You know the feeling—you open up your AWS bill, and the Amazon EBS line item has mysteriously grown again. It’s not just you: That slow, silent creep is one of the most frustrating – and overlooked – cost drivers in AWS.
EBS is the digital bedrock for apps, but its biggest strength—being incredibly easy to use—is also why costs spiral. A few clicks during provisioning or scaling, and suddenly you're paying for a sprawling pile of digital real estate.
This guide isn't about being cheap; it's about smart cloud cost optimization. It's about eliminating cloud waste and ensuring every dollar spent on storage delivers real value. Let's dig into the actionable strategies to get your EBS spend under control for good.
AWS Security Best Practices [Cheat Sheet]
This cheat sheet goes beyond the essential AWS security best practices and offers actionable step-by-step implementations, relevant code snippets, and industry- leading recommendations to fortify your AWS security posture.
So, what's actually driving your EBS bill?
To fix the leak, you first have to understand its sources. Your EBS bill isn't just one number; it's a composite of several factors, each with its own optimization levers:
Volume type: Choosing the right volume type is the single most important decision for both cost and performance:
General purpose SSD (gp2/gp3): These are the workhorses, but
gp2performance scales with size and relies on a confusing burst-credit system, which can lead to unpredictable performance spikes and lulls. On the other hand,gp3isgp2’s modern successor and generally the best choice for most workloads. It provides a strong baseline performance and allows you to provision IOPS and throughput independently of storage size, giving you predictable performance and often a lower price point (up to 20% cheaper thangp2).Provisioned IOPS SSD (io1/io2/io2 Block Express): These are your premium options for I/O-intensive workloads like relational databases (PostgreSQL, MySQL, Oracle) or NoSQL databases (Apache Cassandra) that require sustained, low-latency performance. You pay a premium for the gigabytes and for every single IOPS you provision. The top tier is
io2 Block Express, offering sub-millisecond latency and the highest performance, designed for the most demanding, mission-critical applications.Throughput optimized HDD (st1): These are low-cost magnetic storage drives optimized for large, sequential I/O, making them perfect for big data processing (like MapReduce clusters), log streaming, and data warehouses. (Keep in mind that they aren’t suitable for boot volumes or transactional workloads.)
Cold HDD (sc1): This is the cheapest option, designed for large, infrequently accessed data, where the lowest storage cost is the primary driver—think cold data storage or backups where retrieval time is not a major concern.
Provisioned size & IOPS: You pay for every gigabyte you provision, not every gigabyte you use. The 1 TB volume you allocated for a new service "just in case" it grew? If it’s only using 50 GB, that’s 950 GB of pure cloud waste on your bill. This is especially painful with premium
io1/io2volumes where both the capacity and the IOPS are over-provisioned.Unattached Volumes: An unattached or "orphaned" volume is the most egregious form of waste. It’s a resource-consuming sinkhole while providing zero value. These are often created when an EC2 instance is terminated without the "Delete on termination" flag being checked.
Snapshots: Snapshots are fantastic for backups, but their costs are deceptive. They are charged based on the delta, which means you pay only for the new blocks that have changed from the previous snapshot. The downside? This creates a dependency chain. Even if you delete an older snapshot from the middle of a chain, the data unique to that snapshot is automatically merged into the next one to maintain integrity, so you might not see the cost savings you expect. These dependency chains can lead to a sprawling, expensive collection of snapshots if not managed with a strict lifecycle policy. It’s also important to understand that deleting snapshots doesn’t always result in immediate cost savings. Because EBS snapshots are incremental and share data blocks, deleting one snapshot won’t necessarily reduce storage costs if its data is still referenced by newer snapshots in the chain. AWS will automatically preserve any blocks still in use, so the overall footprint might remain the same until enough dependent snapshots are removed. That’s why managing snapshot sprawl requires not just deletion, but a lifecycle policy that steadily reduces retention over time.
Data transfer & replication: Moving data isn't free: Creating cross-region snapshots for disaster recovery incurs data transfer charges. While often necessary, these costs need to be factored into your DR strategy.
The game plan for EBS cost optimization
Here are some practical, battle-tested strategies, from simple cleanups to advanced tuning.
1. Hunt down and eliminate unused volumes
This is the low-hanging fruit. Go on a zombie hunt. The goal is to confidently identify and delete volumes that are no longer serving any purpose, a key first step in reducing cloud waste.
You can start this process with a simple AWS CLI command to get a list of candidates:
aws ec2 describe-volumes --filters Name=status,Values=available --query "Volumes[*].{ID:VolumeId,Size:Size,CreateTime:CreateTime,VolumeType:VolumeType}"For more confidence, you can use a script to check CloudTrail for the last time the volume was attached or detached, giving you a better idea of how long it's truly been idle.
2. Get your volumes "just right"
Over-provisioning is a silent budget killer. Use AWS's tools to match your volume's configuration to its actual workload.
The great gp2-to-gp3 migration: It's a no-brainer. As we’ve seen, this one move can result in significant cloud cost savings with better, more predictable performance. The migration is seamless with the Elastic Volumes feature and typically involves no downtime.
Right-size that provisioning: Dive into CloudWatch metrics for each volume. Look at
VolumeReadOps, VolumeWriteOps, VolumeReadBytesandVolumeWriteBytesover a two-week period. Is the peak usage consistently far below what you've provisioned? If a 1 TB volume never exceeds 100 GB of usage, and you have no plans for rapid growth, shrink it. TheVolumeIdleTimemetric is also a goldmine—if it's high, the volume is underutilized.Tune your file system: For advanced tuning, the file system you choose matters. For I/O-heavy workloads, using a file system like XFS over the more common Ext4 can sometimes yield better performance, potentially allowing you to provision fewer IOPS for the same application-level throughput.
3. Tame your snapshot chaos
Unmanaged snapshots are a ticking time bomb for your budget.
Automate with Amazon Data Lifecycle Manager (DLM): This is your best friend for snapshot management. Create policies that target volumes by tags (e.g.,
backup-policy:daily-7-day-retention). You can define schedules, retention rules (for instance, keep 7 daily, 4 weekly, and 12 monthly snapshots), and even automate copying snapshots to other regions for disaster recovery.Archive what you don't need daily: For long-term compliance backups that you rarely access, use the EBS Snapshots Archive tier. This is a great tactic for long-term cloud cost savings, reducing storage costs by up to 75% compared to the standard tier. It's perfect for that 7-year retention policy where you only need to store the data "just in case."
Clean up deregistered AMIs: When you deregister an Amazon Machine Image (AMI), the underlying snapshot is not automatically deleted. These orphaned snapshots are a common source of hidden costs. Periodically find and delete snapshots that are no longer associated with a registered AMI.
4. Making it a habit: Ongoing governance
True cloud cost optimization isn't a one-and-done project. It's a cultural shift that becomes part of your regular operations:
Build a FinOps culture: For new services, shift left towards including cost as a non-functional requirement. Embed cost awareness into your engineering teams’ culture.
Set up AWS Budgets: Create a budget specifically for EBS and set up alerts. Get a notification in Slack or by email when your spend is forecasted to exceed its threshold.
Create CloudWatch alarms: Want to stay on top of zombie volumes? Create a simple CloudWatch alarm that triggers if the count of
availablevolumes goes above zero for more than a few days.
Regular reviews: Institute a quarterly review of your top EBS spenders as part of your cloud spend management process. Get the service owners in a room (or on a Zoom call) and ask the simple question: "Is this still providing value proportional to its cost?"
5. Ownership, tagging, and an end to the blame game
You can't manage what you can't measure, and you can't measure what isn't tagged. A disciplined tagging strategy is the foundation of effective cloud spend management. Enforce these tags on every new volume: app or service, env, owner or team, and purpose. Use policy-as-code tools like AWS Config rules or Microsoft Sentinel to act as a bouncer at a club—no tags, no entry.
Supercharging optimization with a CNAPP like Wiz
AWS cost tools are great for finding the "what" (e.g., an unattached volume), but they often miss the "so what?"—the business context and security risk. This is where a cloud native application protection platform (CNAPP) like Wiz changes the game for your cloud cost optimization efforts.
Wiz doesn't just look at one resource at a time. It uses a single, agentless scan to map your entire cloud environment into the Wiz Security Graph. This graph connects every resource—EBS volumes, EC2 instances, identities, secrets, vulnerabilities, and even the data inside—to show you the full picture.
Here’s how Wiz helps you optimize EBS costs more intelligently:
Zombie volumes with context: Native tools show you an unattached volume. Wiz shows you that same unattached volume and tells you it contains sensitive PII, it was last attached to a production EC2 instance running a vulnerable version of NGINX, and it belonged to the "payments-api" service. Now, instead of just deleting it, you can make an informed decision based on data retention policies and security posture.
Right-sizing with confidence: You see an underutilized
io2volume that’s costing a fortune. The thought of touching a production volume is terrifying. But the Wiz Security Graph shows you exactly which services depend on it, its full network exposure, and confirms it holds no sensitive data. This context turns a high-risk guess into a confident, low-risk optimization. With Wiz, you can migrate it togp3without fearing you'll break a critical app.Automated ownership and governance: That untagged volume? By analyzing its connections in the graph—which service account created it, which EC2 instance it was attached to, the security groups it was in—Wiz can often pinpoint the application and team owner, turning a manual investigation into an automated governance win.
The big takeaway? Wiz’s graph-based approach allows you to move beyond simple cost-cutting and into the realm of risk-based optimization.
Wrapping up
Getting your EBS costs under control is a habit. Start with the easy wins like hunting zombie volumes and migrating to gp3. Mature your process by automating snapshot lifecycles and right-sizing with CloudWatch. By building a foundation of visibility, automation, and smart decision-making, you can transform your cloud spend management from a reactive chore into a proactive discipline.
But to truly optimize without risk, you need context. Seeing the full picture of how a volume connects to your applications, data, and infrastructure is a game-changer. If you're ready to move beyond simple cost reports and make intelligent, risk-aware optimization decisions, see how the Wiz Security Graph can give you the clarity you need: Request a demo of Wiz today.
Agentless Full Stack coverage of your AWS Workloads in minutes
Learn why CISOs at the fastest growing companies choose Wiz to help secure their AWS environments.
