Cloud Waste Hunter
AWS EC2 Compute

Underused EC2 instances cost

Running EC2 instances whose average CPU stays at or below 5% across the last 14 days or the shorter period since launch, provided CloudWatch returns at least three datapoints.

This detector sits inside the AWS Idle and Underused Resources category guide for broader cleanup planning.

Join Early Access Back to detector library

Potential savings

$20 to $900 / month

$240 to $10,800 / year

Detector ID
aws-ec2-underused-instances
Full detector name
Underused EC2 instances
Service
EC2
Category
Compute
Published
Mar 23, 2026
Updated
Apr 9, 2026

The problem

EC2 waste is not always an obviously idle instance. Teams often keep compute online after traffic drops, services shrink, or rollback caution leaves an oversized instance running around the clock with little useful work.

Why it happens

  • Environments are sized for launch or peak traffic and never revisited.
  • Teams stop using a service but leave the instance running for convenience or caution.
  • Always-on instances absorb workloads that could have moved to schedules, autoscaling, or smaller families.

What this means for cost

Estimated monthly

$20 to $900/mo

Estimated annual

$240 to $10,800/yr

This waste pattern often shows up as $20 to $900/mo in recurring monthly cost, or roughly $240 to $10,800/yr if it sits untouched for a year.

How to detect underused EC2 instances

The best signal is a running EC2 instance whose CPU stays consistently low for long enough to suggest steady overprovisioning rather than a brief quiet period.

Cloud Waste Hunter flags running EC2 instances whose average CPUUtilization stays at or below 5% across the last 14 days, or across the shorter period since launch. The implementation also requires at least three metric datapoints so a brief metrics gap does not create noise.

That means this page is about sustained low CPU, not full workload profiling. The detector is strongest when you want to find obvious overprovisioning and forgotten compute that still runs every day.

Start by listing running instances:

aws ec2 describe-instances \
  --filters Name=instance-state-name,Values=running \
  --query 'Reservations[].Instances[].{InstanceId:InstanceId,InstanceType:InstanceType,LaunchTime:LaunchTime,Tags:Tags}'

Then inspect CPU over the same review window the detector uses:

aws cloudwatch get-metric-statistics \
  --namespace AWS/EC2 \
  --metric-name CPUUtilization \
  --dimensions Name=InstanceId,Value=i-0123456789abcdef0 \
  --start-time 2026-03-09T00:00:00Z \
  --end-time 2026-03-23T00:00:00Z \
  --period 300 \
  --statistics Average

Look first for old instances with consistently tiny averages, no clear owner, and no obvious schedule requirement. Those are the best rightsizing or shutdown candidates.

Likely false positives and caveats

Low CPU is useful, but it is not the whole workload. Memory-bound databases, queue workers waiting for burst traffic, and maintenance hosts can all look quiet in CPU metrics while still serving a purpose.

That is why this detector is best used as a review queue. If you want infrastructure that is clearly stale rather than merely oversized, compare it with Idle Load Balancers and Idle RDS instances, which look for different kinds of weak activity.

How to fix underused EC2 instances

The safest cleanup path is:

  1. Confirm workload ownership, maintenance windows, and rollback expectations.
  2. Decide whether the instance should be stopped, scheduled, or resized.
  3. Snapshot or verify attached data paths before major changes if the instance still carries unique state.
aws ec2 stop-instances --instance-ids i-0123456789abcdef0
aws ec2 modify-instance-attribute \
  --instance-id i-0123456789abcdef0 \
  --instance-type '{"Value":"t3.small"}'
aws ec2 start-instances --instance-ids i-0123456789abcdef0

How this differs from nearby AWS idle detectors

Idle NAT Gateways focuses on low-traffic network egress cost once that detector page is spec-backed and publish-ready. Idle Load Balancers looks for load balancers with no recent traffic or no targets. This detector is narrower: it only asks whether a running EC2 instance has stayed at very low CPU for long enough to justify a rightsizing review.

How Cloud Waste Hunter helps

Cloud Waste Hunter can turn low-CPU EC2 metrics into a practical compute review list with region, instance type, estimated savings, and enough context to decide whether to stop, schedule, or rightsize safely. For adjacent infrastructure cleanup, review the AWS Idle and Underused Resources guide.

FAQ

Is low CPU enough to shut down an EC2 instance?

No. Low CPU is a strong review signal, not automatic delete evidence. Some workloads are memory-bound, bursty, or held online for infrequent operational jobs.

Why can new instances still appear?

The detector looks from launch time if an instance is newer than the full 14-day window. Fresh instances with low CPU are still worth reviewing, but they are treated more conservatively.

Does this detector recommend stopping or rightsizing?

Either can be valid. If the workload is rarely needed, stopping or scheduling it may be best. If the workload is real but oversized, rightsizing is the better fix.

Related Detectors

Related detectors

These detectors cover similar resource families or cost behaviors and make good follow-on reviews during cleanup.

AWS NAT Gateway

Idle NAT gateway cost

Idle NAT gateway cost shows up when a public NAT Gateway stays online long enough to incur its fixed hourly charge but CloudWatch shows no recent bytes or connection attempts. This usually happens after non-prod environments quiet down, route-table cleanup stalls, or production-style egress is copied into a VPC that no longer needs it.

Potential savings

$32 to $65 / month

$384 to $780 / year

nat gatewayegressfixed cost

Detector ID

aws-nat-gateway-idle

View detector →