Something went wrong!
Hang in there while we get back on track
Multi-Region Cost Spike Investigation
Systematic investigation framework for identifying hidden AWS costs across multiple regions, with 7 common culprits and ready-to-run discovery commands.
Input
What you provide to the skill
AWS bill jumped $200 this month but I canβt find the culprit. We run workloads in us-east-1, us-west-2, and eu-west-1. Help me identify hidden costs.
Output
What the skill generates for you
AWS Cost Investigation Report
Situation Analysis
$200 spike in monthly AWS costs across 3 regions (us-east-1, us-west-2, eu-west-1).
Phase 1: High-Priority Hidden Cost Discovery
Run these commands in each region to identify common cost spike culprits:
1. NAT Gateways π΄ HIGH IMPACT ($32-45/month each)
# us-east-1
aws ec2 describe-nat-gateways \
--region us-east-1 \
--query 'NatGateways[?State==`available`].{ID:NatGatewayId,VPC:VpcId,Subnet:SubnetId,Created:CreateTime}' \
--output table
# us-west-2
aws ec2 describe-nat-gateways \
--region us-west-2 \
--query 'NatGateways[?State==`available`].{ID:NatGatewayId,VPC:VpcId,Subnet:SubnetId,Created:CreateTime}' \
--output table
# eu-west-1
aws ec2 describe-nat-gateways \
--region eu-west-1 \
--query 'NatGateways[?State==`available`].{ID:NatGatewayId,VPC:VpcId,Subnet:SubnetId,Created:CreateTime}' \
--output table
Cost Impact: 6 NAT gateways (2 per region) = ~$210/month
2. Idle Load Balancers π΄ HIGH IMPACT ($16-25/month each)
# Check all 3 regions (replace REGION)
aws elbv2 describe-load-balancers \
--region REGION \
--query 'LoadBalancers[*].{Name:LoadBalancerName,Type:Type,Created:CreatedTime,State:State.Code}' \
--output table
Cost Impact: 10 idle ALBs = ~$220/month
3. Stopped EC2 Instances (with EBS) π‘ MEDIUM IMPACT
# Check for stopped instances in each region
aws ec2 describe-instances \
--region REGION \
--filters Name=instance-state-name,Values=stopped \
--query 'Reservations[*].Instances[*].{ID:InstanceId,Type:InstanceType,Name:Tags[?Key==`Name`]|[0].Value}' \
--output table
Cost Impact: Stopped m5.xlarge with 500GB EBS = ~$50/month
4. Cross-Region Data Transfer π΄ HIGH IMPACT
# Check for VPC Peering connections
aws ec2 describe-vpc-peering-connections \
--region us-east-1 \
--query 'VpcPeeringConnections[?Status.Code==`active`].{ID:VpcPeeringConnectionId,RequesterRegion:RequesterVpcInfo.Region,AccepterRegion:AccepterVpcInfo.Region}' \
--output table
Cost Impact: 2TB cross-region transfer = ~$180/month
5. RDS Snapshots π‘ MEDIUM IMPACT
# Check RDS snapshots in each region
aws rds describe-db-snapshots \
--region REGION \
--query 'DBSnapshots[*].{ID:DBSnapshotIdentifier,Size:AllocatedStorage,Created:SnapshotCreateTime,Type:SnapshotType}' \
--output table
Cost Impact: 2TB old snapshots = ~$190/month
6. Unattached EBS Volumes π‘ MEDIUM IMPACT
# Check each region
aws ec2 describe-volumes \
--region REGION \
--filters Name=status,Values=available \
--query 'Volumes[*].{ID:VolumeId,Size:Size,Type:VolumeType,Created:CreateTime}' \
--output table
Cost Impact: 2TB unattached = ~$200/month
7. Unused Elastic IPs π’ SAFE CLEANUP
aws ec2 describe-addresses \
--region REGION \
--query 'Addresses[?AssociationId==null].{IP:PublicIp,AllocationId:AllocationId}' \
--output table
Cost Impact: 50 unused IPs = ~$180/month
Most Likely Culprits for $200 Spike
| Scenario | Typical Cost | Check |
|---|---|---|
| 6 forgotten NAT Gateways | $210/month | Run NAT Gateway commands |
| 2TB unattached EBS volumes | $200/month | Run EBS volume commands |
| 2TB RDS snapshots | $190/month | Run RDS snapshot commands |
| 10 idle ALBs | $220/month | Run load balancer commands |
| Cross-region data transfer | $180/month | Check Cost Explorer |
Immediate Action Plan
Step 1: Run Discovery (30 minutes)
Execute all discovery commands for all 3 regions.
Step 2: Identify Top 3 Cost Drivers (15 minutes)
Based on results, identify highest cost impact resources.
Step 3: Quick Wins (1 hour)
Release unused Elastic IPs:
aws ec2 release-address \
--allocation-id ALLOCATION_ID \
--region REGION
Delete unattached EBS volumes (snapshot first):
aws ec2 create-snapshot \
--volume-id VOLUME_ID \
--description "Backup before cleanup" \
--region REGION
aws ec2 delete-volume \
--volume-id VOLUME_ID \
--region REGION
Cost Monitoring Setup
Prevent future surprises:
# Tag all resources for cost tracking
aws ec2 create-tags \
--resources RESOURCE_ID \
--tags Key=Environment,Value=dev Key=Owner,Value=yourname \
--region REGION
Run the discovery commands and share results - Iβll pinpoint your $200 spike within minutes.
About This Skill
Identify and safely clean up unused AWS resources with prioritized audit checklists and ready-to-use CLI commands.
View Skill DetailsMore Examples
Comprehensive AWS Account Audit
Complete audit framework with prioritized resource checklist, ready-to-run discovery commands for 8+ resource types, and cost impact analysis.
EBS Volumes Safe Deletion with Rollback
Complete runbook for safely deleting unattached EBS volumes including safety checklist, snapshot backup, bulk deletion commands, and rollback procedures.