April 4, 2026 · Tim Fraser, Cloud Operations Lead

How to Find Unused EC2 Instances Costing You Money

Somewhere in your AWS account, there are EC2 instances running right now that nobody is using. A staging server from a project that ended three months ago. A "test" instance someone spun up and forgot. A database server that was replaced but never terminated.

This isn't unusual. In most AWS accounts we've seen, 15-30% of EC2 spend is waste — instances that could be stopped or terminated with zero impact.

Here's how to find them.

Method 1: Check CloudWatch CPU utilisation

The fastest way to spot idle instances is CPU usage. Go to CloudWatch → Metrics → EC2 → Per-Instance Metrics and look at CPUUtilization over the past 2 weeks.

Any instance consistently below 5% CPU is a candidate for investigation. It might be:

• Completely unused (terminate it)
• Oversized for its workload (downsize it)
• Doing periodic batch work (consider a schedule to stop/start it)

Method 2: Check network traffic

Some instances do very little CPU work but handle network traffic (proxies, NAT instances). Check NetworkIn and NetworkOut metrics alongside CPU. If both CPU and network are near-zero for 2+ weeks, the instance is almost certainly unused.

Method 3: Look at instance launch dates and names

Go to EC2 → Instances and sort by launch time. Instances launched months ago with names like test, temp, staging-old, backup, or DO-NOT-DELETE are prime suspects.

Also check for instances without a Name tag at all — these are often created quickly during debugging and never cleaned up.

Method 4: Check for unattached EBS volumes

When someone terminates an instance but the volumes were set to "persist after termination," the volumes stick around — and you keep paying for them. Go to EC2 → Volumes and filter by status available. These volumes aren't attached to anything.

Common finding: 500GB of gp3 volumes sitting unused at $40/mo each.

Method 5: Check Elastic IPs

Go to EC2 → Elastic IPs. Since February 2024, AWS charges $3.65/mo for every Elastic IP — whether it's attached to an instance or not. Unattached Elastic IPs are pure waste.

Method 6: Check stopped instances with attached volumes

Stopped instances don't incur compute charges, but their EBS volumes still cost money. If an instance has been stopped for weeks, the volumes are just burning money. Either terminate the instance (take a snapshot first if you're nervous) or detach the volumes.

What to do with what you find

Before terminating anything:

• Check who launched it — look at CloudTrail for the RunInstances event. If you can identify the person, ask them.
• Check if anything connects to it — look at the security group. Are other services sending traffic to this instance?
• Stop before you terminate — if you're unsure, stop the instance for a week. If nobody complains, it's safe to terminate.
• Snapshot the volumes — before terminating, create EBS snapshots. Snapshots cost a fraction of live volumes and give you a safety net.

The problem with one-time audits

The issue isn't finding waste today — it's the waste that accumulates next week, next month, and the month after. Developers will always need to spin up test instances. Projects will always end without perfect cleanup. That's normal.

The question is: how quickly do you catch it?

plainfra solves this in two ways.

> "Which EC2 instances have low utilisation?"

plainfra checks CloudWatch metrics, network traffic, instance ages, and tagging across every instance in your account. You get a prioritised list with monthly cost estimates in seconds.

You don't need to remember to check. You don't need to log into the console. The report lands in your inbox every Monday and tells you exactly what to look at. Across all your accounts, not just one.

That dev database someone left running on Thursday? It shows up in Monday's report with a dollar figure attached. Not in next month's bill.