Blog / Insights / Hidden Cloud Cost Leaks
Strategy

5 Cloud Cost Leaks Teams Miss in Monthly Reviews

R By Rose 3 min read

Pattern

Quiet monthly leakage

The expensive items are often the ones nobody notices because they still look normal in a quick review.

Risk

State without behavior

Running state alone does not tell you whether a resource still earns its monthly cost.

Use

A standing review checklist

Use these five patterns as a fixed monthly check before the next bill review turns into argument.

In most monthly reviews, the same argument comes back: "we already cleaned up last week, why is the bill still high?" The answer is usually a set of resources that look harmless but keep billing quietly. These are the five leaks we see most often in audits.

1. The "Idle" NAT Gateway

Cost: ~$32.85 / month per gateway

Developers often spin up a private VPC with a NAT Gateway for a quick test. When they delete the EC2 instances, they often forget the NAT Gateway.

The Trap: AWS charges an hourly rate for NAT Gateways even if zero traffic flows through them. If you have 5 dev environments, that’s $165/month wasted on absolute silence.

2. The "Stopped" Elastic IP

Cost: $3.60 / month per IP

Most people know that unattached IPs cost money. But did you know that an IP attached to a stopped instance also costs money?

AWS treats IPv4 addresses as a scarce resource. If you aren't using it (because your VM is off), they penalize you. Our scanner specifically checks for this "Attached-but-Stopped" state.

3. The Zombie RDS

Cost: $15 - $500+ / month

We often find RDS instances that are "Available" (running) but haven't had a single connection in weeks. These are usually leftovers from a feature branch or a POC.

Our Solution: We query CloudWatch metrics for `DatabaseConnections`. If the max connection count is 0 for 7 days, it's a zombie. Kill it.

4. Old AMIs & Snapshots

Cost: Storage fees accumulate indefinitely

Every time your CI/CD pipeline builds a new image, it creates an AMI and a Snapshot. Fast forward a year, and you have 2,000 old images storing terabytes of data.

Manual cleanup is terrifying because you might delete the base image for Production. Cloud Waste Scanner Pro cross-references running instances to ensure we never touch an active AMI.

5. The Low-Traffic EC2

Just because an instance is "Running" doesn't mean it's useful. We frequently see `m5.large` instances with 0.1% CPU utilization.

Simple scripts miss these because they read state, not behavior. We correlate low CPU and low network activity to catch machines that are technically alive but operationally empty.

How to use this list

Use these five checks as a monthly review baseline, then confirm each item with exports the team can actually discuss. A useful review is not a tour of the bill. It is a short list of findings that somebody can close.

For deeper root-cause patterns behind these checks, read Deep FinOps Anatomy. If you want incident-style examples for team onboarding, use Cloud Waste Horror Stories.

Try Cloud Waste Scanner

Run the same checks in your own environment

Save your first $1,000 before the next billing cycle.

Download Trial View Pricing