Start a conversation Sign in
Start a conversation
  1. CloudFix Support
  2. CloudFix - Savings on Resources
  3. Amazon EC2

EC2 High Network Cost Analysis

Opportunity Name

EC2 High Network Cost

AWS Resource Type

Amazon EC2 (Compute Instance + Data Transfer)

Opportunity Description

This Finder identifies EC2 instances where network transfer costs are unusually high relative to compute costs. In well-optimized environments, network costs are often a modest percentage of instance cost (for example, 10–20%). When network costs approach or exceed the instance’s compute cost, it can indicate architectural inefficiencies such as:

  • Excessive cross-AZ traffic (InterZone)

  • Significant internet egress (DataTransfer-Out)

  • Cross-region transfer (DataTransfer-Regional)

  • Missing VPC endpoints causing AWS service traffic to traverse the public internet

  • Inefficient data processing patterns (data pulled across boundaries rather than processed near the data)

Because the correct remediation depends on workload requirements (availability, latency, throughput, compliance), this is an analysis-only opportunity intended to drive investigation and architectural review.

Criteria for Identifying the Opportunity

An EC2 instance is identified when all of the following are true:

  • CUR data shows EC2 compute costs for the instance (product_product_family = 'Compute Instance')

  • CUR data shows EC2 data transfer costs associated with the instance (product_product_family = 'Data Transfer')

  • The computed ratio network_cost / instance_cost exceeds a configurable threshold

    • Default: 1.0 (100%) meaning network cost ≥ compute cost

  • The instance meets minimum cost thresholds to reduce noise

    • Default minimum annual instance cost: $100/year (or equivalent threshold used in implementation)

  • The instance is not excluded via cloudfix:dont-fix-it

  • The instance is not part of managed groups that require different handling (ASG, EKS, EMR) per scope rules

Potential Savings (If Known)

This is an analysis finder, so savings are estimated rather than guaranteed.

CloudFix estimates potential savings by applying a conservative configurable reduction percentage to the network cost:

  • Default estimated savings rate: 50% of network cost

  • Estimated annual savings:
    annual_network_cost × estimatedNetworkSavingsPercentage

Actual savings depend on the investigation outcome and which optimizations are feasible.

What Happens When the Fixer Is Executed?

There is no automatic Fixer for this opportunity.

CloudFix provides a recommendation and detailed cost breakdown to guide investigation. Any remediation requires customer-led architectural and configuration changes.

Is It Possible to Roll Back Once CloudFix Implements the Recommendation?

Yes.

Since changes are manual and architecture-dependent, rollback is also manual and depends on what was changed (for example, reverting AZ placement changes, removing/adjusting VPC endpoints, or restoring previous routing/data patterns).

Can CloudFix Implement the Fix Automatically Once I Accept the Recommendation?

No.

This is a Finder-only opportunity. Network optimizations are not safe to automate because they can affect availability, latency, and application behavior.

Does This Fix Require Downtime?

CloudFix discovery requires no downtime.

Remediation may or may not require downtime depending on the optimization approach (for example, moving stateful workloads across AZs, redesigning data pipelines, or changing routing). The recommendation is designed to prompt investigation before changes are made.

Additional Resources

Investigation Guidance Included in the Recommendation

CloudFix reports:

  • Annualized compute cost vs annualized network cost per instance

  • Network-to-instance cost ratio

  • Network transfer cost breakdown where available:

    • Internet egress (DataTransfer-Out)

    • Cross-region (DataTransfer-Regional)

    • Cross-AZ (InterZone)

    • AWS service egress patterns (AWS-Out, where present)

Suggested investigation paths (based on dominant cost type):

  • High Internet Egress: evaluate VPC endpoints (S3/DynamoDB gateway endpoints; interface endpoints for other services), routing, NAT usage, and whether traffic can remain private

  • High Cross-AZ: identify chatty dependencies in different AZs, consider AZ-local placement or caching patterns (balanced against HA requirements)

  • High Cross-Region: validate whether cross-region data movement is necessary, or whether processing can be regionalized

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Bill Gleeson

  2. Posted

Comments