Provider deep dive / Amazon Web Services
AWS Cost Management in 2026: every native tool, discount, and optimisation lever
AWS has 12+ native cost tools spread across consoles. This is the single-page reference: tools side by side, discount mechanisms ranked by ceiling and flexibility, the hidden charges that catch teams off guard, and a playbook of optimisations sorted by impact.
Tool inventory / 10 native cost tools
Every AWS cost tool, what it does, what it does not
| Tool | Cost | What it does | What it cannot do |
|---|---|---|---|
| Cost Explorer | Free UI, $0.01 per 1k API requests | Daily granularity, RI/SP coverage, group by tag, forecast. | Hourly granularity is paid. No anomaly detection without separate service. |
| AWS Budgets | First 2 budgets free, then $0.02/day each | Cost, usage, RI, and Savings Plan budgets with alerts. | Action-based budgets require additional setup. No native multi-account view. |
| Cost Anomaly Detection | Free | ML-based daily anomaly detection on services, accounts, or tags. | Lags by 24-48 hours. No real-time blocking. |
| Compute Optimizer | Free | Rightsizing recommendations for EC2, EBS, Lambda, ECS, RDS. | Needs 14+ days of CloudWatch data per resource. Memory metrics require the agent. |
| Trusted Advisor | Basic free, full requires Business or Enterprise Support | Idle instance, low-utilisation, unused IP, and stale snapshot checks. | Best content is paywalled behind support tier. |
| Cost Optimization Hub | Free | Aggregates Cost Explorer, Compute Optimizer, and Savings Plans into one ranked list. | Recommendations only, no automation. |
| Cost and Usage Report (CUR 2.0) | Free, S3 storage applies | Hourly line items, exportable to S3/Athena/QuickSight, FOCUS 1.3 GA. | Up to 24 hours behind. Schema is wide and complex. |
| Savings Plans recommendations | Free | Suggested commitment level based on past 7, 30, or 60 days. | No what-if simulation across instance type changes. |
| Reserved Instance recommendations | Free | Standard and Convertible RI suggestions per region. | Not aware of Savings Plan trade-offs. |
| Billing Conductor | $0.0125 per account per hour | Custom billing groups for chargeback in consolidated organisations. | Not a forecasting or optimisation tool. |
Discount stack / six commitment instruments
AWS discount mechanisms ranked
Compute Savings Plans
up to 66%- Commitment
- 1 or 3 years, hourly $ commit
- Flexibility
- EC2, Fargate, Lambda. Any region, any family.
Best default for variable infrastructure.
EC2 Instance Savings Plans
up to 72%- Commitment
- 1 or 3 years, hourly $ commit
- Flexibility
- Locked to instance family + region.
Use when family is stable and discount matters more than flexibility.
Standard Reserved Instances
up to 72%- Commitment
- 1 or 3 years
- Flexibility
- Locked to instance type + region. Sellable on RI Marketplace.
Legacy mechanism. Savings Plans cover most use cases now.
Convertible Reserved Instances
up to 66%- Commitment
- 1 or 3 years
- Flexibility
- Exchangeable for different family or OS.
Niche. Most teams pick Compute Savings Plans for similar flexibility.
Spot Instances
up to 90%- Commitment
- none
- Flexibility
- Interruptible with 2-minute warning.
ECS, EKS, batch, training, CI runners.
Enterprise Discount Program (EDP)
5-20% additional- Commitment
- $1M+ annual commit
- Flexibility
- Stacks on Savings Plans and RIs.
Negotiated. Stack with Reserved Instance Marketplace and PPAs.
Surprise line items / not on the pricing page
AWS-specific hidden cost catalogue
Eight charges that typically add 10-20% to an AWS bill. None of these appear on the headline pricing pages. Each row includes a one-sentence avoidance strategy.
| Item | List rate | How to avoid it |
|---|---|---|
| NAT Gateway | $0.045/GB processed + $0.045/hour ($32.85 baseline) | Use VPC endpoints (gateway endpoints are free for S3 and DynamoDB) and route private subnet egress through interface endpoints where possible. |
| Cross-AZ data transfer | $0.01/GB each direction | Pin chatty workloads to a single AZ. Use topology-aware routing in Kubernetes. |
| CloudWatch Logs ingestion | $0.50/GB | Drop debug logs at source. Use sampling. Push high-volume application logs to S3 instead. |
| EBS snapshot accumulation | $0.05/GB/mo | Lifecycle policies via DLM. Audit ageing snapshots quarterly. |
| Elastic IP when unused | $0.005/hour ($3.65/mo) | Release unattached EIPs. Use the unused-resource report in Cost Optimization Hub. |
| Route 53 | $0.50/zone/mo + $0.40 per million queries | Consolidate apex zones. Cache aggressively with longer TTLs where safe. |
| Application Load Balancer idle | $16.20/mo minimum even with no traffic | Delete ALBs in non-production after hours. Combine paths via host-based routing. |
| S3 request pricing | $5/million PUT, $0.40/million GET | Batch small writes. Use multipart for large objects. Cache GETs at CloudFront edge. |
Optimisation playbook / six moves ranked by impact
AWS savings playbook
Achieve 70%+ Savings Plans coverage on stable workloads
Typical impact: 20-30% bill reduction
Run a 30-day Cost Explorer coverage report. Buy Compute Savings Plans up to the steady-state floor. Avoid covering the spiky top, leave that for on-demand or Spot.
Migrate compatible workloads to Graviton 4 (ARM)
Typical impact: 20-40% on compute
Most managed services (RDS, ElastiCache, OpenSearch, Lambda) and Linux containers run unmodified on Graviton. Run a Compute Optimizer report filtered by Graviton compatibility.
Move stateless workloads to Spot or Fargate Spot
Typical impact: 60-90% on eligible compute
Batch jobs, CI runners, EKS data plane, and training workloads tolerate interruption. Use mixed-instance ASGs and capacity rebalancing.
Enable S3 Intelligent-Tiering on every general-purpose bucket
Typical impact: 20-40% on object storage
No retrieval fees, automatic tiering between Frequent and Infrequent Access. Add archive access tiers for cold data.
Rightsize using Compute Optimizer recommendations
Typical impact: 10-25%
Apply CPU and memory recommendations for workloads with 14+ days of metrics. Memory metrics require the CloudWatch agent.
Plug NAT Gateway leaks with VPC endpoints
Typical impact: $1k-3k per workload typical
Gateway endpoints (S3, DynamoDB) are free. Interface endpoints cost less than NAT for moderate-volume AWS API traffic.
Stay native
Below $200K/mo
Cost Explorer + Cost Optimization Hub + Compute Optimizer cover 80-90% of value. No third-party tool needed.
Evaluate
$200K to $1M/mo
Vantage, CloudHealth, or Spot.io if you have multi-cloud, complex chargeback, or need automated commitment management.
Likely needed
Above $1M/mo
Apptio Cloudability, Flexera, or CloudHealth Enterprise. Governance, contract management, and dedicated FinOps capacity become the limiting factor.
Common questions
FAQ
Are AWS native cost tools enough for a $200k per month bill?+
For a single-cloud AWS estate up to roughly $200k per month, the combination of Cost Explorer, Cost Anomaly Detection, Compute Optimizer, and Cost Optimization Hub covers 80-90% of what teams need. Above that level, or with multi-cloud or chargeback complexity, third-party platforms like Vantage, CloudHealth, or Cloudability earn their licence cost.
When do Compute Savings Plans beat Standard RIs?+
Compute Savings Plans win whenever workload composition might change: family migrations (x86 to Graviton), region expansion, or service mix shifts (EC2 to Fargate). Standard RIs win only when the configuration is genuinely fixed for the full 1 or 3-year term and the extra 5-10% discount matters more than flexibility. For most teams in 2026, Compute Savings Plans are the right default.
How do I avoid surprise NAT Gateway bills?+
Three steps. First, audit NAT Gateway data processing in Cost Explorer grouped by usage type. Second, add VPC gateway endpoints for S3 and DynamoDB (these are free and remove most NAT volume). Third, add interface endpoints for high-traffic AWS APIs like ECR, CloudWatch Logs, and Secrets Manager. The break-even versus NAT is around 5 GB per day per endpoint.
Is Trusted Advisor worth the Business Support tier?+
If your AWS spend exceeds $30k per month and you do not have a third-party FinOps tool, the case is good. Business Support is 10% of monthly bill (minimum $100). The full Trusted Advisor checks plus 24x7 support typically pay for themselves through one or two avoided incidents and the cost recommendations. Below $30k, the free tier of Trusted Advisor plus Cost Optimization Hub usually covers what you need.
What is the EDP and when does it apply?+
The Enterprise Discount Program is a private negotiated agreement with AWS, typically requiring a $1M+ annual commit. It adds 5-20% on top of Savings Plans and RIs and often includes private pricing for specific services. EDPs are reviewed annually and have ramp clauses that penalise underuse, so the commit level needs disciplined forecasting.
Continue reading