Identify any Amazon EC2 instances that appear to be underutilized and downsize (resize) them to help lower the cost of your monthly AWS bill. By default, an EC2 instance is considered "underutilized" when matches the following criteria (to declare the instance "underutilized" both conditions must be met):
- The average CPU utilization has been less than 60% for the last 7 days.
- The average memory utilization has been less than 60% for the last 7 days. By default, AWS CloudWatch can`t record an EC2 instance memory utilization because the necessary metric cannot be implemented at the hypervisor level, therefore to be able to report the memory utilization using CloudWatch you need to install an agent (script) on the instance that you want to monitor and create a custom metric (we`ll name it EC2MemoryUtilization) on the AWS CloudWatch dashboard. The instructions required for installing the monitoring agent, based on the Operating System used by the instance, are available at this URL.
Note: You can change the default threshold values for this rule on the Cloud Conformity console and set your own values for the CPU (percent) and memory utilization (percent) for each condition to configure a custom underuse level for your EC2 instances. You can also change the default name for the memory utilization metric (i.e. EC2MemoryUtilization) and use a custom name for this metric. The console also provides information about each EC2 instance marked as underutilized, details such as region, ID, instance type, launch time, operating system and more in order to help you perform the EC2 right-sizing analysis.
This rule can help you with the following compliance standards:
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
optimisation
Downsizing underutilized EC2 instances to meet the capacity needs at the lowest cost represents an efficient strategy to reduce your monthly AWS costs. For example, resizing a c4.xlarge-type EC2 instance provisioned in the US-East (N. Virginia) region to a c4.large-type instance due to CPU and memory underuse, you can roughly save $72 per month (as of March 2017).
Audit
To identify any underused EC2 instances provisioned within your AWS account, perform the following:
Remediation / Resolution
Option 1: Downsize (resize) the underused EC2 instances provisioned within your AWS account. To resize any EC2 instance that is currently running in "underutilized" mode, perform the following commands:
(!) Important note: the following process assumes that the EC2 instances selected for downsize are NOT currently used in production or for critical operations. To resize production instances without any downtime, you should create a snapshot of your current image and launch a new instance from that snapshot using the required instance type.Option 2: Disable the rule check. If the selected underused EC2 instance configuration must remain unchanged (some workload scenarios can result in low resource utilization by design), you should turn off the conformity rule check for the specified instance from the Cloud Conformity console.
References
- AWS Documentation
- Trusted Advisor Best Practices (Checks)
- Cost Optimization: EC2 Right Sizing
- Monitoring Memory and Disk Metrics for Amazon EC2 Linux Instances
- Amazon EC2 Metrics and Dimensions
- Stop and Start Your Instance
- Amazon EC2 Instance Types
- SIMPLE MONTHLY CALCULATOR
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-instances
- stop-instances
- modify-instance-attribute
- start-instances
- cloudwatch
- get-metric-statistics
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
Underutilized EC2 Instance
Risk level: High