6 new ways to reduce your AWS bill with little effort

Michael Wittig – 07 May 2019

The last time we wrote about how to save AWS costs was at the end of 2015. AWS has changed a lot since then.

Cost Savings

It’s time for an update with six new tips to save AWS costs with little effort.

EC2 AMD Instances

AWS introduced AMD-powered EC2 instances that are 10% cheaper compared to the Intel-powered Instances. They provide the same resources (CPU, memory, network bandwidth) and run the same AMIs. The following table shows a mapping from Intel to AMD instance families.

Purpose Intel family AMD family
Burstable t3 t3a
General m5 m5a
Memory-optimized r5 r5a

You can switch to an AMD family by stopping your EC2 instance, changing the instance type, and starting the instance again. Those steps will pay off quickly.

Saving potential: 10% over Intel-based instance types

AWS is also working on ARM-based EC2 instances. They are even cheaper (~40%), but the architecture is different and cannot run your Intel/AMD AMIs.

Use VPC endpoints instead of NAT gateways

Many VPC architectures make use of private subnets (a subnet without a route to the Internet via an IGW). You can even run public websites in such a setup if your load balancer runs in public subnets as shown in the following figure.

AWS architecture with private and public subnets using NAT gateways

The diagram was created with Cloudcraft - Visualize your cloud architecture like a pro.

But we also see many EC2 based architectures to make use of AWS services such as SQS, S3, DynamoDB, and so on. To use those services, we have to make calls to the AWS API over Internet. In private subnets, this was often done using NAT gateways (or more dated NAT instances) which increase your traffic costs.

There are three ways to eliminate or at least reduce the extra traffic costs:

  1. For S3 and DynamoDB, you can create a Gateway VPC Endpoint which is free and lets you communicate to S3 and DynamoDB from private subnets without natting.
  2. For some AWS services, you can create an Interface VPC Endpoint which is cheaper than a NAT gateway.
  3. Run your workloads in public subnets and protect them with security groups.

The following figure shows how to use VPC endpoints to access AWS services without natting while still running in private subnets.

AWS architecture with private and public subnets using VPC endpoints

The following table shows the options you have if you decide to stay in private subnets.

Gateway VPC Endpoint Interface VPC Endpoint NAT Gateway
Supported AWS services S3, DynamoDB some all
Price per hour1 free $0.01 $0.0452
Price per GB1 free $0.01 $0.045

As you can see, using Gateway VPC Endpoints is cheaper than using Interface VPC Endpoint which is cheaper than using NAT Gateways

Saving potential: Depends on your traffic

Convertible Reserved EC2 Instances

Reserved EC2 instances are all yours for one or three years. You pay for them no matter if you use them. Reserved instances are cheaper than on-demand instances that are billed in seconds or minutes. Since AWS launched instance reservations, they become much more flexible. With Convertible Reserved EC2 Instances, you can modify the instance family of a reservation. This is very handy if you have 3-year reservations and AWS launches a new generation of the instance family that you use. E.g., going from m4 to m5. Convert all your m4 reservations to m5 reservations and modernize your EC2 instances fleet accordingly without losing money because of old reservations.

Saving potential: Additional 25% over On-Demand (assuming you can now go from 1-year terms to 3-year terms)

EC2 Spot Instances

The AWS spot market has become very stable. In combination with the support of Multiple Instance Types and Purchase Options in Auto Scaling Groups, you can now make use of spot instances in production environments without increasing the engineering overhead.

Saving potential: 70-90% over On-Demand

DynamoDB on-demand

DynamoDB On-Demand is a new feature to reduce the costs of most DynamoDB tables. With DynamoDB On-Demand, you can use DynamoDB without provisioning and paying for capacity. Instead, you pay per request. Sounds amazing? I was excited and re-configured all DynamoDB tables of our SaaS product marbot: cloud-native alerting for CloudWatch via Slack. The DynamoDB costs went down by 90%.

Saving potential: Depends on your workload (for small, spiky workloads up to 90% over DynamoDB with provisioned capacity)

S3 Intelligent-Tiering

S3 Intelligent-Tiering moves objects (>= 128KB) from Standard Storage ($0.023 per GB/month) to Infrequent Access Storage ($0.0125 per GB/month, minus 45%) if the objects are not accessed within 30 days. Additionally, you pay $0.0000025 per object/month for the management of the storage classes. Because of the per-object fee, the pricing model works better for larger objects than for smaller objects.

Saving potential: Depends on your workload

Summary

AWS is changing fast. Every day, new capabilities are released. Some of them can help you to reduce your AWS bill.

Saving potential Action item
10% over Intel-based instance types Switch to AMD-based instances
Depends on your traffic Reduce NAT traffic with VPC endpoints
25%-50% over On-Demand Reserve instances without losing instance family flexibility
70-90% over On-Demand Using Spot Instances in Auto Scaling Groups
Depends on your workload Switch to DynamoDB on-demand
Depends on your workload Enable S3 Intelligent-Tiering

Do you know another trick to save AWS costs? Let me know! michael@widdix.de, LinkedIn, or @hellomichibye.


  1. 1. All prices apply to the us-east-1 region
  2. 2. For high availability, you need one NAT Gateway per AZ
Tags: aws costs
Michael Wittig

Michael Wittig

I’m the author of Amazon Web Services in Action. I work as a software engineer, and independent consultant focused on AWS and DevOps.

You can contact me via Email, Twitter, and LinkedIn.

Briefcase icon
Hire me
Cover of Rapid Docker on AWS

New book: Rapid Docker on AWS

A rapid way to get your web application up and running on AWS. Made for web developers and DevOps engineers who want to dockerize their web applications and run their containers on Amazon Web Services. Prior knowledge of Docker and AWS is not required.

Buy icon
Buy now
Marbot Logo

Incident Management for Slack

Team up to solve incidents with our chatbot marbot. Never miss a critical alert. Escalate alerts from your AWS infrastructure among your team members. Strong integrations with all parts of your AWS infrastructure: CloudWatch, Elastic Beanstalk, RDS, EC2, ...

Slack icon
Try for free
📚 Rapid Docker on AWS
A rapid way to get your web application up and running on AWS. Learn how to package your application into Docker containers. Learn more.