Idle Load Balancers, RDS, and NAT Gateways: AWS Waste Beyond EC2
A guide to finding idle AWS infrastructure outside EC2, including load balancers, RDS instances, and NAT gateways.
The hidden idle resource problem
Teams often focus on EC2 utilization, while load balancers, databases, NAT gateways, and other managed resources continue billing after projects, branches, and test environments end.
Different resources need different evidence
A load balancer needs request and target health context. RDS needs CPU, connections, storage, backup, and environment context. NAT needs traffic and route dependency context.
- Load balancer: requests, active connections, target health, listener rules.
- RDS: CPU, connections, last activity signals, backup and retention policy.
- NAT gateway: bytes processed, route table dependency, VPC endpoint alternatives.
Execution boundary
Only low-risk, clearly scoped resources should move to approval-gated execution. Production, unknown ownership, active traffic, or IaC-managed resources should become review briefs.
Checklist
- 1Find load balancers with no meaningful traffic or unhealthy/no targets.
- 2Find RDS instances with low CPU and connection activity over the lookback window.
- 3Find NAT gateways with low traffic or questionable route dependency.
- 4Check tags, IaC markers, ASG or service ownership, and environment.
- 5Separate stop/delete candidates from owner-review candidates.
Frequently asked questions
- Is idle AWS waste limited to EC2?
- No. Load balancers, RDS instances, NAT gateways, and other managed resources can keep billing after the workload that needed them is gone.
- What makes an idle resource safe to act on?
- A safe candidate has low or no usage, clear ownership, non-production or approved scope, no production/IaC protection marker, and an approval record before execution.
How ZephMatrix helps
From guide to governed action
ZephMatrix treats idle resources as workflow candidates only after resource context, owner routing, and safety classification are available.