3 (expensive) misconfigurations on AWS

Aug 4, 2017 | Announcements, Migration, MSP

Here at nClouds we work extensively with AWS while assisting our clients with cloud migration, building deployment pipelines, or just managing their cloud infrastructure. We all know that AWS innovates fast. They are always adding new services and then updating them. Even for an organization like ours that specializes in AWS consulting, it’s sometimes hard to stay current on all the latest features and functions in AWS. In this blog, we want to share some of our lessons learned on misconfigurations that can end up costing you money (and there are some potentially expensive ones!). We already have validation for these misconfigurations built into our processes, and we enthusiastically recommend that you do the same.

VPC end point for S3
A VPC endpoint enables you to create a private connection between your VPC and another AWS service without requiring access to the Internet. For example, if you are transferring lots and lots of data from your app to S3 buckets, or between buckets from different environments using EC2, it’s important that you configure VPC endpoint, especially when doing transfers from a private subnet behind an NAT gateway. While VPC endpoint transfers are free, AWS charges $0.045 per GB of data processed by the NAT gateway. If you are transferring terabytes of data, the costs add up quickly.

Overprovisioning IOPS
Generally, AWS charges $0.065 for a single provisioned IOPS per month, which doesn’t sound so expensive on its own. However, if you provision 10,000 IOPS, it means the cost will be $650 a month. If you know you need it, that’s fine. But if you don’t, we suggest you to pay close attention to the amount of provisioned IOPS that you will need. Paying for provisioned IOPS that you will not be using is taking money away from other resources you might need.

Unused volumes
The majority of our clients scale their infrastructure based on demand, using automation. We discovered that sometimes when you terminate these resources, there may be no housekeeping service built into the process to clean out unused resources. As a result, you will see lots of unused volumes. These unused volumes still cost money, especially if you are using provisioned IOPS. We recommend that you implement a process to detect unused volumes as they happen during an automated process, and delete them after the process is complete. We recommend that your automation enables Delete on Termination where-ever possible for volumes.

We’ll be sharing more lessons learned in future blogs. We would love to learn more about some of the ways you’ve discovered waste in your infrastructure.

If you’re interested in finding and eliminating waste in your infrastructure, we recommend signing up for can send real-time notifications of these types of violations and much more.

If you need some AWS consulting or DevOps consulting, contact us here at nClouds. We’d love to help.


nClouds is a cloud-native services company that helps organizations maximize site uptime, performance, stability, and support, bringing out the best of their people and technology using AWS