What the f*%k is this charge?
AWS is complex. Sign up for free, useful lessons like this.
What the f*%k is this charge?
Rather than talk about the things that rocket your AWS bill to the moon, let's talk about all the tiny, annoying charges.
Here are the top reasons why your accounts have small, seemingly random charges.
Running out of CPU Credits
If you're using t2
, t3
or t4g
instance types, you are running on a system of CPU credits. The t3
and t4g
instance types have a feature called Unlimited Mode, which is enabled by default.
If an instance run out of CPU credits, it starts using Unlimited Mode. This mode allows the instance to continue using the full CPU (instead of being capped at the baseline amount).
Unsurprisingly, Unlimited Mode comes at extra cost. Usually, in my experience, these charges are not super high - but they can be!
You should check the CPU Credits metrics on your EC2 servers (and RDS databases) to ensure you aren't using them up.
Sneaky NAT Gateways
Creating a VPC is a common task in AWS. Often, this involves creating a NAT gateway, which allows servers in private networks to reach the outside internet (without allowing the outside internet to reach those servers).
NAT gateways have an hourly cost - roughly $32/mo, varying a bit by region. On top of this, NAT gateways have notoriously high bandwidth usage charges as they are effectively an extra bandwidth charge (per GB) on top of the regular bandwidth charges made.
These are easy to forget and leave running, even if you're not using a VPC any longer. Additionally, some automated setups attempt to create many NAT gateways (one per AZ, or even one per Subnet). For some, this extra base cost is barely a drop in a bucket - but that's not true for all of us!
If you're tracking costs down, be sure to check each region that may have had a custom VPC created within it at one point.
If you delete a NAT gateway, don't forget to also clean up the associated Elastic IP Address (see below for more on EIPs).
Forgotten S3 Buckets
S3 is AWS's oldest service. Chances are most of us have some S3 buckets hanging around in old, forgotten AWS accounts.
S3 is priced on storage and number of API calls. Throw a few objects in S3, you'll start getting a monthly charge for a few cents.
I personally have an AWS accounts that's charged $0.18 a month. Just annoying enough to chuckle at, but not annoying enough to track down.
DNS Zones
DNS zones registered in Route53 are often easy to spot, as each domain has a blanket cost of $0.50 per zone (domain). If you're being charged something like $0.53 per months, definitely check for domains (zones) registered in Route53!
Orphaned EBS Volumes
When you terminate a server, the default setting is for the primary (root) volume to be terminated with the instance. However, any additional volumes attached to an instance default to NOT being deleted when an instance is terminated.
This is a configuration you can change, but it's easy to miss. If you have terminated an instance, and you use multiple volumes on your servers, you should check the Volumes section in the EC2 web console to see if any are hanging around.
EBS volume charges can add up! They are often the second or third highest charge after the EC2 hourly charges themselves. EBS volumes are region-specific as well, so be sure to check any regions you may have operated within to see if any unused volumes are there.
Unmanaged Snapshots
Along the lines of orphaned EBS volumes, you may have old snapshots (volume backups) hanging around.
These are super easy to forget about, as they are cheap! But they'll linger around forever if you don't take actions to prune them.
Having lots of aging snapshots also makes it harder to find needed backups. Do you really need that 6 year old volume backup?
I recently started using the Amazon Data Lifecycle Manager to manage my snapshots. Based on your EBS volume tags (you ARE tagging your EC2 instances and their volumes, right?) you can have this service automatically snapshot your EBS volumes and prune older ones.
Unused EIPs
Similar to secondary EBS volumes, EIPs (elastic IP addresses) are not deleted (released) by default when an associated EC2 instance is terminated.
These are a smaller charge - something like $3.50 per month, so it's easy to forget they are there. There are certainly use cases for hanging onto a specific IP address, but chances are you don't want to be.
Due to IPv4's relative scarcity, all EIP's in your account incur a charge, whether they are associated with an EC2 instance (or other resource) or not. You can "release" the IP address back to AWS to no longer be charged for it. However, be aware that there's no way to get a specific IP address back once it's released.
Where else to look?
To track down charges, the first place you should actually be looking is the Cost Explorer. If you filter by Usage Type (and perhaps change it to Daily to show each days charges), you should get a good idea of where your AWS bill is coming from.
This is a great starting point to finding insights into your AWS bills.