The average startup we audit overspends on AWS by 35–50%. Not because they are doing anything exotic - because of five recurring misconfigurations that compound over time as infrastructure grows without a cost review.
Here is where the money goes, and how to get it back.
1. EC2 and RDS Instances With No Reservations
On-demand pricing is the most expensive way to run steady-state workloads. If you have instances that run 24/7 - your production API servers, your primary database - you are paying a significant premium for the flexibility of not committing.
What to do:
For EC2, switch to Compute Savings Plans. A 1-year no-upfront Compute Savings Plan saves 30–38% over on-demand. It applies automatically to any EC2 usage regardless of instance type or region, so it does not lock you into a specific configuration.
For RDS, use Reserved Instances. A 1-year no-upfront RI for RDS saves 35–40%. Unlike EC2, RDS reservations are instance-type specific, so commit to what you know you will keep running.
Typical savings: 30–40% on compute and database costs for steady-state workloads.
2. Idle and Oversized Instances
Most teams provision instances for peak load and never right-size them. An m5.4xlarge running at 8% CPU average is a common finding. So is a staging environment running 24/7 when the engineering team works 5 days a week.
What to do:
Pull the last 30 days of CPU and memory utilization from CloudWatch. Anything running below 20% average CPU is a candidate for downsizing. For most production web APIs, an m5.large or m5.xlarge is sufficient under 200 req/s.
For non-production environments: schedule them. AWS Instance Scheduler or a Lambda function can stop dev and staging instances outside business hours. A staging environment running 8 hours a day instead of 24 costs 67% less.
Typical savings: 20–40% on non-production compute costs. 15–25% on production instances after right-sizing.
3. Unattached EBS Volumes and Orphaned Snapshots
When EC2 instances are terminated, the EBS volumes and their snapshots often remain. These accumulate silently - gp2 storage at $0.10/GB/month does not feel expensive per item, but it adds up.
What to do:
Run this query in AWS Cost Explorer filtered by "Amazon Elastic Block Store" and look for the volume-month line. Then in the EC2 console, filter volumes by "State: available" - available means unattached. Delete them if they are not needed.
For snapshots: anything older than 90 days for a terminated instance is likely orphaned. AWS Trusted Advisor and tools like aws-nuke (run carefully, in dry-run mode first) can identify them.
Typical savings: $500–$5,000/month depending on how long the environment has been running without cleanup.
4. NAT Gateway Traffic Costs
NAT Gateway pricing is $0.045 per GB of data processed in addition to the hourly fee. This is invisible until something starts generating high outbound traffic through the gateway.
Common culprits: EC2 instances downloading large packages in userdata scripts every time they start, ECS tasks pulling large Docker images from Docker Hub instead of ECR, Lambda functions running in a VPC making high-volume API calls.
What to do:
Enable VPC Flow Logs for 48 hours and identify the top talkers through the NAT Gateway. For Docker images, push them to ECR and pull from there - ECR data transfer within the same region is free. For S3 access from private subnets, use an S3 Gateway Endpoint - it routes traffic through AWS's internal network and costs nothing.
Typical savings: $1,000–$8,000/month for teams with active VPCs and high egress.
5. S3 Storage Class Misconfigurations
Most S3 data sits in S3 Standard ($0.023/GB/month) when it should be in S3 Infrequent Access ($0.0125/GB/month) or S3 Glacier for archival data ($0.004/GB/month).
What to do:
Enable S3 Intelligent-Tiering on buckets with variable access patterns. It moves objects automatically between access tiers with no operational overhead. The monitoring fee ($0.0025 per 1,000 objects) is usually offset by savings within the first month for buckets over 100GB.
For known-cold data - old log archives, compliance records, backups older than 30 days - add S3 Lifecycle rules to transition to Glacier after 30–60 days. A 10TB archive at $0.004/GB costs $40/month in Glacier vs $230/month in Standard.
Typical savings: 30–60% on storage costs for teams with significant S3 usage.
The Audit Process
When we audit a client's AWS environment for cost, the process is:
- •Pull the last 3 months from AWS Cost Explorer by service, then by usage type
- •Identify the top 5 cost line items - these are always where the savings are
- •Check reserved instance and savings plan coverage
- •Run AWS Trusted Advisor and Compute Optimizer recommendations
- •Pull resource utilization from CloudWatch for the top 10 most expensive instances
- •Identify unattached/orphaned resources
- •Review NAT Gateway traffic if it appears in the top 5
A typical audit surfaces $3,000–$15,000/month in actionable savings for a startup spending $20,000–$50,000/month on AWS.
If you want us to run this audit on your account, book a free session. We go through it with you live and you leave with a prioritised list of changes.