A Representative List of Cost Governance Policies. These are constantly updated. 

Old AMIs

EBS backed AMIs are charged for the EBS volumes along with the EBS Snapahots. S3 backed AMIs are charged for the S3 storage. Hence, old AMIs should ideally be deregistered to avoid these costs.

Action

  • DEREGISTER : Deregisters the old AMI(s).

Old Snapahots

It is advisible to not keep Snapshots older than 10 days due to the incurred cost that comes along with it.

Action

  • DELETE : Deletes Snapahots older than 10 days.

Idle EC2 for 3 days

EC2 instances that are running but have a CPU utilization of less than 2% over a period of 72 hours are considered to be idle EC2 instances.

Action

  • STOP : Stops the idle EC2 instances.
  • TERMINATE : Terminates the idle EC2 instances.

Detached Elastic IPs

AWS enforces an hourly charge if an Elastic IP (EIP) address within your account is not associated with a running EC2 instance or an Elastic Network Interface (ENI).

Action

  • No action available yet.

EC2 with No Network Activity

EC2 instances where the data being sent or recieved is less than 128Kbs over a period of 5 days is considered to have no network activity.

Action

  • STOP : Stops the idle EC2 instances.
  • TERMINATE : Terminates the idle EC2 instances.

EMR across Multiple AZs

There are costs incurred when data is being sent from one availablity zone to another, hence it is advisible to not have EMR clusters that span over multiple AZs.

Action

  • No action available yet.

Public S3 Bucket

An S3 Bucket when made public is automatically vulnerable to security breaches. Apart from this, you will be billed by AWS for every download from a bucket. If there is an unprecedented amount of traffic due to some malicious attack it will quickly become expensive. Hence, a bucket with public permissions should be made private.

Action

  • DELETE : Deletes the public S3 Buckets.

S3 VPC EndPoint

A VPC endpoint enables you to privately connect your VPC to your S3 Bucket without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network. As there are charges associated with internet gateways etc, this is a better and safer option.

Action

  • No action available yet.

UnderUtilized EC2 Instance

When an EC2 Instance has a CPU utlilization of less than 10% over a period of 5 days it is considered to be underutilized.

Action

  • STOP : Stops the underutilized EC2 instances.
  • TERMINATE : Terminates the underutilized EC2 instances.

Unused EBS

Elastic Block Stores that are provisioned but unattached incur some cost and hence should be deleted when unused.

Action

  • DELETE : Deletes the unused EBS.

Unused Load Balancers

Load Balancers with zero connections(unused) but in active state are still billed for by AWS.

Action

  • DELETE : Deletes the unused Load Balancers.

Unused PIOPS Disks

Provisioned IOPS disks that are are underutilized (ie when the average of datapoints is less than the volume of IOPS) for over a period of 5 days are still billed for by AWS.

Action

  • TERMINATE : Terminates the unused Provisioned IOPS Disks