AWS Infrastructure & Cost Analysis

📋 Executive Summary

The AWS infrastructure for the Tappy application has been running since April 2025, accumulating a total spend of approximately $6,456 over 12 months.

      🔑 Key Finding: RDS database storage is configured with io2 (Provisioned IOPS) — costing $377/month for resources the application doesn't need. Switching to gp3 storage would save ~$5,000/year.
    

$750/mo

Current Spend

$335/mo

After Fixes

$415/mo

Monthly Savings

~$5,000/yr

Annual Savings

💰 Cost Breakdown (March 2026 — $751.96)

Where the money goes:

Service	Monthly Cost	% of Bill
RDS — io2 Provisioned IOPS	$323.00	43%
RDS — Instance (db.t4g.medium)	$60.94	8%
RDS — io2 Storage (400 GB)	$53.84	7%
EC2 — t2.medium (us-east-1)	$64.06	9%
EC2 — t2.large (us-west-1)	$48.62	6%
EC2 — t3.medium (us-east-1)	$33.90	5%
EBS Volumes (gp2/gp3)	$55.80	7%
Public IP Addresses	$34.56	5%
AWS Business Support	$58.04	8%
S3 / Route53 / KMS / Transfer	$20.20	2%

RDS vs Everything Else:

RDS Total: $437.78 (58%)

58%

EC2 + Compute: $134.48 (18%)

18%

EBS + IPs + Other: $120.86 (16%)

16%

AWS Support: $58.04 (8%)

8%

📈 Monthly Spend History

Month	Total Spend	RDS Only	Notes
Apr 2025	$194.84	—	Initial setup
May 2025	$277.15	—
Jun 2025	$294.62	—
Jul 2025	$295.57	—
Aug 2025	$227.08	—
Sep 2025	$358.64	$93.15	⬆️ io2 added (Sep 25)
Oct 2025	$913.21	$470.16	🔴 Full io2 provisioned
Nov 2025	$719.33	$410.62
Dec 2025	$737.83	$411.56
Jan 2026	$756.07	$412.56
Feb 2026	$730.72	$406.73
Mar 2026	$751.96	$409.38

12-month total: ~$6,456

💡 Notice the jump from $358 (Sep) → $913 (Oct)? That's when RDS io2 with 3,000 Provisioned IOPS was fully provisioned. It added $377/month overnight.

🖥️ Current Infrastructure

🛢️ RDS (MySQL) — Primary Cost Driver

Setting	Current	Issue
Engine	MySQL 8.0	—
Instance	db.t4g.medium (2 vCPU / 4 GB)	Oversized for current load
Storage Type	io2 (Provisioned IOPS)	🔴 Expensive — $377/mo
Storage Size	400 GB	🔴 Only 44 GB used (11%)
IOPS	3,000 provisioned	🔴 Way overkill
Multi-AZ	Disabled	—
Backup Retention	7 days	—

🖥️ EC2 Instances (3 Active)

Instance	Region	Public IP	Role
t2.medium	us-east-1	54.87.49.10	Main app server
t3.medium	us-east-1	44.210.241.193	App server #2
t2.large	us-west-1	52.53.250.138	Staging/secondary

📦 Other Services

EBS: 10 volumes (gp2 + gp3) — some may be unattached snapshots
S3: Storage bucket — minimal usage ($19/mo)
Route53: Hosted zone + DNS queries — $20/mo
KMS: 1 encryption key — $13/mo
Support: Business tier — $58/mo

🔒 Security Findings

🔴 CRITICAL — MySQL Security Group Open to Internet
The RDS MySQL port (3306) has an inbound rule allowing 0.0.0.0/0 (any IP worldwide). This means anyone can attempt to connect to the database. While authentication is still required, this is a major security risk — it exposes the database to brute-force attacks and scanning bots.

Recommended fix: Restrict the security group inbound rule to only the EC2 instance IPs (54.87.49.10/32 and 44.210.241.193/32). This takes 2 minutes in the AWS Console.

✅ Recommendations — Priority Order

1. Change RDS Storage: io2 → gp3 [$369/mo savings]

Switch from Provisioned IOPS (io2) to General Purpose SSD (gp3). GP3 gives 3,000 baseline IOPS included for free — exactly what's being paid extra for with io2.

Saves ~$369/month on IOPS + storage costs
GP3 can scale to 16,000 IOPS if needed later
No downtime required (AWS modifies storage in-place)

2. Reduce RDS Storage: 400 GB → 100 GB [$10/mo savings]

Only 44 GB is used (11%). Shrink to 100 GB for headroom. Note: storage reduction requires a snapshot → restore process.

3. Downsize RDS Instance: t4g.medium → t4g.small [$25/mo savings]

For a single-app database with moderate traffic, t4g.small (2 GB RAM) is sufficient. Can scale back up anytime.

4. Review EC2 Instances [$50-100/mo potential savings]

Confirm if t2.large in us-west-1 is still needed (staging?)
If both us-east-1 instances run the same app, consolidate into one t3.medium
Consider Savings Plans for committed usage

5. Fix Security Group [URGENT]

Restrict MySQL 3306 inbound to only EC2 instance IPs. Takes 2 minutes, zero risk.

6. Review AWS Support Tier [$58/mo savings]

Business Support at $58/mo is the 2nd highest tier. If technical support isn't used frequently, Developer tier ($29/mo) or Basic (free) may suffice.

💡 Projected Savings Summary

Optimization	Monthly	Annual
RDS io2 → gp3 storage	$369	$4,428
Shrink RDS storage 400→100GB	$10	$120
Downsize RDS instance	$25	$300
Consolidate EC2 instances	~$75	~$900
Lower support tier	$29	$348
TOTAL POTENTIAL	~$508/mo	~$6,096/yr

Before & After:
Current: $750/mo → After optimization: ~$242/mo (68% reduction)

🚀 Next Steps

Immediate (today): Fix RDS security group — restrict MySQL 3306 to EC2 IPs only
This week: Modify RDS storage from io2 → gp3 (no downtime, biggest savings)
This week: Review us-west-1 EC2 instance — terminate if not needed
Next month: Plan RDS storage reduction (requires snapshot restore)
Next month: Evaluate AWS Support tier based on actual usage

Need help implementing any of these changes? Reach out — happy to assist.