top of page
  • Cloud Life Team

Cloud Custodian: Unleashing Cost Savings in AWS


Let's dive into the world of Cloud Custodian and explore how it can help you save costs in AWS. This is a tool that we at Cloud Life Consulting has been using for the past couple of years to help our clients save money in AWS. For those new to the concept, Cloud Custodian is an open-source policy-as-code framework that enables you to manage your AWS resources in a more efficient way. By creating and implementing a range of policies, you can not only automate cost-saving measures but also enhance security and maintain compliance. We'll walk you through three example policies and give you a rough estimate of their potential yearly savings. So, whether you're an AWS newbie or a seasoned pro looking to cut costs, stay tuned for some handy tips and tricks!

Policy 1: Right-Sizing EC2 Instances

Over-provisioned EC2 instances are a common issue that can lead to unnecessary costs. By analyzing your instance usage and adjusting the instance type accordingly, you can save considerably on your AWS bill. Cloud Custodian allows you to identify underutilized instances and notify users to take action.

Consider the following policy:

  - name: ec2-rightsize
    resource: aws.ec2
      - type: metrics
        name: CPUUtilization
        days: 14
        period: 86400
        value: 20
        op: less-than
      - type: notify
        template: default.html
        priority_header: '1'
        subject: 'EC2 Instance {{ account }} is underutilized'
          - resource-owner
          type: sqs
          queue: ''

This policy checks the average CPU utilization of all EC2 instances over 14 days. If the CPU utilization is less than 20%, a notification is sent to the resource owner. For example, if you downsize an m5.xlarge instance to an m5.large instance, you could save approximately $750 per year.

Policy 2: Remove Unused EBS Volumes

EBS volumes no longer attached to an EC2 instance can accumulate, leading to unnecessary costs. With Cloud Custodian, you can create a policy to automatically remove unattached EBS volumes after a specific period.

Here's an example policy:

  - name: ebs-unused
    resource: aws.ebs
      - State: available
      - type: age
        days: 7
        op: greater-than
      - delete

This policy identifies EBS volumes in the "available" state and unattached for more than seven days. It then proceeds to delete these volumes. For example, deleting five unused 100 GB gp2 EBS volumes could save around $600 per year.

Policy 3: Stop Underutilized RDS Instances

RDS instances can be costly, especially when left running without active usage. Cloud Custodian can help you identify underutilized RDS instances and stop them automatically.

Consider this policy:

  - name: rds-underutilized
    resource: aws.rds
      - type: metrics
        name: CPUUtilization
        days: 14
        period: 86400
        value: 10
        op: less-than
      - stop

This policy checks the average CPU utilization of all RDS instances over 14 days. If the CPU utilization is less than 10%, the RDS instance will be stopped. For example, if you stop an RDS t3.large instance on weekends (104 days per year), you could save approximately $300 annually.

Wrapping Up

Cloud Custodian is a powerful tool that can help you optimize your AWS infrastructure and achieve significant cost savings. By automating the management of your resources through policy-driven actions, you can efficiently control costs, improve security, and maintain compliance.

The three example policies provided in this post are just the beginning of what Cloud Custodian can do. As you explore its capabilities further, you can create and implement more advanced policies tailored to your specific use cases and infrastructure needs. With the right policies in place, you can save thousands of dollars annually and ensure that your AWS environment runs efficiently and cost-effectively.

Remember that continuous monitoring and optimization are essential for maintaining a cost-effective infrastructure. As your organization grows and evolves, regularly review and update your Cloud Custodian policies to keep up with changing requirements and usage patterns.

1 view

Recent Posts

See All

Steps to Upgrade IPv4 to IPv6

As you probably know AWS is now charging for the use of every public IPv4 IP address used in your environment. The current rate is $.005/hr and while that doesn’t sound like much it amounts to approxi

How to Read IPv6 Addresses

IPv6 (Internet Protocol version 6) addressing has been around about 20 years now. It was implemented when it became apparent that we would run out of IPv4 addresses. The move to IPv6 has been slow but

Discover How Many IPv4 Addresses You will be Charged For

Starting Feb 1, 2024 AWS will charge your account for every IPv4 in your account whether it is attached or not. That is approx. $45/year for every single IPv4. Here are AWS services that can assign pu


bottom of page