap.
A tool I built for exactly this
I got tired of doing this analysis manually on every engagement, so I built KloudAudit — a structured 18-checkpoint audit that walks through all five of these (and 13 more) with savings estimates specific to your bill size.
Free to run. Takes 15 minutes. No AWS account access required — you answer questions about your own setup, and it tells you what to fix and in what order.
If you write about cloud costs or DevOps, I also built a free embeddable savings calculator your readers can use directly on your articles. One script tag, no signup, no cost: kloudaudit.eu/widget/
What's the most surprising cloud cost you've discovered? I'm collecting war stories — drop it in the comments.
Top comments (0)