This case study demonstrates a comprehensive AWS infrastructure audit and optimization project for an EdTech company, resulting in $71.36 monthly cost savings (~26% reduction) through strategic resource rightsizing and infrastructure optimization.
Project Timeline: Q4 2025
Industry: Education Technology
Client: EdTech Company (Client A)
Role: AWS Solutions Consultant
- Conduct comprehensive AWS infrastructure audit
- Identify cost optimization opportunities
- Improve security posture
- Provide actionable recommendations for resource optimization
- Maintain or improve performance while reducing costs
AWS Services in Use:
- Elastic Compute Cloud (EC2)
- Simple Storage Service (S3)
- Virtual Private Cloud (VPC)
- CloudWatch
- CloudFront
- AWS Glue
- Secrets Manager
- Key Management Service (KMS)
- Simple Notification Service (SNS)
- Simple Queue Service (SQS)
- Simple Email Service (SES)
- End User Messaging
| Server Name | Instance Type | OS | Storage | Status | Region | CPU Utilization |
|---|---|---|---|---|---|---|
| Server-Beta | t2.micro | Linux/UNIX | 26 GB | Stopped | Mumbai | N/A |
| Server-Beta-New | t3.medium | Ubuntu Pro | 50 GB | Running | Mumbai | 100% |
| Server-Prod | c7i.xlarge | Ubuntu Pro | 150 GB | Running | Mumbai | 30.9% |
| Metric | Value |
|---|---|
| Active Buckets | 2 |
| Region | Mumbai |
| Total Storage | 73.9 GB |
| Object Count | 6,300 |
| Average Object Size | 12.1 MB |
- Production server (c7i.xlarge) running at only 31% CPU utilization
- Significant opportunity for instance rightsizing
- Current configuration exceeding actual workload requirements
- 1 Elastic IP address not associated with any running instance
- Stopped EC2 instance with attached EBS volume
- Unnecessary snapshot accumulation
- Instances running in public subnets
- EBS volumes not encrypted
- Long-lived access keys (916+ days)
- Missing Multi-Factor Authentication (MFA)
- Underutilized compute resources
- Unoptimized storage lifecycle policies
- Idle resource costs accumulating
Current Configuration:
- Instance: c7i.xlarge
- Monthly Cost: $135.42
- CPU Utilization: 30.9%
Recommended Configuration:
- Instance: c7i.large
- Monthly Cost: $67.71
- Savings: $67.71/month
Justification:
- Current utilization indicates over-provisioning
- c7i.large provides sufficient capacity with 50% cost reduction
- Maintains performance headroom for peak loads
- Easy rollback if additional capacity needed
Issue: 1 unassociated Elastic IP
- Cost: $3.65/month
- Action: Release unused IP or associate with active resource
- Savings: $3.65/month
Snapshot Management:
- Implement automated lifecycle policies
- Delete redundant snapshots (retain only recent)
- Consolidate multiple snapshots per volume
- Archive rarely-accessed snapshots to S3 Glacier
S3 Lifecycle Policies:
Recommended Policy:
- Standard Storage: 0-30 days
- Intelligent-Tiering: 31-90 days
- Glacier: 91-365 days
- Deep Archive: 365+ days
Expected Benefits:
- 40-60% reduction in storage costs
- Automated cost management
- Maintained data retention compliance
Actions:
- Terminate permanently stopped instances
- Delete unattached EBS volumes
- Remove old snapshots beyond retention policy
- Clean up unused security groups
Current State: Instances in public subnets Recommendation: Migrate to private subnets
Benefits:
- Reduced attack surface
- Enhanced security posture
- Compliance with AWS best practices
- Internet access through NAT Gateway only
EBS Encryption:
- Enable encryption at rest for all volumes
- Use AWS KMS for key management
- Automatic encryption for new volumes
- Migrate existing volumes to encrypted copies
Data in Transit:
- Enforce TLS/SSL for all communications
- Enable encryption for S3 buckets
- Use VPC endpoints for AWS service communication
Multi-Factor Authentication:
- Enable MFA for all IAM users
- Enforce MFA for console access
- Require MFA for sensitive operations
Access Key Rotation:
- Rotate keys older than 90 days
- Implement automated rotation policies
- Use temporary credentials (STS) where possible
- Audit and deactivate unused keys
Inactive User Management:
- Review users with no recent activity
- Deactivate accounts unused for 90+ days
- Implement least privilege access
- Regular access audits
Enable Security Services:
- AWS Trusted Advisor: Cost and security recommendations
- VPC Flow Logs: Network traffic monitoring
- AWS Shield Standard: DDoS protection
- CloudTrail: API activity logging
- GuardDuty: Threat detection
- Config: Resource compliance monitoring
| Category | Monthly Savings |
|---|---|
| EC2 Instance Rightsizing | $67.71 |
| Elastic IP Removal | $3.65 |
| Total Estimated Savings | $71.36 |
Annual Savings: ~$856.32
- ✅ Maintained application performance
- ✅ Preserved peak capacity headroom
- ✅ No user-facing degradation
- ✅ Improved resource efficiency
- ✅ Enhanced network isolation
- ✅ Data encryption implementation
- ✅ Improved access controls
- ✅ Continuous monitoring enabled
EC2 (c7i.xlarge): $135.42/month
Idle Elastic IP: $3.65/month
Storage (unoptimized): Baseline
Total Monthly Cost: ~$275.00/month
EC2 (c7i.large): $67.71/month
Elastic IP (removed): $0.00/month
Storage (optimized): -40% reduction
Total Monthly Cost: ~$203.64/month
Cost Reduction: 26% overall savings
- Rightsizing Impact: Even 50% CPU utilization indicates potential for optimization
- CloudWatch Metrics: 4-week analysis provides reliable usage patterns
- Idle Resources: Small costs ($3-5/month) compound significantly over time
- Security-First: Security improvements often align with cost optimization
- Regular CloudWatch monitoring (weekly reviews)
- Automated snapshot lifecycle management
- Quarterly infrastructure audits
- Continuous cost optimization mindset
- Security as integral part of optimization
Analysis Tools Used:
- AWS Cost Explorer
- CloudWatch Metrics
- AWS Trusted Advisor
- Manual configuration reviews
Evaluation Criteria:
- CPU/Memory utilization (4-week average)
- Cost per service breakdown
- Security compliance assessment
- Resource utilization patterns
- CloudWatch metrics analysis
- Cost Explorer review
- Unused resource identification
- Security posture assessment
- Comprehensive infrastructure audit
- Reserved Instance optimization
- Savings Plans evaluation
- Architecture review
- CloudWatch alarms configured
- Budget alerts active
- Cost anomaly detection enabled
- Security notifications subscribed
- ROI: Cost savings pay for optimization effort in first month
- Scalability: Established framework for future optimization
- Predictability: Better cost forecasting and budgeting
- Performance: Maintained SLAs while reducing costs
- Security: Enhanced compliance and risk reduction
- Efficiency: Automated monitoring and management
- Documentation: Comprehensive infrastructure understanding
- Knowledge Transfer: Clear recommendations and rationale
- Future Planning: Baseline for growth projections
- ✅ Release unused Elastic IP
- ✅ Delete unnecessary snapshots
- ✅ Enable CloudWatch detailed monitoring
- ✅ Document current state
- ✅ Test c7i.large in non-production
- ✅ Monitor performance metrics
- ✅ Migrate production workload
- ✅ Validate performance
- ✅ Enable MFA for all users
- ✅ Rotate old access keys
- ✅ Enable EBS encryption
- ✅ Configure VPC Flow Logs
- ✅ Implement S3 lifecycle policies
- ✅ Automate snapshot management
- ✅ Regular cost reviews
- ✅ Continuous monitoring
Performance Degradation:
- Mitigation: 4-week usage analysis before rightsizing
- Rollback plan: Easy instance type upgrade if needed
- Monitoring: Real-time CloudWatch alarms
Service Disruption:
- Mitigation: Changes during maintenance windows
- Testing: Staging environment validation
- Communication: Stakeholder notifications
Cost Increase:
- Mitigation: Detailed cost projections
- Monitoring: Daily cost tracking during transition
- Validation: Week 1 cost comparison
- AWS Well-Architected Framework - Cost Optimization
- EC2 Instance Types
- AWS Cost Optimization Best Practices
- AWS Cost Explorer
- AWS CloudWatch
- AWS Trusted Advisor
- AWS Compute Optimizer
This is a real-world case study. If you have similar experiences or suggestions for improvement, feel free to open an issue or submit a pull request.
Abhishek Pandey
Cloud Solutions Professional | AWS Pre-Sales Engineer
- Email: abhishek071700@gmail.com
- LinkedIn: linkedin.com/in/abhishek-pandey-045241316
- GitHub: github.com/abhishek071700
This project is licensed under the MIT License - see the LICENSE file for details.
This case study represents real-world optimization work conducted during my role as an AWS Solutions Consultant. All sensitive information has been anonymized to protect client confidentiality.
Tags: aws cost-optimization case-study cloud-architecture finops infrastructure ec2 real-world-project
"Cost optimization isn't just about reducing spend—it's about maximizing value. Every dollar saved can be reinvested in innovation and growth."