Cost

Right-size EC2 instance

Match instance types to actual workload — stop overpaying for unused capacity.

15 min·10 sections·AWS

Last reviewed 28 May 2026

Right-sizing: the basics

What does it mean to right-size an EC2 instance?

Right-sizing is the practice of matching an EC2 instance's family, generation, and size to what the workload running on it actually consumes — CPU, memory, network, and storage IOPS. Most fleets drift the other way: instances are picked once, often deliberately oversized for headroom or as a copy-paste from another environment, and then quietly run that way for years.

An oversized instance burns money on capacity nobody is using. A 4xlarge holding a workload that peaks at 12% CPU and 25% memory is paying roughly four times what it should — and the bill compounds across every replica, every region, every month. Reserved Instances and Savings Plans don't fix it; they just lock you into the wrong shape for one to three years.

An undersized instance is the opposite trap: latency spikes, p99s break SLOs, autoscaling thrashes, and the workload becomes unstable in ways that look like "the app is slow" instead of "we picked the wrong instance." Both directions cost money — one in wasted spend, the other in incidents and engineering hours.

In this lesson you'll learn how to spot oversized and undersized EC2 instances, what utilisation signals actually matter, and how to safely move a running workload to a smaller (or differently-shaped) instance type. You'll see real CloudWatch metrics, a Compute Optimizer recommendation, and the exact AWS CLI calls to apply the change with zero customer impact.

Fun fact

The CPU credit cliff

Burstable instances (t2/t3/t4g) earn CPU credits while idle and spend them under load. Teams often "right-size" a steady-state workload onto a t3.large, see it run fine for a few weeks, and then watch performance fall off a cliff once accrued CPU credits run out. The instance is the right size on paper but the wrong family — t-types are for spiky workloads, not steady ones. Compute Optimizer's recommendation engine accounts for this; eyeballing average CPU does not.

Right-sizing in action

Sara runs the platform team at a media company. A finance review flags that one of their EKS node groups is responsible for $14k of monthly spend — six m5.4xlarge instances behind a queue worker.

She pulls 14 days of CloudWatch metrics for one of the instances. CPU is averaging 11% with brief spikes to 28%. Memory utilisation (via the CloudWatch agent) sits around 22%. Network throughput is comfortable at 100 Mbps against a 10 Gbps ceiling.

She cross-checks against Compute Optimizer, which has been observing the workload for two weeks and is confidently recommending m5.xlarge — a 4× drop. Projected monthly savings: roughly $10.5k across the six nodes.

First, pull the CPU utilisation distribution to confirm the signal isn't dominated by short bursts.

$ aws cloudwatch get-metric-statistics --namespace AWS/EC2 --metric-name CPUUtilization --dimensions Name=InstanceId,Value=i-0abc123def456 --start-time $(date -u -d '14 days ago' +%FT%TZ) --end-time $(date -u +%FT%TZ) --period 3600 --statistics Average Maximum p99

{

"Datapoints": [

{ "Timestamp": "2026-04-30T08:00:00Z", "Average": 11.4, "Maximum": 28.1, "p99": 19.7, "Unit": "Percent" },

{ "Timestamp": "2026-05-01T08:00:00Z", "Average": 12.1, "Maximum": 31.6, "p99": 21.2, "Unit": "Percent" },

{ "Timestamp": "2026-05-02T08:00:00Z", "Average": 10.9, "Maximum": 26.4, "p99": 18.3, "Unit": "Percent" }

]

}

# Mean ~11%, p99 well below 25% — clear oversize signal.

14-day hourly utilisation for one of the m5.4xlarge nodes.

Now ask Compute Optimizer for its recommendation. It's already analysed this instance against known workload patterns.

$ aws compute-optimizer get-ec2-instance-recommendations --instance-arns arn:aws:ec2:eu-west-1:123456789012:instance/i-0abc123def456 --query 'instanceRecommendations[0].recommendationOptions[0]'

{

"instanceType": "m5.large",

"performanceRisk": 1.0,

"projectedUtilizationMetrics": [

{ "name": "CPU", "statistic": "Maximum", "value": 41.2 },

{ "name": "Memory", "statistic": "Maximum", "value": 58.7 }

"savingsOpportunity": { "savingsOpportunityPercentage": 75.0, "estimatedMonthlySavings": { "value": 1751.04, "currency": "USD" } }

}

# performanceRisk 1.0 = LOW — projected headroom is comfortable.

Compute Optimizer's projection on m5.large for the same workload.

Right-sizing under the hooddeep dive

EC2 pricing is roughly linear in vCPU and memory within a generation: an m5.4xlarge costs about 4× an m5.xlarge for 4× the vCPUs and 4× the RAM. Drop a tier and the bill drops the same proportion immediately — there's no weird amortisation, no Reserved Instance penalty (RIs apply to instance families, not specific sizes within a family in most cases), and the new rate applies once the replacement or resized instance is running; billing is metered according to the relevant EC2 billing increment, commonly per-second with a 60-second minimum for supported platforms.

The risky part isn't the price math — it's the change itself. EBS-backed instances need to be stopped to change type, which means a brief outage for a single-instance workload. For ASG/EKS-managed nodes, the safer path is to update the launch template and let the autoscaler roll the fleet, draining one node at a time. For RDS the equivalent operation is ModifyDBInstance with --apply-immediately false so the change waits for the next maintenance window.

Compute Optimizer learns from 14 days of CloudWatch data by default; you can extend this to 93 days for steadier signal. It also flags performanceRisk from 1 (low) to 4 (high) — anything above 2 deserves a closer look at the underlying workload pattern (steady? spiky? memory-bound? burst-credit-dependent?) before applying.

# Update the EKS node-group launch template to the recommended type.
aws ec2 create-launch-template-version \
  --launch-template-id lt-0abc123def456 \
  --source-version '$Latest' \
  --launch-template-data '{"InstanceType":"m5.large"}'

aws ec2 modify-launch-template \
  --launch-template-id lt-0abc123def456 \
  --default-version '$Latest'

# Trigger a rolling replacement at the autoscaling layer.
aws eks update-nodegroup-version \
  --cluster-name prod \
  --nodegroup-name workers \
  --force-update

What is the impact of running oversized instances?

The most visible impact is the bill. A 4× oversized instance is paying for compute it doesn't need every hour, every day, for the entire life of the workload. Across a fleet of even a few hundred nodes this is hundreds of thousands of dollars a year disappearing into idle vCPUs.

The second-order impact is harder to see but at least as expensive: oversized instances mask architectural problems. A workload that should have been profiled, made concurrent, or moved off a single-threaded runtime instead just gets bigger boxes thrown at it. By the time someone runs the numbers, the team has built two years of muscle memory around "add nodes when it slows down" — and the actual fix is a much bigger refactor than it would have been early on.

On the FinOps side, oversized fleets distort Reserved Instance and Savings Plan commitments. You sign a one-year RI for the wrong size, the workload gets right-sized later, and now the RI is partly stranded — paying for a size you no longer run. Right-sizing should always come before committing, not after.

Undersized instances cost money differently — incidents, p99 alerts, autoscaling churn, customer-visible latency. The bill might look better but the engineering hours and SLO breach risk usually swamp the savings.

How do you right-size safely?

Right-sizing is a four-step loop that runs continuously as workloads evolve. Each step is cheap; the real cost is skipping any of them.

1. Instrument utilisation honestly

Default CloudWatch only ships CPU, network, and disk — memory and disk IO require the CloudWatch agent. Without memory data you'll right-size purely on CPU and end up with OOMs in production. Install the agent on every fleet, ship at 1-minute resolution for at least your top-spend 20% of instances, and store at least 14 days for the recommendation engines to chew on.

2. Use Compute Optimizer (or equivalent)

Compute Optimizer is free and accurate enough for the vast majority of decisions — it accounts for burst credits, projected headroom, and family changes (e.g. m5 → c5 if you're CPU-bound, m5 → r5 if memory-bound). Trust its LOW performance-risk recommendations; eyeball the MEDIUM+ ones before applying.

3. Apply changes via launch templates, not by hand

Never rely on a console click to change an instance type — it doesn't survive an ASG replacement. Update the launch template and let the autoscaler roll. For stateful workloads (RDS, ElastiCache, single-instance EC2) schedule the change for a maintenance window with a documented rollback path.

4. Re-evaluate at least quarterly

Workloads drift. A right-sized instance today is oversized in three months because a feature shipped that reduced traffic, or undersized because a campaign tripled it. Treat right-sizing as a continuous process — Compute Optimizer recommendations as a Slack/email digest, with a standing 30-min review on the FinOps cadence.

# Apply Compute Optimizer's recommendation across every instance with a LOW perf-risk option.
aws compute-optimizer get-ec2-instance-recommendations \
  --filters name=Finding,values=Overprovisioned \
  --query 'instanceRecommendations[?recommendationOptions[0].performanceRisk==`1.0`]' \
  > overprovisioned.json

# Pipe through your change-management tooling — never apply blindly.

Quick quiz

Question 1 of 5

You see an m5.4xlarge averaging 11% CPU and 22% memory over 14 days. Compute Optimizer recommends m5.large with performanceRisk = 1.0. What's the right next move?

Keep learning

Dig deeper into right-sizing strategy and the AWS tooling around it.

You've completed Right-size EC2 instance. You now know how to read utilisation honestly, when to trust Compute Optimizer, and how to apply a size change without taking customer-visible downtime. The next time a finance review flags a high-spend node group, you'll have a four-step loop ready to run.

Back to the library

Right-sizing: what it means for unit economics and the bill

How idle vCPUs translate into measurable, recoverable waste

EC2 pricing is proportional to size: an m5.4xlarge costs almost exactly 4× an m5.xlarge for 4× the vCPUs and 4× the RAM. When a workload only uses 10–15% of that capacity, the team is paying for three or more virtual machines that sit idle every hour. Multiply that across a fleet of dozens or hundreds of instances and the waste can reach six figures annually — without a single failed service or missed SLA.

Right-sizing is the FinOps practice of matching the purchased instance size to measured utilisation. The inputs are CloudWatch CPU and memory metrics, at least two weeks of history, and a recommendation from Compute Optimizer or an equivalent tool. The output is a specific, data-backed change: drop from m5.4xlarge to m5.xlarge, save 75% on those instances, with the tool's projected headroom confirming the workload still fits.

This is one of the highest-return cost optimisation actions available because the savings are immediate and recurring — there's no amortisation lag, no contract to renegotiate, no dependency on a vendor discount. A right-sized fleet also improves the economics of Reserved Instances and Savings Plans: you only commit to the correct shape, so commitments stay fully utilised rather than stranding capacity you no longer need.

This lesson is for the finance partner who sees a large EC2 line on the cloud bill and wants to understand whether the instances behind it are the right size. It covers which utilisation signals to ask for (CPU, memory, at least 14-day of data, Compute Optimizer's output), how to calculate the dollar saving for a given right-sizing move, why right-sizing should always precede committing to Reserved Instances or Savings Plans, and how to build a quarterly review cadence that prevents the fleet from drifting oversized again. No CLI knowledge required.

Fun fact

The CPU credit cliff

How a finance partner drives a right-sizing decision

At the monthly cloud spend review, Jordan notices that three engineering teams collectively account for $180k of annual EC2 spend with no right-sizing review in the past year. Rather than flag a generic "reduce compute" action, Jordan asks each team for two data points: average CPU utilisation over the last 14 days, and whether Compute Optimizer has been enabled and reviewed.

The largest team comes back with 9–14% average CPU across their fleet of m5.2xlarge nodes and a Compute Optimizer export showing LOW-risk recommendations to drop to m5.large across 18 instances — a 50% reduction per instance. Jordan works the math: $6,200/month savings, $74k annually, with a one-time engineering effort of roughly a sprint to update launch templates and roll the fleet.

Jordan's contribution is framing the ROI clearly: 12:1 return in year one, annualised savings that outrun the next three planned Savings Plan commitments combined, and a quarterly review cadence baked into the FinOps calendar to catch drift before it compounds. The recommendation goes to leadership as a funded line, not an open-ended "we should investigate."

The dollar mechanics of fleet oversize

Oversized EC2 instances create a specific type of waste: the cost is fully incurred whether or not the capacity is used. Unlike variable-cost services, a running instance charges the same hourly rate at 5% utilisation as at 95%. A 4× oversized m5.4xlarge fleet of twenty nodes is paying for fifteen nodes of ghost capacity — compute that is provisioned, billed, and idle every hour of every day.

The compounding effect is what makes this a budget issue rather than a line-item rounding error. A single m5.4xlarge in us-east-1 costs roughly $550/month on-demand.A fleet of twenty m5.4xlarge instances in us-east-1 costs roughly $11k/month on-demand. If the workload can safely move to a 4× smaller size, about 75% of that instance spend — roughly $8k/month — becomes recoverable before any RI or Savings Plan commitment is applied. Multiply this across multiple teams and the aggregate is typically 20–30% of total EC2 spend.

The RI/Savings Plan interaction makes oversize specifically expensive to fix later. Commitments purchased against oversized instances are partly stranded the moment the fleet is right-sized: you have a 1-year RI for an m5.4xlarge you no longer run, which now converts to on-demand credit at a discount or sits partially unused. The clean order is right-size first, then commit — and the finance contribution is to hold that sequencing as a standing rule in the commit approval process.

On the chargeback side, oversized fleets inflate the per-unit cost of every team using shared infrastructure. Right-sizing is one of the fastest ways to improve showback accuracy — if a team is charged for 75% idle capacity, their chargeback overstates their real compute consumption and makes cross-team benchmarking meaningless.

How finance operationalises right-sizing

Finance doesn't run the CLI, but it owns the cadence and the guardrails that prevent right-sized fleets from drifting oversized again. Four levers, used on the standard FinOps review cycle.

1. Make right-sizing a gate before any new commitment

Require that the engineering team pull a Compute Optimizer export and remediate LOW-risk findings before any Reserved Instance or Savings Plan purchase is approved. This enforces the correct sequencing — right-size first, commit second — and prevents the organisation from locking in waste at a discount. A simple pre-approval checklist item is enough.

2. Track recoverable spend as a standing metric

Put the Compute Optimizer aggregate savings estimate — total recoverable monthly spend across LOW-risk findings — on the FinOps dashboard alongside actual spend. A rising recoverable number is an early signal that the fleet is drifting, not a post-hoc finding. At the quarterly review the question is: "what is the recoverable number and what is the plan to address it?"

3. Require cost-tagging to make chargeback meaningful

Right-sizing savings are only attributable to the right team if instances are tagged by owner, application, and environment. Push for consistent tagging as part of the right-sizing programme — it makes unit-cost benchmarking credible (cost per workload, not cost per account) and gives engineering teams visibility into their own waste before finance has to surface it.

4. Set a quarterly review cadence with a standard output

A standing 30-minute right-sizing review every quarter — with Compute Optimizer export, dollar estimate, and change plan as the standard deliverable — is cheaper than a single post-overage investigation. The finance contribution is to own the calendar invite and the template, so the review actually happens rather than being perpetually deferred.

Quick quiz

Question 1 of 5

A team is requesting approval for a 1-year Reserved Instance on a fleet of m5.4xlarge instances. Compute Optimizer shows LOW-risk recommendations to drop to m5.large across the entire fleet, saving an estimated $8,400/month. What's the right finance response?

Keep learning

Dig deeper into right-sizing strategy and the AWS tooling around it.

You've finished the finance partner's view of EC2 right-sizing. You know the dollar mechanics — EC2 pricing is linear in size, oversize waste is fully incurred whether or not capacity is used, and the RI/commit sequencing rule (right-size first, commit second) is the single highest-leverage guardrail finance can own. You have four operational levers: pre-commit right-sizing gate, recoverable-spend as a standing metric, tagging for meaningful chargeback, and a quarterly review cadence with a named owner. The next time a RI approval lands on your desk, you'll know the first question to ask.

Back to the library

Right-sizing: the governance angle

Structural waste that builds up when instance choices are never reviewed

Cloud infrastructure is provisioned once and rarely revisited. Engineers pick an instance size for launch day headroom, the workload stabilises at a fraction of that capacity, and the cost quietly compounds at the wrong size for months or years. Right-sizing is the practice of periodically measuring what the workload actually uses and adjusting the instance to match.

The consequence of not doing this is structural overspend — not a single high-cost incident, but a persistent and growing gap between what is being paid and what is being consumed. Across a mid-size cloud footprint, this can easily represent 20–40% of EC2 spend going to idle capacity. Reserved Instances and Savings Plans can reduce the rate, but they do not remove the underlying waste. If commitments are made before right-sizing, the organisation may lock in spend against an oversized baseline.

The leadership question is whether right-sizing is a recurring, governed process or an occasional, reactive one. Organisations that treat it as a standing quarterly review — with Compute Optimizer recommendations reviewed and acted on by default — capture the savings continuously. Those that treat it as a one-off project re-accumulate waste within a few deployment cycles.

A short read for the executive who wants to understand where EC2 waste comes from and whether the organisation is managing it systematically. You'll get the plain-English version of why instance sizes drift over time, what a well-governed right-sizing process looks like, and the one question to ask at the quarterly review to confirm the team is capturing the opportunity rather than letting it compound. No technical implementation detail.

Fun fact

The CPU credit cliff

What it looks like when the organisation treats right-sizing as a process

At one company, the VP of Engineering used to get a one-line answer to "are our EC2 costs optimised?": "we think so." After the FinOps team instituted a quarterly right-sizing review — Compute Optimizer recommendations reviewed, actioned, and documented by default — the answer changed to a dashboard: $X recovered last quarter, Y instances resized, fleet average utilisation at Z%.

The VP's insight wasn't that the numbers were impressive. It was that right-sizing had become a routine rather than a reaction. The team was no longer scrambling to find savings after a budget overage; they were systematically returning capacity to the pool before it showed up on a quarterly report as a problem.

That's the right end state: not a one-time project that recovers savings and drifts again, but a standing process — Compute Optimizer as a feed, a 30-minute review every quarter, and launch templates updated before commitments are signed. Right-sizing as organisational muscle memory, not a heroic effort.

Why oversized instances are a governance problem, not just an engineering one

Oversized EC2 fleets are the cloud equivalent of leased office space that's never fully occupied: the cost is fixed and fully committed, but a large fraction of the capacity sits idle. Unlike a lease, cloud compute can be right-sized in a matter of hours — so persistent oversize is evidence of a process gap, not a technical constraint.

The governance issue is that instance size decisions are usually made at launch and rarely revisited. Engineering teams optimise for performance headroom and operational simplicity; finance teams optimise for cost. Without a shared, recurring process that surfaces utilisation data and ties it to a spend decision, instance sizes drift in one direction only: up. Bigger is always safe; smaller requires evidence and approval.

The second-order cost is distorted commitments. Reserved Instances and Savings Plans — the organisation's primary mechanisms for getting cloud discounts — work best when applied to a right-sized baseline. Committing to the wrong instance size effectively locks in the waste at a discount, making it more expensive to correct later than to catch now.

The fix is organisational: make right-sizing a standing quarterly review with a clear owner, a standard output (Compute Optimizer export, savings estimate, change plan), and finance sign-off on commit sequencing. That converts right-sizing from a heroic one-time effort into a continuous process with predictable returns.

The leadership levers on right-sizing

Sustained right-sizing requires two things that only leadership can provide: a process mandate and a sequencing rule for commitments. Without those, engineering teams optimise locally and the fleet drifts.

1. Make right-sizing a named process with an owner

Designate a FinOps owner responsible for the quarterly right-sizing review. An unowned process runs once and stops. An owned one generates a standing output — recoverable spend, change plan, savings captured — that leadership can ask about at any review and that engineering knows will be surfaced.

2. Require right-sizing before commitment approval

Set a policy: no Reserved Instance or Savings Plan purchase is approved until Compute Optimizer's LOW-risk findings for that scope are cleared. This single rule changes the incentive structure — it's now in engineering's interest to right-size proactively rather than waiting for a finance review, because commitment approval depends on it.

3. Accept that some oversize is intentional

Not every oversized instance is waste. Critical, latency-sensitive, or stateful workloads may have deliberate headroom built in for burst capacity or operational simplicity. The goal isn't zero oversize — it's that every exception is a recorded, reviewed decision rather than an unexamined default.

4. Ask for the trend at the quarterly review

The one-line executive signal is the recoverable-spend trend: is it stable, falling, or growing? Falling means the process is working. Growing means the review cadence or the change process is broken. Leadership doesn't need the technical detail — just the direction and the accountable owner.

Quick quiz

Question 1 of 5

The FinOps team reports that the quarterly right-sizing review recovered $120k in annualised EC2 savings last quarter — but the recoverable-spend metric from Compute Optimizer has grown by $40k since then. What's the right read?

Keep learning

Dig deeper into right-sizing strategy and the AWS tooling around it.

That's the lesson. Two takeaways: EC2 oversize is structural waste that compounds silently until someone builds a process to address it continuously, and the two leadership moves that make that process stick are naming an owner and requiring right-sizing before any commitment is approved. The signal to watch at the quarterly review is the recoverable-spend trend — falling means the process is working, growing means it isn't. The goal is not technical ownership; it is governance ownership.

Back to the library

Part of the learning path Right-size your compute

Right-size EC2 instance

Right-sizing: the basics

The CPU credit cliff

Right-sizing in action

Right-sizing under the hooddeep dive

What is the impact of running oversized instances?

How do you right-size safely?

1. Instrument utilisation honestly

2. Use Compute Optimizer (or equivalent)

3. Apply changes via launch templates, not by hand

4. Re-evaluate at least quarterly

Quick quiz

Keep learning

Right-sizing: what it means for unit economics and the bill

The CPU credit cliff

How a finance partner drives a right-sizing decision

The dollar mechanics of fleet oversize

How finance operationalises right-sizing

1. Make right-sizing a gate before any new commitment

2. Track recoverable spend as a standing metric

3. Require cost-tagging to make chargeback meaningful

4. Set a quarterly review cadence with a standard output

Quick quiz

Keep learning

Right-sizing: the governance angle

The CPU credit cliff

What it looks like when the organisation treats right-sizing as a process

Why oversized instances are a governance problem, not just an engineering one

The leadership levers on right-sizing

1. Make right-sizing a named process with an owner

2. Require right-sizing before commitment approval

3. Accept that some oversize is intentional

4. Ask for the trend at the quarterly review

Quick quiz

Keep learning

Related cost lessons