You Are Paying for Third-Party Tools to Tell You Things AWS Already Tells You for Free
Here is something that genuinely frustrates us at LeanOps: we regularly audit companies paying $2,000-10,000/month for FinOps platforms, and when we ask what they use from AWS's built-in tools, the answer is usually "Cost Explorer, sometimes."
AWS provides five cost management tools that are completely free. Not "free tier with limits." Not "free for 30 days." Actually free, permanently, with no usage caps:
- Cost Explorer (12 months of cost data, filter by anything)
- AWS Budgets (alerts when spend approaches thresholds)
- Cost Anomaly Detection (ML-based spike detection)
- Compute Optimizer (rightsizing recommendations for EC2/Lambda/EBS/ECS)
- Trusted Advisor (broad optimization checks including cost)
Together, these tools catch 60-80% of the waste that paid tools find. The remaining 20-40% (Kubernetes pod-level allocation, automated implementation, multi-cloud visibility) is where paid tools earn their price. But if you are paying for tools before exhausting the free ones, you are wasting money on tools that find waste. The irony writes itself.
This post walks through each free AWS tool: what it does, how to configure it properly, what it catches, what it misses, and when you actually need to pay for something better.
Tool 1: AWS Cost Explorer
What it does: Visualizes and analyzes your AWS spending over time. 12 months of historical data, filterable by service, region, account, tag, instance type, and more.
Key Features (All Free)
| Feature | Details |
|---|---|
| Historical data | 12 months included |
| Granularity | Monthly, daily, hourly (hourly for last 14 days) |
| Filters | Service, account, region, tag, instance type, usage type |
| Forecasting | 12-month cost forecast based on trends |
| Rightsizing recommendations | EC2 instance suggestions (basic) |
| Savings Plans recommendations | Shows potential commitment savings |
| API access | $0.01 per paginated API request |
| Console access | Free, unlimited |
How to Get Maximum Value
Step 1: Enable hourly granularity. Go to Cost Explorer preferences and enable hourly data. This lets you pinpoint exactly when cost spikes occurred (not just which day).
Step 2: Create saved reports for your key views:
- Daily cost by service (catch growing services early)
- Monthly cost by linked account (if using Organizations)
- Cost by tag (if you tag by team/environment/product)
- EC2 cost by instance type (identify right-sizing opportunities)
Step 3: Use the forecasting feature. Cost Explorer's 12-month forecast uses your historical trend to project future spend. If the forecast exceeds your budget, act now rather than reacting to a surprise invoice.
Step 4: Check RI/SP recommendations monthly. Cost Explorer analyzes your On-Demand usage and recommends optimal Reserved Instance or Savings Plan purchases. These recommendations show expected savings percentage and breakeven point.
What Cost Explorer Catches
- Services growing faster than expected (runaway costs)
- Seasonal patterns (higher costs on weekdays, lower on weekends)
- Regional cost differences (that test cluster in ap-southeast-1 nobody shut down)
- Under-utilized Reserved Instances (RIs with low utilization %)
- Savings Plan opportunities (always-on workloads running On-Demand)
What Cost Explorer Misses
- Kubernetes pod-level costs (sees nodes, not workloads)
- Root cause of cost changes (shows the what, not the why)
- Cross-account cost anomalies (limited anomaly logic)
- Automated action (shows data, does not fix anything)
- Real-time data (hourly is the finest granularity, 24-48 hour delay on some services)
Tool 2: AWS Budgets
What it does: Sets spending thresholds and sends alerts when actual or forecasted costs approach or exceed those thresholds.
Pricing
| Feature | Cost |
|---|---|
| First 2 budgets | Free |
| Additional budgets | $0.02/budget/day (~$0.60/month per budget) |
| Budget actions (auto-response) | Free with budget |
| Alert notifications | Free (email, SNS, Chatbot) |
Budget Types
| Type | What It Tracks | Best For |
|---|---|---|
| Cost budget | Dollar spend | "Alert me if total spend exceeds $50K" |
| Usage budget | Service usage (hours, GB) | "Alert me if S3 exceeds 100TB" |
| RI utilization budget | Reserved Instance usage % | "Alert me if RI utilization drops below 80%" |
| SP utilization budget | Savings Plan usage % | "Alert me if SP coverage drops" |
Configuration Best Practices
Budget 1 (Free): Total monthly spend
- Set threshold at 80% and 100% of your expected monthly cost
- Add email alerts for engineering lead and finance
- Enable forecasted alert ("alert me if projected spend will exceed budget")
Budget 2 (Free): Top service cost
- Set a budget for your most expensive service (usually EC2 or RDS)
- Alert at 90% threshold
- This catches runaway compute before it tanks the whole bill
Paid budgets ($0.60/month each) worth adding:
- Per-environment budgets (dev, staging, prod)
- Per-team budgets (using cost allocation tags)
- RI/SP utilization budgets (catch commitment waste)
Budget Actions (Automated Response)
AWS Budgets can automatically take action when thresholds are exceeded:
| Action | What It Does | Risk Level |
|---|---|---|
| Apply IAM policy | Restrict new resource creation | Medium |
| Apply SCP (Organizations) | Block specific API calls | Medium |
| Stop EC2 instances | Shut down tagged instances | High |
Practical example: Create a budget for your development environment. When dev spend exceeds $5K/month, automatically apply an IAM policy that prevents launching new EC2 instances. Developers can still use existing resources but cannot spin up new ones until someone reviews and approves.
What Budgets Catches
- Spend exceeding plan (before the invoice arrives)
- Forecasted overruns (2-4 weeks ahead of actual overshoot)
- RI/SP under-utilization (commitment waste)
- Per-team/environment budget violations
What Budgets Misses
- Root cause (tells you "over budget" but not "because someone launched 50 m5.xlarge instances")
- Granular anomaly detection (binary threshold, not pattern-based)
- Cost optimization suggestions (just alerts, no recommendations)
Tool 3: AWS Cost Anomaly Detection
What it does: Uses machine learning to identify unusual spending patterns. Learns your normal spending baseline per service/account/tag, then alerts when actual spend deviates significantly.
Pricing: Completely Free
| Feature | Cost |
|---|---|
| Anomaly monitoring | Free |
| ML model training | Free |
| Alert notifications | Free |
| Root cause analysis | Free |
| Number of monitors | Unlimited |
| Historical anomaly view | Free (90 days) |
This is genuinely one of AWS's best-kept secrets. A machine-learning cost anomaly detection system that runs continuously, costs nothing, and catches spend spikes within hours. Most teams do not know it exists.
Monitor Types
| Monitor Type | What It Watches | Best For |
|---|---|---|
| AWS Services | Individual service costs | Catch runaway service costs |
| Linked Account | Per-account spend | Multi-account organizations |
| Cost Category | Custom-defined groups | Business-unit monitoring |
| Cost Allocation Tag | Tag-based groups | Team/product monitoring |
Setup (5 Minutes)
- Open AWS Cost Management console
- Click "Cost Anomaly Detection" in left sidebar
- Click "Create monitor"
- Select monitor type (start with "AWS Services" for broadest coverage)
- Set minimum impact threshold ($50-100 for small teams, $500+ for large)
- Add alert subscription (email address or SNS topic)
- Done. ML model starts learning immediately, operational in 7-14 days.
How the ML Model Works
The model establishes baselines using:
- Historical spending patterns (weekly, monthly cycles)
- Day-of-week patterns (weekday vs weekend)
- Growth trends (distinguishes organic growth from spikes)
- Service-specific patterns (batch jobs, scheduled tasks)
When actual spend exceeds the predicted range by your threshold amount, it triggers an alert with:
- Which service spiked
- How much above normal
- Root cause analysis (specific usage type, region, linked account)
- Duration of the anomaly
Real-World Example
A client's anomaly detection caught a $340/day spike in EC2 costs on a Tuesday. Root cause: an engineer launched 20 c5.4xlarge instances for a load test and forgot to terminate them. Without anomaly detection, this would have shown up on the monthly invoice 3 weeks later. Cost avoided: $7,140 (21 days x $340/day).
What Anomaly Detection Catches
- Unexpected service cost spikes (runaway instances, misconfigured autoscaling)
- Gradual cost creep that exceeds normal growth rate
- Data transfer spikes (cross-region, egress)
- New services with unexpected costs (first CloudFront bill, first NAT Gateway bill)
What Anomaly Detection Misses
- Costs that are "normal" but wasteful (idle instances that have always been idle)
- Slow growth within the expected range (20% monthly growth is "normal" if it has been trending that way)
- Kubernetes-internal costs (sees EC2 node costs, not pod-level waste)
- Rightsizing opportunities (detects spikes, not sustained over-provisioning)
Tool 4: AWS Compute Optimizer
What it does: Analyzes resource utilization for EC2, Lambda, EBS, and ECS, then recommends optimal configurations that cost less while meeting performance requirements.
Pricing
| Feature | Cost |
|---|---|
| Standard recommendations (14-day analysis) | Free |
| Enhanced metrics (93-day analysis) | $0.0003360164/resource/hour (~$0.25/resource/month) |
| External metrics (Datadog/CloudWatch integration) | Enhanced tier required |
What It Optimizes
| Resource | What It Recommends | Typical Savings |
|---|---|---|
| EC2 instances | Right instance type and size | 25-40% |
| EC2 Auto Scaling groups | Optimal instance mix | 15-30% |
| Lambda functions | Optimal memory configuration | 10-25% |
| EBS volumes | Right volume type (gp3 vs gp2, io2 vs io1) | 20-50% |
| ECS services on Fargate | Optimal CPU/memory | 20-35% |
How to Enable
Compute Optimizer requires opt-in:
- Go to AWS Compute Optimizer console
- Click "Opt in" (account-level or Organization-level)
- Wait 14 days for enough utilization data
- View recommendations per resource type
Reading Recommendations
Compute Optimizer categorizes resources into:
| Status | Meaning | Action |
|---|---|---|
| Under-provisioned | Performance risk, needs more resources | Upgrade (costs more but prevents issues) |
| Over-provisioned | Wasting money, needs fewer resources | Downsize (save money) |
| Optimized | Right-sized for current usage | No action needed |
| Not available | Insufficient data (<14 days) | Wait for more data |
Real Impact Example
A 50-instance EC2 fleet running m5.2xlarge (8 vCPU, 32GB) with average 15% CPU utilization:
- Compute Optimizer recommends m5.large (2 vCPU, 8GB) for 35 of the 50 instances
- Monthly savings: 35 instances x ($0.384 - $0.096)/hour x 730 hours = $7,358/month
- Annual savings: $88,296
That is from a free tool recommending instance changes. No third-party software needed.
What Compute Optimizer Catches
- Over-provisioned EC2 instances (the most common waste)
- Lambda functions with too much memory (paying for unused RAM)
- EBS volumes on expensive types (io1/io2 when gp3 suffices)
- Fargate tasks with excess CPU/memory allocation
What Compute Optimizer Misses
- Idle instances (it recommends smaller, not "shut this down")
- Schedule-based optimization ("run this only during business hours")
- Spot instance opportunities (does not recommend Spot)
- Kubernetes pod rightsizing (only sees nodes)
- Reserved Instance recommendations (separate tool in Cost Explorer)
Tool 5: AWS Trusted Advisor
What it does: Broad AWS best-practice checks across cost, performance, security, fault tolerance, and service limits.
Pricing
| Support Plan | Cost Checks Available |
|---|---|
| Basic/Developer | 6 cost checks (limited) |
| Business ($100+/month) | All 15+ cost checks |
| Enterprise | All checks + API access |
Free Cost Checks (Available to Everyone)
| Check | What It Finds |
|---|---|
| Low Utilization EC2 | Instances with <10% CPU for 14 days |
| Idle Load Balancers | ELBs with no active instances |
| Underutilized EBS Volumes | Volumes with minimal I/O |
| Unassociated Elastic IPs | EIPs not attached to instances ($3.60/month each) |
| Idle RDS Instances | RDS instances with no connections for 7 days |
| Route 53 Latency Record Sets | Unused Route 53 resources |
Business/Enterprise Plan Cost Checks
| Check | What It Finds | Typical Savings |
|---|---|---|
| Amazon EC2 Reserved Instance Optimization | Under-utilized RIs | $1K-50K/year |
| Amazon RDS Idle Instances | Idle databases | $100-2K/month |
| Amazon Redshift Cluster Configuration | Over-provisioned clusters | $500-5K/month |
| Savings Plan Coverage | Missing commitment discounts | 20-40% of compute |
| Lambda Functions with High Error Rates | Failing functions costing retries | Varies |
What Trusted Advisor Catches
- Obviously idle resources (zero traffic load balancers, unused EIPs)
- RI/SP optimization opportunities
- Security issues that indirectly cost money (open S3 buckets leading to data transfer charges)
What Trusted Advisor Misses
- Nuanced optimization (cannot tell you m5.large would work if you currently run m5.2xlarge)
- Anything Kubernetes-related
- Cross-service optimization (redundant services, architectural waste)
- Modern services (limited coverage of newer services like App Runner, Graviton recommendations)
Combining All 5 Tools: The Free AWS Cost Optimization Stack
Here is how to configure all five tools to work together:
Immediate Setup (Day 1, 30 minutes total)
| Tool | Action | Time |
|---|---|---|
| Cost Explorer | Enable hourly granularity, create 3 saved reports | 10 min |
| Budgets | Create 2 free budgets (total spend + top service) | 5 min |
| Anomaly Detection | Create "AWS Services" monitor with $100 threshold | 5 min |
| Compute Optimizer | Opt in (account or Organization) | 2 min |
| Trusted Advisor | Review all cost checks, bookmark the page | 5 min |
Ongoing Review Cadence
| Frequency | Tool | Action |
|---|---|---|
| Daily | Anomaly Detection alerts | React to spikes immediately |
| Weekly | Cost Explorer daily view | Spot trends, verify anomalies |
| Monthly | Compute Optimizer | Implement top 5 rightsizing recommendations |
| Monthly | Cost Explorer RI/SP recommendations | Evaluate commitment purchases |
| Quarterly | Trusted Advisor full review | Catch idle resources accumulating |
Expected Savings from Free Tools Alone
| Company Size (AWS spend) | Typical Annual Savings | Where Savings Come From |
|---|---|---|
| $5K-20K/month | $10K-30K/year | Rightsizing, idle resources, SP purchase |
| $20K-100K/month | $50K-200K/year | Rightsizing, anomaly prevention, commitments |
| $100K-500K/month | $200K-1M/year | Rightsizing, architecture, commitments |
These are conservative estimates based on what we see in LeanOps client engagements. The free tools identify the savings. Implementation requires engineering effort.
When to Upgrade to Paid Tools
Free AWS tools hit their limits in five scenarios:
1. Kubernetes Cost Allocation (Upgrade: Kubecost or OpenCost)
AWS tools see EC2 nodes. They cannot tell you that namespace "team-alpha" uses 40% of cluster resources while namespace "batch-jobs" uses 5%. For Kubernetes-native cost allocation, you need Kubecost or OpenCost.
2. Automated Implementation (Upgrade: CAST AI or Spot.io)
Compute Optimizer tells you to downsize. It does not actually downsize anything. If you have 200+ instances to rightsize and want automation, CAST AI or Spot.io implement changes automatically.
3. Multi-Cloud Visibility (Upgrade: CloudHealth or Vantage)
AWS tools see only AWS. If you run GCP and Azure alongside, you need a multi-cloud FinOps platform for unified visibility. See our multi-cloud FinOps guide.
4. Team-Level Accountability at Scale (Upgrade: Kubecost Enterprise or Finout)
AWS tags provide basic cost allocation, but at 20+ teams with complex shared infrastructure, you need virtual tagging, showback dashboards, and FinOps workflows that free tools cannot deliver.
5. Commitment Automation (Upgrade: nOps or Spot.io)
Cost Explorer recommends RI/SP purchases but does not execute them. If you want automated commitment purchasing that adapts to changing usage patterns, paid tools like nOps handle this continuously.
The 30-Day Free Tool Playbook: Week-by-Week Implementation
Theory is worthless without execution. Here is the exact schedule we give to clients who want to maximize their free tools before spending a dollar on paid platforms. Follow this for 30 days and you will have a fully operational cost management stack that most companies pay $2,000-10,000/month to replicate.
Week 1: Visibility Foundation (Expected savings identified: $2,000-5,000/month)
| Day | Action | Time | What You Get |
|---|---|---|---|
| Monday | Enable Cost Explorer hourly granularity | 5 min | Pinpoint when cost spikes happen (hour, not day) |
| Monday | Create 4 saved reports (by service, account, tag, instance type) | 15 min | Repeatable views without rebuilding filters |
| Tuesday | Create Budget #1: total monthly spend at 80%/100% threshold | 5 min | Never be surprised by your invoice again |
| Tuesday | Create Budget #2: top service (EC2 or RDS) at 90% threshold | 5 min | Catch runaway compute before it tanks the whole bill |
| Wednesday | Review Cost Explorer Savings Plans recommendations | 20 min | Identify commitment savings opportunities ($X,000/year) |
| Thursday | Review Cost Explorer RI utilization report | 15 min | Find unused RIs bleeding money |
| Friday | Generate first weekly cost report, share with team | 15 min | Establish baseline visibility across the org |
Week 1 outcome: You can now see where money goes, get alerted before overruns, and have a baseline to measure future savings against. Most teams discover $2,000-5,000/month in obvious waste just from looking at the data for the first time.
Week 2: Automated Rightsizing (Expected savings actioned: $3,000-8,000/month)
| Day | Action | Time | What You Get |
|---|---|---|---|
| Monday | Opt into Compute Optimizer (account or Organization) | 2 min | Starts collecting 14 days of utilization data |
| Monday | Review existing Compute Optimizer recommendations (if already opted in) | 30 min | Immediate rightsizing candidates |
| Tuesday | Export top 10 "over-provisioned" EC2 recommendations | 20 min | Prioritized list of instances to downsize |
| Wednesday | Implement top 5 non-production rightsizing changes | 2 hrs | Immediate monthly savings with zero production risk |
| Thursday | Implement top 5 production rightsizing (after approval) | 2 hrs | Largest savings (production is where the big instances live) |
| Friday | Review EBS volume type recommendations (gp2 to gp3) | 30 min | Every gp2 volume is a free 20% savings waiting to happen |
Week 2 outcome: 10 instances rightsized, gp2 volumes migrated. Typical savings: $3,000-8,000/month for a 50+ instance environment. All from a free tool.
Week 3: Anomaly Prevention (Expected savings preserved: $5,000-15,000/month in avoided waste)
| Day | Action | Time | What You Get |
|---|---|---|---|
| Monday | Create Cost Anomaly Detection monitor (AWS Services type) | 5 min | ML-based spike detection, free forever |
| Monday | Set threshold at $100/day (small teams) or $500/day (large) | 2 min | Alerts before waste compounds |
| Tuesday | Create second monitor (Linked Account type, if multi-account) | 5 min | Catch per-account anomalies |
| Wednesday | Review Trusted Advisor cost checks | 30 min | Find idle ELBs, unattached EIPs, unused RIs |
| Thursday | Action Trusted Advisor findings (delete idle resources) | 1-2 hrs | Eliminate zombie resources |
| Friday | Verify anomaly detection baseline is forming (check alerts page) | 5 min | ML model needs 7-14 days, confirm it is learning |
Week 3 outcome: Anomaly detection is actively learning your patterns. Trusted Advisor zombie cleanup done. The next cost spike will be caught in hours, not discovered 18-26 days later on your invoice.
Week 4: Review, Automate, Repeat (Expected ongoing cadence established)
| Day | Action | Time | What You Get |
|---|---|---|---|
| Monday | Compare this week's cost to Week 1 baseline | 15 min | Quantify actual savings achieved |
| Tuesday | Set up Budget Actions (auto-apply IAM policy if dev exceeds $5K) | 30 min | Automated guardrails for non-prod |
| Wednesday | Schedule monthly calendar event: "Cost Review" with team leads | 5 min | Permanent rhythm prevents waste from returning |
| Thursday | Document savings achieved, share with leadership | 30 min | Build organizational support for continued optimization |
| Friday | Plan next month: evaluate whether paid tools are needed | 30 min | Informed decision based on real gaps, not vendor sales pitches |
Week 4 outcome: Savings documented, cadence established, and a clear-eyed view of what free tools cover vs. where gaps remain.
30-Day Results Summary
| Metric | Typical Result |
|---|---|
| Total monthly savings identified | $8,000-25,000 |
| Total monthly savings actioned | $5,000-15,000 |
| Future waste prevented (anomaly detection) | $5,000-15,000/month avoided |
| Time invested (total across 4 weeks) | 12-15 hours |
| Tools cost | $0 |
| ROI on time invested | $4,000-12,000 saved per hour spent |
When Free Tools Are Not Enough: The Upgrade Decision
Free tools cover visibility, alerts, and basic rightsizing. They do not cover everything. Here is exactly what you lose by staying free, and when the gap becomes expensive enough to justify paid tools.
What Free Tools Miss vs. Paid Alternatives
| Capability | Free AWS Tools | Kubecost ($50-150/node/mo) | CAST AI (% of savings) | CloudHealth (custom) | nOps ($5-10/node/mo) |
|---|---|---|---|---|---|
| Kubernetes pod-level costs | No (sees nodes only) | Yes (namespace, pod, label) | Yes (with automation) | Yes (multi-cloud) | Partial (EKS focus) |
| Automated rightsizing | No (recommends only) | No (recommends only) | Yes (auto-applies) | No | Partial |
| Multi-cloud visibility | No (AWS only) | Yes (any K8s) | Yes (EKS, GKE, AKS) | Yes (AWS, Azure, GCP) | No (AWS only) |
| Automated RI/SP purchasing | No | No | No | Yes | Yes |
| Custom cost allocation (virtual tagging) | No | Yes (Enterprise) | No | Yes | Partial |
| Spot instance automation | No | No | Yes (with fallback) | No | Partial |
| Team showback dashboards | Basic (tags only) | Yes | Yes | Yes | Yes |
| Anomaly detection by team/namespace | No (service-level only) | Yes | Yes | Yes | Yes |
The Decision Thresholds
| Your Situation | Stay Free | Upgrade To |
|---|---|---|
| AWS spend < $20K/month, no K8s | Yes | N/A |
| AWS spend $20-50K/month, basic K8s | Likely yes | Consider Kubecost free tier for K8s visibility |
| AWS spend > $50K/month | Maybe | Evaluate CAST AI or nOps (ROI is clear at this scale) |
| Multi-cloud environment | No | CloudHealth or Vantage for unified visibility |
| 50+ K8s pods with no resource limits | No | CAST AI pays for itself in month 1 |
| RI/SP coverage below 40% | Maybe | nOps automates purchases (saves 30-50% on compute) |
| 5+ teams needing showback | No | Kubecost Enterprise or Finout |
The Honest Math
A $50K/month AWS bill with 30% waste = $15,000/month recoverable. Free tools find $5,000-8,000 of that. Paid tools find the remaining $7,000-10,000. If a paid tool costs $1,000-2,000/month and recovers $7,000-10,000/month, the ROI is 3.5-10x. That math works.
But for a $15K/month bill with $4,500 in waste, free tools find $3,000 and paid tools find the remaining $1,500. A $1,000/month paid tool that finds $1,500/month has an ROI of 1.5x. That barely works. Stay free until the math clearly favors upgrading.
The Bottom Line
Before you spend $2,000/month on a FinOps platform, spend 30 minutes setting up AWS's free tools. Cost Anomaly Detection alone (completely free, takes 5 minutes to configure) catches cost spikes that most teams discover 18-26 days late on their invoice.
The free tool stack (Cost Explorer + Budgets + Anomaly Detection + Compute Optimizer + Trusted Advisor) identifies 60-80% of the waste that paid tools find. For most teams under $50K/month AWS spend, free tools plus disciplined monthly review are sufficient.
If your AWS spend exceeds $50K/month and you have already exhausted free tools, our team at LeanOps implements the automation, commitment strategy, and architectural changes that free tools cannot do alone. We typically cut AWS bills by 30-60% within 90 days. Get a free Cloud Waste Assessment to see exactly what the free tools have been missing.
Further reading:
