5 Tools To Detect Unused AWS Resources
Explore five essential tools for UK SMBs to identify and eliminate unused AWS resources, helping to control cloud costs effectively.
Avoiding unused AWS resources is crucial for UK small and medium-sized businesses (SMBs) looking to control cloud costs. Idle EC2 instances, unattached EBS volumes, or unused Elastic IPs can silently increase your AWS bill. With nearly half of SMB leaders having limited cloud knowledge, managing this waste is vital. Below are five tools to help you identify and reduce unnecessary AWS expenses:
- AWS Trusted Advisor: Scans for idle resources and provides actionable recommendations. Basic checks are free; full features require a paid support plan.
- AWS Cost Explorer: Analyses billing data to highlight underutilised resources and spending trends. Free to use, with minimal costs for advanced API requests.
- AWS Config: Tracks resource configurations and flags orphaned resources like unattached EBS volumes or unused security groups. Operates on pay-as-you-go pricing.
- Amazon CloudWatch: Monitors usage metrics in real-time, identifying idle database tables or underused instances. Includes a free tier with affordable pricing for additional features.
- IAM Access Analyzer: Reviews unused IAM permissions and overly permissive policies, enhancing security and reducing costs. Free for external access checks; minimal charges for deeper internal analysis.
These tools can help businesses cut waste, improve cost efficiency, and strengthen resource management. For UK SMBs, starting with AWS Trusted Advisor and AWS Cost Explorer offers a simple and cost-effective way to optimise AWS usage.
Quick Comparison
| Tool | Detection Focus | Cost Structure | Best For |
|---|---|---|---|
| AWS Trusted Advisor | Idle resources, cost optimisation | Free with basic checks; paid plans for full features | Broad recommendations for SMBs |
| AWS Cost Explorer | Billing trends, underutilised resources | Free with minimal API costs | Detailed financial analysis |
| AWS Config | Orphaned resources, compliance | Pay-as-you-go | Compliance and configuration tracking |
| Amazon CloudWatch | Real-time metrics, idle resources | Free tier + low additional costs | Real-time monitoring and cost control |
| IAM Access Analyzer | Unused IAM permissions | Free external checks; low internal analysis fees | Security and permissions management |
These tools, used together or individually, can help UK SMBs maintain control over AWS costs while improving resource efficiency.
Find and Delete all AWS Resources Using Cost Explorer & Tag Editor | AWS Tutorial for Beginners
1. AWS Trusted Advisor
AWS Trusted Advisor is a tool designed to help you identify cost-saving opportunities by scanning your AWS environment for unused or underutilised resources. It has already helped AWS customers save millions of pounds by pinpointing areas where costs can be reduced.
What It Detects
Trusted Advisor identifies idle resources, such as EC2 instances that have been stopped for over 30 days or Elastic IP addresses that aren't associated with any running instance. Its recommendations fall into six key categories: Cost Optimisation, Performance, Security, Fault Tolerance, Service Limits, and Operational Excellence. These insights aim to help you cut unnecessary expenses on your AWS bill.
Automating Tasks
The tool can simplify your workflow by sending weekly email updates summarising its findings. If you're looking for more advanced automation, you can integrate Trusted Advisor with Amazon EventBridge to detect changes in check statuses and trigger actions like sending alerts. Furthermore, by connecting it with Amazon CloudWatch, you can set up AWS Lambda functions to automatically address the issues Trusted Advisor uncovers.
How It Reports
Trusted Advisor presents its findings in a colour-coded console for easy interpretation:
- Red: Immediate action required
- Yellow: Review recommended
- Green: No issues detected
- Grey: Excluded checks
The console provides a summary of results, potential monthly savings, and recent updates, and you can download detailed reports in .xls format. For those needing more advanced reporting, the Trusted Advisor Organisational (TAO) Dashboard uses Amazon QuickSight to generate detailed, consolidated reports. These reports highlight key findings on idle resources, offering a broader view of your AWS environment.
Is It Right for UK SMBs?
The features available in Trusted Advisor depend on your AWS Support Plan. Basic checks are accessible to all AWS users, but full access requires a paid plan. For example, Developer Support starts at £29 per month or 3% of your AWS charges, while Business Support begins at £100 per month and includes all Trusted Advisor features. This pricing structure makes it an appealing option for UK small and medium-sized businesses, especially since it's integrated directly into the AWS console, requiring no extra setup.
2. AWS Cost Explorer
AWS Cost Explorer offers a way to visualise your billing data, making it easier to spot areas of unnecessary spending in your AWS setup. Instead of scanning resources directly, it uses detailed billing analysis to uncover anomalies and trends that may point to unused or underutilised services. These insights enable swift action to reduce costs and work seamlessly alongside other AWS tools.
Scope of Detection
The Resource Optimisation report within Cost Explorer is particularly effective at identifying underutilised EC2 instances by analysing compute usage patterns. It also highlights underused Reserved Instances and untagged resources, both of which can lead to unexpected expenses. By examining cost metrics such as unblended, amortised, and net costs, the tool provides a well-rounded view of your AWS spending. Additionally, it offers forecasted costs based on historical usage, helping to predict potential spikes in expenditure.
Reporting Format
Cost Explorer translates your AWS spending data into easy-to-understand visuals, making cost patterns more apparent. Its dashboard includes 13 months of historical data plus a 12-month forecast, helping you track spending trends and identify top cost contributors. Reports can be exported as CSV files for further analysis. The tool also uses automated trend analysis to flag unusual cost or usage events. Its Cost Comparison feature highlights significant month-to-month cost changes and identifies the key drivers behind them. For budget-conscious businesses in the UK, these features provide a clear and actionable financial overview.
Suitability for UK SMBs
Cost Explorer is particularly appealing to UK small and medium-sized businesses. The tool itself is free to use, with programmatic API requests costing just £0.01 per page. It integrates smoothly with AWS Budgets, allowing businesses to set spending limits and receive alerts when costs exceed expectations. This makes it easier to maintain financial control without requiring a dedicated monitoring team. For instance, one UK SMB used Cost Explorer to identify underused EC2 instances, resizing or terminating them to achieve tangible savings.
That said, the tool does have some limitations. It lacks the ability to provide highly granular data, offers limited support for custom metrics, and may experience delays in data updates, which could be a challenge for businesses scaling rapidly. Still, by linking detailed cost data with resource usage, Cost Explorer equips UK SMBs to cut waste and manage their AWS spending more effectively.
For more advice on optimising your AWS environment, UK SMBs can explore AWS Optimisation Tips, Costs & Best Practices for Small and Medium Sized Businesses by Critical Cloud (https://aws.criticalcloud.ai).
3. AWS Config
AWS Config builds on the billing and usage analytics offered by other tools, focusing on resource configuration to pinpoint idle and orphaned resources. This service tracks resource changes and checks compliance against pre-set rules. Unlike AWS Cost Explorer, which centres on billing, AWS Config takes a configuration-first approach, making it a valuable tool for businesses looking to improve cost efficiency and security.
Scope of Detection
AWS Config is particularly effective at identifying orphaned resources - infrastructure components that are no longer in use. These include unattached EBS volumes, Elastic IPs not linked to active resources, load balancers without backend instances, and unused security groups. It also keeps an eye on IAM roles and access keys that are no longer necessary, which could pose security risks over time.
The financial impact of these resources can add up quickly. For example, unattached EBS volumes and idle Elastic IPs still incur costs. Similarly, unused security groups or network interfaces can create vulnerabilities that might be missed in security reviews.
| AWS Service | Potential Orphaned Resources | Notes |
|---|---|---|
| EC2 | Unattached EBS volumes, Elastic IPs, deprecated AMIs | Elastic IPs incur charges even when idle |
| Elastic Load Balancing | Load balancers with no registered targets | Can generate hourly charges if left unused |
| VPC Networking | Orphaned ENIs, unused security groups | Detached interfaces still incur charges |
| RDS | Manual snapshots after instance deletion | Snapshots billed based on storage size |
| IAM | Unused IAM roles, access keys | Potential security risks if left unchecked |
| S3 | Buckets with no recent activity | Requires careful review before deletion |
Automation Capabilities
AWS Config simplifies the remediation of noncompliant resources by integrating with AWS Systems Manager Automation documents. These documents outline specific actions that can be taken on resources flagged by Config Rules. Auto remediation can be set up directly in the AWS Management Console by linking these actions to the relevant rules.
The service provides pre-built remediation actions but also allows for custom actions through SSM documents. For example, FinOps teams can use AWS Config to enforce tagging standards across the organisation, ensuring all resources are appropriately tagged. This not only helps with financial oversight but also makes cloud spending more predictable.
For troubleshooting issues, the AWS CLI command describe-remediation-execution-status can help diagnose failed remediation attempts. However, keep in mind that auto remediation may sometimes activate for compliant resources due to periodic compliance data snapshots.
Reporting Format
"AWS Config provides resource configuration management, compliance evaluation, remediation, security analysis, change impact assessment, historical tracking, and data aggregation for AWS resources."
AWS Config delivers insights through detailed configuration timelines and compliance dashboards. Regular monitoring of EC2, Elastic Load Balancing, VPC Networking, RDS, IAM, and S3 services can help reduce unnecessary costs and operational risks. When paired with CloudWatch metrics, AWS Config becomes even more effective at identifying idle resources while evaluating configurations.
To maximise its benefits, businesses should enforce mandatory tagging (e.g., Application, Owner, LastUpdated) and flag untagged resources. Setting up automated actions, such as notifications, quarantines, or deletions after a grace period, can further streamline cost management.
Suitability for UK SMBs
AWS Config operates on a pay-as-you-go model, which can be economical, but costs can escalate if not managed carefully. For UK SMBs, Config costs might even surpass those for compute or storage if improperly configured. The service offers a free tier for the first 7,500 configuration items within 30 days.
Here’s a breakdown of pricing:
- Continuous recording: approximately £0.002 per configuration item.
- Periodic recording: around £0.008 per configuration item.
- Rule evaluations: about £0.0007 per evaluation for the first 100,000 evaluations per region per month.
One company managed to cut its daily AWS Config costs by 35%, from £1.44 to £0.94, by disabling ResourceCompliance recording.
"AWS Config is powerful - no doubt about that. But its cost model can catch teams off guard, especially at scale."
For SMBs, AWS Config may feel expensive if it accounts for more than half of their total AWS spend. It’s best suited for businesses fully committed to AWS and in need of continuous compliance monitoring. For others, there may be more affordable options for tracking infrastructure changes.
To keep costs under control, consider limiting recording to critical resources, selecting recording modes strategically, consolidating rules to avoid redundancy, and disabling AWS Config in development accounts where configuration tracking isn’t essential.
4. Amazon CloudWatch
Amazon CloudWatch takes a metrics-driven approach to help identify resources that might be racking up costs without being actively used. By analysing usage patterns and converting raw data into near real-time metrics, it pinpoints areas like idle database tables that could be draining your budget unnecessarily.
Scope of Detection
CloudWatch is particularly effective at spotting unused database resources by monitoring detailed consumption metrics. For services like Amazon Keyspaces and DynamoDB, it tracks metrics such as ConsumedReadCapacityUnits and ConsumedWriteCapacityUnits to determine if tables are genuinely in use. If these metrics consistently show zero usage over a 30-day period, the resource is flagged as idle.
This functionality is especially useful for DynamoDB Global Secondary Indexes (GSIs), where the ConsumedReadCapacityUnits metric helps assess whether an index is being utilised. By providing this level of detail, CloudWatch enables businesses to avoid unnecessary spending on inactive resources.
| Resource Type | Key Metrics | Evaluation Period | Detection Focus |
|---|---|---|---|
| Amazon Keyspaces | ConsumedReadCapacityUnits, ConsumedWriteCapacityUnits | 30 days | Zero consumption across both metrics |
| DynamoDB Tables | ConsumedReadCapacityUnits, ConsumedWriteCapacityUnits | 30 days | Persistent zero values indicating idleness |
| DynamoDB GSIs | ConsumedReadCapacityUnits | 30 days | Unused indexes |
Automation Capabilities
One of CloudWatch’s standout features is its ability to automate responses based on changes in resource usage. The alarm system can notify teams or trigger actions when metrics fall below certain thresholds. For instance, it integrates seamlessly with AWS Lambda functions, Amazon SNS topics, and Amazon SQS queues, enabling the creation of robust remediation workflows. CloudWatch Events continuously monitor changes and can trigger alerts or automated actions, such as shutting down underused resources.
Teams can set up alarms to act when CPU utilisation remains low for an extended period. AWS Systems Manager Automation further enhances this by providing secure, scalable ways to handle these automated processes. As a best practice:
"Use alarms to trigger automated actions to remediate issues where possible. Escalate the alarm to those able to respond if automated response is not possible".
Reporting Format
CloudWatch makes it easy to identify unused resources through its real-time dashboards and clear visual reports. Teams can also use AWS CLI commands to pull specific metrics for analysis. For example, to inspect an Amazon Keyspaces table, you can run:
aws cloudwatch get-metric-statistics --metric-name ConsumedReadCapacityUnits
If the "Sum" value for this metric remains zero during the evaluation period, the resource is confirmed as unused. This near real-time data processing, combined with historical data retention, ensures thorough evaluations before making any changes to production resources. The reporting capabilities integrate seamlessly with other AWS tools, making it a valuable part of your cost-optimisation toolkit.
Suitability for UK SMBs
For UK small and medium-sized businesses (SMBs), CloudWatch offers an affordable and user-friendly way to monitor AWS resources in real time. The free tier includes 5 GB of logs, basic monitoring metrics, 10 custom metrics, 3 custom dashboards, and 10 alarm metrics. This makes it an excellent starting point for SMBs looking to optimise their AWS costs.
Even beyond the free tier, CloudWatch remains cost-effective, with low pricing for custom metrics and log data. Many UK SMBs have reported an average of 31% cost savings after adopting AWS, alongside a 43.4% drop in monthly security incidents and a 69% reduction in unplanned downtime. Additionally, the One Government Value Agreement (OGVA) between AWS and the UK government provides further cost-saving opportunities for SMBs working with public sector clients. Chris Hayman, Director of UK Public Sector at AWS, highlighted:
"This new agreement will provide a technical skills boost to those working in the public sector, allow smaller suppliers more access to government contracts by supporting a more fair and diverse marketplace, and deliver significant savings to public sector organisations".
CloudWatch’s ability to analyse metrics and identify unused resources makes it an indispensable tool for businesses aiming to streamline their AWS costs. For more tips on cost management and best practices tailored for SMBs, check out AWS resources like AWS Optimization Tips, Costs & Best Practices for Small and Medium sized businesses (https://aws.criticalcloud.ai).
5. IAM Access Analyzer
IAM Access Analyzer is designed to identify unused access permissions and overly permissive policies within your AWS environment. By doing so, it helps reduce costs and minimise potential risks. The tool operates continuously, monitoring access rights and flagging permissions that are underutilised or no longer needed.
Scope of Detection
This tool analyses IAM roles, users, keys, and passwords using "last accessed" data to detect unused access permissions. It supports service-level permissions for all AWS services and provides action-level permissions for 200 services. This means you can not only see which services remain unused but also pinpoint specific actions within those services that are not being utilised. For active IAM users and roles, the analyser uses this data to identify permissions that may no longer be necessary.
| Detection Type | Coverage | Benefit |
|---|---|---|
| Service-level permissions | All AWS services | Identifies completely unused services |
| Action-level permissions | 200 AWS services | Pinpoints specific unused actions |
| IAM roles and users | Organisation-wide | Highlights inactive user accounts and roles |
These insights provide a foundation for automating responses, as outlined below.
Automation Capabilities
Automation features make this tool particularly useful for busy UK small and medium-sized businesses (SMBs). By integrating with EventBridge and Lambda, Access Analyzer can trigger automatic remediation of access policies or apply custom archiving logic. For instance, it can add a deny statement to IAM role trust policies when unintended cross-account access is detected, while also sending notifications via SNS. Additionally, AWS Step Functions can enrich these findings, applying custom rules to either archive issues or escalate them through notifications.
Reporting Format
Once unused permissions are detected and addressed, IAM Access Analyzer organises its findings into three categories: active, resolved, and archived. This structured reporting makes it easy to prioritise issues that need immediate attention while keeping track of those already handled. Notifications include detailed information on service- and action-level permissions, allowing teams to focus on the most critical updates. Its integration with other AWS services further streamlines the process, reducing manual effort during access reviews.
Suitability for UK SMBs
IAM Access Analyzer offers a pricing model that suits the needs of UK SMBs. External access analysis and policy validation are free, providing an excellent starting point for businesses looking to optimise their AWS usage. For deeper internal analysis, the costs are manageable: £0.16 per IAM role or user per month (approximately $0.20), and £7.20 per monitored resource per region per month (about $9.00). Custom policy checks are charged based on usage.
Small businesses can keep expenses in check by leveraging the free features initially and adopting paid options as their AWS usage grows. Strategies such as consolidating analysers, using tags to exclude non-essential roles, and reviewing IAM roles and users can further help manage costs. By addressing unused permissions, businesses not only save money but also strengthen the security of their AWS environments.
Tool Comparison Table
The table below provides a side-by-side comparison of key features, helping UK SMBs determine which tool aligns best with their AWS optimisation needs. It highlights detection capabilities, automation, reporting features, and suitability for small to medium-sized businesses.
| Tool | Detection Scope | Automation Features | Reporting Options | UK SMB Suitability |
|---|---|---|---|---|
| AWS Trusted Advisor | Offers recommendations across five categories: cost optimisation, performance, security, fault tolerance, and service limits | Automated suggestions based on AWS best practices | Delivers actionable insights through structured recommendations | Excellent – Free with support plans and easy to set up |
| AWS Cost Explorer | Provides detailed insights into AWS spending and usage trends over time | Includes budget alerts and forecasting tools | Displays cost breakdowns with graphs and tables | Very Good – Free basic version; advanced features available for a fee |
| AWS Config | Monitors resource compliance and detects EC2 instances inactive for over 30 days | Automated compliance checks based on rules | Generates compliance reports and tracks configuration changes | Good – Pay-as-you-go pricing; ideal for compliance-focused needs |
| Amazon CloudWatch | Tracks AWS resources and applications in real-time with system-wide observability | Supports customisable service alerts | Features unified dashboards for metrics and alarms | Good – Easy integration with pay-as-you-go pricing |
| IAM Access Analyzer | Reviews IAM policies to ensure permissions are appropriately granted | Limited automation capabilities | Provides detailed findings on IAM policy configurations | Excellent – Focused security analysis with minimal setup required |
This table complements the detailed reviews above, showcasing the unique strengths each tool brings to AWS cost and resource optimisation.
For businesses just starting their AWS optimisation journey, AWS Trusted Advisor stands out with its broad recommendations and free access through AWS support plans. This makes it an excellent starting point for SMBs aiming to improve cost efficiency and system performance. AWS Cost Explorer, on the other hand, focuses on financial analysis, offering a mix of free and advanced paid features for those seeking deeper insights into AWS spending.
Amazon CloudWatch is a go-to tool for real-time performance monitoring, while AWS Config is better suited for businesses prioritising compliance tracking. Lastly, IAM Access Analyzer provides a straightforward way to enhance security by reviewing and refining IAM policies without requiring extensive configuration.
For UK SMBs, combining AWS Trusted Advisor and AWS Cost Explorer often delivers the best balance of functionality and affordability. This duo covers broad optimisation needs while providing detailed cost analysis, making it a practical choice for businesses looking to streamline their AWS usage without overspending.
Conclusion
A staggering 80% of SMBs struggle with managing cloud IT expenses effectively. For UK-based SMBs, five AWS tools stand out as practical solutions to tackle this challenge. By leveraging AWS Trusted Advisor for broad recommendations and pairing it with Cost Explorer for in-depth financial insights, businesses can gain a clearer picture of their cloud spending while maintaining high performance. These tools don't just highlight inefficiencies - they set the stage for smarter cost management.
Consider the potential savings: optimising AWS usage can reduce storage costs by up to 31% and deliver an impressive three-year return on investment of 264%. Real-world examples include Comply, which saved £460,000, and RallyUp, which cut its spending by 30%.
To maintain control over cloud expenses, a systematic approach is key. Start with AWS Trusted Advisor for quick, actionable insights. Then, integrate Cost Explorer for ongoing monitoring. Add CloudWatch for real-time performance tracking, AWS Config for compliance oversight, and IAM Access Analyzer to ensure robust security. Together, these tools provide a comprehensive framework for managing resources efficiently.
Beyond individual savings, AWS investments contribute significantly to the UK economy. AWS generates £8.7 billion in economic value for UK businesses, with 84% of AWS users reporting cost savings - averaging 28% compared to on-premises solutions. This underscores the broader impact of effective AWS resource management.
For more tailored guidance, check out the AWS Optimization Tips, Costs & Best Practices for Small and Medium-Sized Businesses blog by Critical Cloud. It offers expert advice on cloud architecture, security, performance, and automation, helping UK SMBs scale effectively while keeping costs in check.
FAQs
How can UK small and medium-sized businesses (SMBs) use AWS tools to cut unnecessary cloud costs?
How AWS Tools Help UK SMBs Cut Cloud Costs
AWS tools are a game-changer for UK small and medium-sized businesses (SMBs) looking to control their cloud spending. These tools make it easier to spot and manage unused or underutilised resources, like unattached storage volumes or idle instances. By either removing or optimising these overlooked assets, businesses can trim down unnecessary expenses and make their spending more efficient.
Another major perk? Many of these tools offer real-time monitoring and alerts. This means businesses can take a proactive approach to managing their cloud costs, helping them stick to their budget while getting the most out of their AWS investment.
What are the cost considerations of using AWS Config for small businesses?
AWS Config is a useful tool for keeping an eye on and managing your resources, but it can become pricey, especially for smaller businesses. The main expenses come from the number of rule evaluations and configurations, which can quickly escalate if not carefully managed. For instance, some small and medium-sized businesses might end up spending around £800 to £1,000 monthly - that’s £9,600 to £12,000 a year - based on their usage.
To keep costs under control, it’s a good idea to regularly review your configurations and turn off any rules that aren’t necessary. This approach can help you make AWS Config a more budget-friendly option for your business.
How can small and medium-sized businesses in the UK choose the right AWS tools for their needs?
How UK SMBs Can Choose the Right AWS Tools
For UK small and medium-sized businesses (SMBs), selecting the right AWS tools starts with pinpointing your specific goals. Are you looking to manage costs, improve performance, or monitor resources effectively? Identifying these priorities will help guide your decisions.
For cost management, tools like AWS Cost Explorer and AWS Budgets are excellent options. They let you track spending and set financial limits to keep budgets on track. If you're aiming to optimise performance while maintaining security, AWS Trusted Advisor offers tailored recommendations to help you cut costs, boost efficiency, and enhance security measures.
The key is to match your business's unique needs with AWS's offerings. Look for tools that align with your priorities, support best practices for cost efficiency, and are adaptable to the UK market. This way, you'll ensure the tools you choose are not only effective but also fit seamlessly into your operations.
