Apr 08, 2026 Cloud · 5 min read

What I Find in Every AWS Cost Audit

After auditing dozens of AWS accounts, the same three problems keep showing up. Here's what they are, why they happen, and how to fix them.

After auditing dozens of AWS accounts, the same three problems show up in almost every one. Not because the teams are careless — they’re not. They happen because AWS billing is designed to be granular, and granularity hides patterns.

Here’s what I find, why it happens, and what to do about it.

1. Cross-AZ data transfer you don’t know about

Typical impact: $3,000–$10,000/month

AWS charges for data moving between Availability Zones within the same region. The charge is small per GB ($0.01), but it accumulates fast when services are calling each other constantly.

The problem: this shows up in your Cost Explorer as a single line item — “Data Transfer - Regional” — but it comes from dozens of services. Without digging into the details, there’s no obvious way to know which services are generating it.

What I usually find: two services that were deployed in different AZs for redundancy, but are now calling each other thousands of times per minute. A message queue consumer in us-east-1a pulling from a broker in us-east-1b. A microservice calling a database in a different zone.

The fix: In most cases, a single VPC endpoint or a configuration change that co-locates the chatty services. Implementation time: a few hours. Impact: immediate.

2. Orphaned EBS volumes and forgotten snapshots

Typical impact: $1,000–$5,000/month

When an EC2 instance is terminated, the default behavior changed a few years ago — EBS volumes are now deleted by default. But before that change, volumes were kept. And snapshots are always kept.

The result: AWS accounts older than a few years have a trail of orphaned volumes (from instances terminated before the default changed) and hundreds of snapshots nobody remembers creating.

Snapshots are $0.05/GB/month. At scale, that adds up: 100 snapshots averaging 100GB each is $500/month. I’ve seen accounts with 2,000 snapshots accumulated over five years.

The fix: AWS has a Data Lifecycle Manager that can automate snapshot retention policies. For existing orphans: a one-time audit to identify volumes with no active instance and snapshots past your retention window. This is safe to clean up — just verify you don’t need them before deleting.

3. The RDS instance that was sized for a traffic spike

Typical impact: $1,500–$4,000/month

This is the most predictable finding. The pattern is always the same:

  1. A traffic spike or scaling event happens
  2. Someone upgrades the RDS instance to handle it
  3. Traffic normalizes
  4. The instance stays at the larger size

Nobody goes back and right-sizes it. The upgrade felt urgent; the downgrade feels risky. So the overpowered instance runs indefinitely.

CloudWatch metrics tell the story: if average CPU on your RDS instance is below 20% and average connections are a fraction of the instance’s capacity, you’re overpaying.

The fix: Right-size the instance. For production RDS, this requires a maintenance window and brief downtime. The risk is low — you’re just changing instance size, not the data. I’ve seen this save $2,000–$4,000/month in a single change.

Why these three?

They all share the same root cause: AWS charges for things that are easy to forget about.

Data transfer charges are invisible until you look at the right report. Orphaned volumes accumulate quietly. Oversized instances feel stable, so nobody revisits them.

The businesses I audit aren’t negligent — they’re busy. The team that set up the infrastructure moved on. The new team inherited a bill they don’t fully understand. Nobody has time to audit every line item in a cost report that runs 50,000 rows.

That’s exactly what a cost audit is for.

What a cost audit looks like

An AWS cost audit is a structured review of your account — not a vague “assessment,” but a specific process that produces specific findings.

Here’s what I look at in a typical 4-hour engagement:

  • Cost Explorer analysis: Identify the top 10 cost drivers and month-over-month trends
  • Data transfer breakdown: Isolate cross-AZ vs. internet egress vs. CloudFront
  • EC2 + RDS rightsizing: CloudWatch metrics against instance size, Savings Plans coverage
  • EBS volume + snapshot audit: Identify orphaned volumes and snapshots past retention policy
  • Reserved Instance / Savings Plans coverage: Are you paying on-demand for workloads that run 24/7?
  • S3 cost review: Storage class vs. access patterns, lifecycle policies

Deliverable: a prioritized findings report with estimated monthly savings for each item and implementation effort.

What to expect

In a typical account spending $15,000–$50,000/month, I find between $5,000 and $15,000/month in recoverable spend. Sometimes more.

The audit itself is a flat $2,500 fee, no-savings/no-fee. If I don’t find at least $2,500/month in identifiable savings, you don’t pay.

If your AWS bill is over $10,000/month and you haven’t done a cost audit in the last year, there’s almost certainly something in there.

Get started

Contact me or email nick@coldsmokeconsulting.com to schedule a cost audit. I’ll ask for read-only access to your AWS account (a CloudFormation template that creates the right IAM role, no manual setup required) and we’ll schedule a 30-minute kickoff call.

Turnaround is typically 5–7 business days from access grant to findings report.

Nick Allevato is an AWS Certified Solutions Architect Professional with 20 years of infrastructure experience across SaaS, fintech, and enterprise. He runs Cold Smoke Consulting, an independent AWS practice focused on cost optimization, security, and GenAI infrastructure.

← All insights Work with us