This chapter covers rightsizing—the practice of matching AWS resource capacity to actual workload demands—and AWS Trusted Advisor, a tool that provides automated recommendations for cost optimization, performance, security, and fault tolerance. For the SAA-C03 exam, approximately 5-8% of questions touch on cost optimization, with rightsizing and Trusted Advisor being key components. Understanding how to analyze utilization metrics, choose appropriate instance families, and interpret Trusted Advisor checks is essential for designing cost-effective architectures.
Jump to a section
Imagine you own a clothing store and order suits for your employees. You have one employee who needs a suit for client meetings, but you order a custom-tailored, premium wool suit with gold buttons—when a standard off-the-rack polyester blend would suffice perfectly. You're paying 10x more for features the employee never uses. Rightsizing is like measuring each employee and ordering the exact suit they need: slim fit for the sales team, relaxed fit for the warehouse staff. You periodically check if an employee has gained or lost weight, and if their current suit is too big or too small, you exchange it for the correct size. AWS Trusted Advisor is your personal tailor—it scans your wardrobe (your AWS resources) and tells you which suits are too big (over-provisioned), which are too small (under-provisioned, causing performance issues), and which are just right. It also flags suits you never wear (idle resources) and suggests you donate them (terminate) to save closet space (cost). The goal is to have every resource sized precisely for its workload, no more, no less—just like a perfectly fitted suit.
What is Rightsizing?
Rightsizing is the process of continuously adjusting AWS resource configurations to match the actual needs of workloads. It involves analyzing utilization metrics (CPU, memory, network I/O, disk I/O) over time and selecting instance types, sizes, or families that provide sufficient capacity without over-provisioning. Over-provisioning leads to wasted spend; under-provisioning causes performance degradation or outages. Rightsizing is not a one-time activity—it must be repeated as workloads evolve.
Why Rightsizing Exists
AWS offers hundreds of instance types across families (general purpose, compute optimized, memory optimized, accelerated computing, storage optimized) and sizes (nano, micro, small, medium, large, xlarge, 2xlarge, etc.). Each instance type has a specific vCPU, memory, networking bandwidth, and EBS bandwidth profile. Without rightsizing, architects often default to larger instances than needed, incurring unnecessary costs. For example, a t3.medium (2 vCPU, 4 GiB RAM) costs $0.0416 per hour, while a t3.large (2 vCPU, 8 GiB RAM) costs $0.0832 per hour—double the cost for the same vCPU count. If the workload only needs 2 vCPU and 4 GiB RAM, the t3.medium is the right size.
How Rightsizing Works Internally
Rightsizing relies on monitoring data from Amazon CloudWatch. CloudWatch collects metrics such as CPUUtilization, MemoryUtilization (if the CloudWatch agent is installed), NetworkIn, NetworkOut, DiskReadOps, DiskWriteOps, DiskReadBytes, DiskWriteBytes, and StatusCheckFailed. These metrics are sampled at 1-minute intervals (for detailed monitoring) or 5-minute intervals (basic monitoring). Rightsizing analysis aggregates these metrics over a period (e.g., 14 days) to determine peak and average utilization.
AWS Compute Optimizer is a service that uses machine learning to analyze historical utilization and recommend optimal instance types. It examines up to 93 days of CloudWatch metrics and considers factors like CPU, memory, and network patterns. It categorizes findings as: - Over-provisioned: Instance is larger than needed (e.g., CPU utilization < 40% and memory utilization < 40% for 95% of the time). - Under-provisioned: Instance is too small (e.g., CPU utilization > 90% or memory utilization > 90% for significant periods). - Optimized: Instance is appropriately sized. - Not optimized: No recommendation available due to insufficient data.
Compute Optimizer also supports Auto Scaling groups and EC2 fleets. It generates recommendations for instance types within the same family or different families, including recommendations for Graviton (ARM-based) instances, which often provide better price-performance.
Key Components, Values, Defaults, and Timers
CloudWatch Metrics: Default monitoring is 5-minute intervals; detailed monitoring (1-minute intervals) costs extra but provides finer granularity for rightsizing.
Compute Optimizer: Requires a minimum of 30 hours of historical data for recommendations; uses up to 93 days of metrics.
Trusted Advisor: Checks for Amazon EC2 Reserved Instance Lease Expiration, Idle Load Balancers, Underutilized Amazon EBS Volumes, and Amazon EC2 instances with low utilization. The cost optimization checks are available to Business and Enterprise support plans; Basic and Developer plans get only limited checks (7 core checks).
Rightsizing Recommendations: Provided by Cost Explorer (under 'Rightsizing Recommendations') and Compute Optimizer. Cost Explorer recommendations consider instance family, size, and purchase options (On-Demand, Reserved, Spot).
Savings Plans: Compute Savings Plans and EC2 Instance Savings Plans offer discounts (up to 72%) in exchange for commitment to a consistent amount of compute usage (measured in $/hour). Rightsizing can help determine the optimal commitment.
Configuration and Verification Commands
To enable Compute Optimizer:
aws compute-optimizer update-enrollment-status --status ActiveTo get recommendations for an EC2 instance:
aws compute-optimizer get-ec2-instance-recommendations --instance-arns arn:aws:ec2:us-east-1:123456789012:instance/i-0abcd1234efgh5678To view Trusted Advisor checks via CLI:
aws support describe-trusted-advisor-checks --language en
aws support describe-trusted-advisor-check-result --check-id <check-id>To retrieve Cost Explorer rightsizing recommendations:
aws ce get-rightsizing-recommendation --service EC2 --time-period Start=2023-01-01,End=2023-01-31How Rightsizing Interacts with Related Technologies
Auto Scaling: Rightsizing complements Auto Scaling by ensuring the launch template or configuration uses the correct instance type. Auto Scaling can automatically add/remove instances based on demand, but if the base instance type is oversized, you still overpay per instance.
Reserved Instances (RIs) and Savings Plans: Rightsizing helps determine the right mix of RIs or Savings Plans. If you commit to a large instance but later downsize, you may have unused capacity. Compute Optimizer and Cost Explorer can recommend instance modifications or exchanges.
AWS Budgets: Rightsizing can be tracked via budgets to measure cost savings from recommendations.
AWS Organizations: Rightsizing can be applied across accounts using consolidated billing and Cost Explorer for a holistic view.
Trusted Advisor: Automated Best Practice Checks
Trusted Advisor is an online tool that inspects your AWS environment and provides real-time guidance based on AWS best practices. It has five categories: Cost Optimization, Performance, Security, Fault Tolerance, and Service Limits. For cost optimization, key checks include: - Amazon EC2 Reserved Instance Lease Expiration: Alerts when RIs are about to expire. - Idle Load Balancers: Detects load balancers with low traffic (e.g., less than 100 bytes per second over 7 days). - Underutilized Amazon EBS Volumes: Identifies volumes with low I/O (less than 1 IOPs per day) or low throughput. - Amazon EC2 Instances with Low Utilization: Flags instances with average CPU utilization ≤ 10% and network I/O ≤ 5 MB over 14 days. - Amazon RDS Idle DB Instances: Detects RDS instances with no connections for 7 days.
Trusted Advisor checks run periodically (every 24 hours for most checks) and provide actionable recommendations with estimated monthly savings. For example, if an EC2 instance has been running with less than 10% CPU utilization for 14 days, Trusted Advisor will recommend stopping or resizing it and show the potential cost savings.
Rightsizing Process in Practice
Collect Data: Enable detailed CloudWatch metrics (1-minute) for critical instances. Use CloudWatch agent for memory metrics.
Analyze Utilization: Use Cost Explorer or Compute Optimizer to review CPU, memory, and network patterns over 14-93 days.
Identify Candidates: Look for instances with average CPU < 40% and peak < 50% (over-provisioned) or average > 70% (under-provisioned).
Select New Instance Type: Choose a smaller or larger size within the same family, or switch families (e.g., from M5 to T3 if workload is burstable). Consider Graviton for potential savings.
Modify Instance: For EC2, you can change instance type by stopping the instance, changing the type, and starting it (if not in an Auto Scaling group). For RDS, you can modify the DB instance class with minimal downtime.
Monitor Post-Change: Verify performance metrics to ensure the new size meets requirements without degradation.
Automate: Use AWS Config rules (e.g., ec2-instance-type-allowed) or Lambda functions to enforce rightsizing policies.
Exam-Relevant Details
The SAA-C03 exam tests your ability to choose cost-optimized architectures. You must know when to use rightsizing vs. Auto Scaling vs. Spot Instances.
Rightsizing is often the first step before committing to RIs or Savings Plans.
Trusted Advisor's cost optimization checks require Business or Enterprise support plan for full access. The free tier (Basic/Developer) only gets 7 core checks (e.g., S3 Bucket Permissions, Security Groups).
Compute Optimizer is a separate service, not part of Trusted Advisor. It provides more detailed recommendations using ML.
Rightsizing recommendations from Cost Explorer include both downsizing and upsizing suggestions.
For memory-optimized workloads, you must install the CloudWatch agent to get memory metrics; otherwise, Compute Optimizer cannot evaluate memory utilization.
When rightsizing, consider that some instance families have different performance characteristics (e.g., T3 instances have burstable CPU credits; if credits are depleted, performance throttles).
Reserved Instances can be exchanged or modified to different instance types, but only within the same family (e.g., m5.large to m5.xlarge). Cross-family exchanges are not allowed.
Savings Plans are flexible across instance families and regions (Compute Savings Plans) or specific to a family (EC2 Instance Savings Plans).
Enable Detailed CloudWatch Monitoring
For EC2 instances, enable detailed monitoring (1-minute interval) to capture granular utilization data. This is done via the AWS Console (select instance, Monitoring tab, Enable Detailed Monitoring) or CLI: `aws ec2 monitor-instances --instance-ids i-xxx`. Detailed monitoring incurs additional cost ($2.10 per instance per month for 7 metrics) but provides the data needed for accurate rightsizing. Without it, you only have 5-minute averages, which can mask short spikes. For memory metrics, install the CloudWatch agent on the instance and configure it to report memory utilization. This step is critical because Compute Optimizer and Cost Explorer rely on this data to generate recommendations.
Collect Historical Utilization Data
Allow at least 14 days of data collection to capture workload patterns, including peak and off-peak hours. For best results, collect 30-93 days. Use CloudWatch metrics to track CPUUtilization, MemoryUtilization, NetworkIn, NetworkOut, and Disk metrics. Ensure that the metrics are stored in CloudWatch Logs or dashboards for review. For a more automated approach, enable AWS Compute Optimizer, which automatically ingests this data and generates recommendations after 30 hours of data. Compute Optimizer uses machine learning to analyze patterns and provides a 'finding' (Over-provisioned, Under-provisioned, Optimized, Not optimized) for each instance.
Analyze Utilization Patterns
Review the collected metrics to identify instances with low average utilization (e.g., average CPU < 20%, peak < 40%) or high utilization (e.g., average CPU > 70%). Use Cost Explorer's Rightsizing Recommendations or Compute Optimizer's findings. For example, an instance with CPU utilization averaging 5% for 14 days is a strong candidate for downsizing. Also check network and disk metrics; an instance may have low CPU but high network throughput, requiring a larger instance for network bandwidth. The goal is to match the instance size to the highest resource requirement without over-provisioning.
Select a New Instance Type
Based on the analysis, select a new instance type that meets the workload's peak requirements. For example, if an m5.large (2 vCPU, 8 GiB RAM) averages 10% CPU and 20% memory, consider m5.medium (1 vCPU, 4 GiB RAM) or t3.medium (2 vCPU, 4 GiB RAM) if the workload is burstable. Use the AWS Simple Monthly Calculator or Pricing Calculator to estimate cost savings. For memory-constrained workloads, consider r5 instances. For compute-intensive, c5. Always verify that the new instance type supports the same EBS volumes, VPC, and security groups. Also check if the instance type is available in the same Availability Zone.
Modify the Instance or Launch New
For EC2 instances not in an Auto Scaling group, you can resize by stopping the instance, changing the instance type, and starting it. Use the AWS Console (Actions > Instance Settings > Change Instance Type) or CLI: `aws ec2 modify-instance-attribute --instance-id i-xxx --instance-type '{"Value": "t3.medium"}'`. This process causes downtime (the instance is stopped). For production workloads, consider launching a new instance with the desired type and migrating traffic. For RDS, use the Modify DB Instance action; it may cause a brief outage (typically a few minutes). For Auto Scaling groups, update the launch template or configuration and gradually replace instances.
Monitor Post-Migration Performance
After resizing, monitor the instance for at least 24-48 hours to ensure performance meets expectations. Check CloudWatch metrics for any increase in CPU or memory utilization above comfortable thresholds (e.g., > 80%). Also check application logs and user feedback. If the instance is under-provisioned (e.g., CPU consistently > 90%), consider reverting to the previous size or choosing a different instance family. Rightsizing is iterative; you may need to adjust again as workload changes. Use CloudWatch alarms to alert on high utilization to catch issues early.
In enterprise environments, rightsizing is a continuous cost optimization practice. Consider a large e-commerce company running thousands of EC2 instances across multiple accounts. During a cost audit, they discover that many instances are m5.xlarge (4 vCPU, 16 GiB RAM) but their average CPU utilization is below 10% and memory below 20%. These are legacy instances from a previous architecture where developers over-provisioned to avoid performance issues. Using Compute Optimizer, they identify 500 such instances. They schedule a maintenance window to resize them to m5.large (2 vCPU, 8 GiB RAM), saving approximately $50,000 per month. However, they must be careful: some instances have intermittent spikes in network traffic (e.g., during flash sales). They use detailed monitoring to capture these spikes and confirm that the smaller instance can handle the burst. They also set up CloudWatch alarms to automatically scale up if utilization exceeds 80%.
Another scenario involves a financial services firm that uses RDS for their transactional databases. They have a db.r5.large (2 vCPU, 16 GiB RAM) instance that consistently uses less than 1 GB of memory and 10% CPU. Trusted Advisor flags it as idle (no connections for 7 days). Upon investigation, they find it's a test database that is only used occasionally. They downsize to db.t3.medium (2 vCPU, 4 GiB RAM) and schedule start/stop using AWS Instance Scheduler to run only during business hours, saving 70% on costs.
A common misconfiguration is rightsizing without considering network bandwidth. For example, a video processing workload might have low CPU but high network throughput. If you resize to a smaller instance with lower network performance (e.g., from m5.xlarge with up to 10 Gbps to t3.large with up to 5 Gbps), you may throttle the pipeline. Always check the network bandwidth specification of the new instance type. Use CloudWatch's NetworkIn and NetworkOut metrics to understand peak throughput.
Another pitfall is rightsizing instances that are part of an Auto Scaling group without updating the launch template. If you manually resize an instance, but the Auto Scaling group later launches new instances based on the old template, your cost savings are lost. Always update the launch template or configuration to reflect the new instance type.
For organizations using Reserved Instances (RIs), rightsizing can lead to underutilized RIs. If you downsize an instance that was covered by an RI, you may have unused capacity. AWS allows you to modify RIs (e.g., change size within the same family) or sell them on the Reserved Instance Marketplace. Alternatively, you can use Savings Plans, which are more flexible and automatically apply to any instance type within the plan's scope.
The SAA-C03 exam tests rightsizing and Trusted Advisor primarily under Domain 4: Cost-Optimized Architectures (Objective 4.5: Identify cost-effective compute, storage, and database services). Expect 1-2 questions on rightsizing and 1-2 on Trusted Advisor. Key exam points:
Rightsizing vs. Auto Scaling: A common question asks when to use rightsizing vs. Auto Scaling. Rightsizing is for steady-state workloads with predictable utilization; Auto Scaling handles variable demand. The exam may present a scenario where an EC2 instance has low average utilization but occasional spikes—Auto Scaling (with a smaller base instance) is the answer, not rightsizing alone.
Trusted Advisor Cost Optimization Checks: The exam loves to test which checks are available to which support plans. Remember: Basic/Developer plans get only 7 core checks (S3 Bucket Permissions, Security Groups, IAM Use, MFA on Root Account, EBS Public Snapshots, RDS Public Snapshots, and Service Limits). Business and Enterprise plans get all checks, including cost optimization. A typical wrong answer is assuming all Trusted Advisor checks are free for all accounts.
Compute Optimizer Requirements: Candidates often forget that Compute Optimizer needs at least 30 hours of data and requires enabling the service. Also, memory metrics require the CloudWatch agent. The exam may present a scenario where Compute Optimizer doesn't provide recommendations for an instance—the reason could be insufficient data or lack of memory metrics.
Rightsizing with Reserved Instances: A tricky question might involve rightsizing an instance that is covered by a Reserved Instance. The correct approach is to modify the RI (if within the same family) or use the Reserved Instance Marketplace. Exchanging RIs is possible for the same family (e.g., m5.large to m5.xlarge) but not across families. The wrong answer might suggest simply stopping the instance and launching a new one, ignoring the RI commitment.
Idle Resources: Trusted Advisor flags idle load balancers (traffic < 100 bytes/sec for 7 days), idle RDS instances (no connections for 7 days), and underutilized EBS volumes (I/O < 1 IOPs/day). The exam may ask you to identify which resource is idle based on metrics. For example, a load balancer with 50 bytes/sec for 10 days is idle.
Edge Cases: Rightsizing for burstable instances (T3/T4g) requires understanding CPU credits. If you downsize to a T3 instance but the workload consumes more CPU credits than earned, performance throttles. The exam might present a scenario where a T2 instance is rightsized to T3 without considering credit balance.
Savings Plans vs. RIs: The exam may ask which purchase option is more flexible for rightsizing. Compute Savings Plans apply to any EC2 instance (any region, any family) and even Fargate/Lambda, making them ideal for environments where instance types change frequently.
To eliminate wrong answers, focus on the underlying mechanism: rightsizing is about matching capacity to demand, Trusted Advisor is about best-practice checks, and Compute Optimizer uses ML for recommendations. If a question mentions 'automated recommendations based on machine learning', the answer is Compute Optimizer, not Trusted Advisor. If it mentions 'idle resources', it's likely Trusted Advisor.
Rightsizing reduces costs by matching instance size to workload demand; use CloudWatch metrics (1-minute interval) for accurate analysis.
AWS Compute Optimizer provides ML-based rightsizing recommendations after 30 hours of data; requires enabling and CloudWatch agent for memory metrics.
Trusted Advisor cost optimization checks are available only to Business/Enterprise support plans; free tier gets 7 core checks only.
Trusted Advisor flags idle resources: EC2 with CPU < 10% for 14 days, ELB with < 100 bytes/sec for 7 days, RDS with no connections for 7 days, EBS with < 1 IOP/day.
Rightsizing is not a one-time task; review recommendations every 30-90 days using Cost Explorer or Compute Optimizer.
When rightsizing, consider network bandwidth and burstable CPU credits (T3 instances) to avoid performance degradation.
Reserved Instances can be modified within the same family; Savings Plans offer more flexibility for changing instance types.
Auto Scaling handles variable demand; rightsizing is for steady-state workloads.
These come up on the exam all the time. Here's how to tell them apart.
Compute Optimizer
Uses machine learning to analyze up to 93 days of utilization data
Provides specific recommendations for instance type, size, and purchase option
Requires enabling the service and at least 30 hours of data
Supports EC2, Auto Scaling groups, and EBS volumes
Offers estimated savings and performance risk assessment
Trusted Advisor (Cost Optimization)
Uses rule-based checks with fixed thresholds (e.g., CPU < 10% for 14 days)
Flags idle/underutilized resources but does not suggest specific instance types
Available via AWS Support (Business/Enterprise plan for full checks)
Covers EC2, RDS, ELB, EBS, and more
Provides estimated monthly savings but no performance risk analysis
Mistake
Rightsizing is a one-time activity done during initial deployment.
Correct
Rightsizing must be an ongoing process because workloads change over time. AWS recommends reviewing rightsizing recommendations at least every 30-90 days using tools like Cost Explorer and Compute Optimizer.
Mistake
Trusted Advisor cost optimization checks are available for all AWS accounts.
Correct
Only 7 core checks are free for Basic/Developer support plans. Full cost optimization checks (including EC2 low utilization, idle load balancers, etc.) require Business or Enterprise support plan.
Mistake
Compute Optimizer and Trusted Advisor provide the same recommendations.
Correct
Compute Optimizer uses machine learning to analyze utilization and provides specific instance type recommendations. Trusted Advisor checks for idle or underutilized resources based on fixed thresholds (e.g., CPU < 10% for 14 days). Compute Optimizer is more granular and proactive.
Mistake
You can resize an EC2 instance without stopping it.
Correct
For EC2 instances (not in an Auto Scaling group), you must stop the instance to change the instance type. This causes downtime. For RDS, you can modify the instance class with minimal downtime (typically a few minutes).
Mistake
Reserved Instances can be exchanged for any other instance type.
Correct
Reserved Instances can only be modified or exchanged within the same instance family (e.g., m5.large to m5.xlarge). Cross-family exchanges are not allowed. Savings Plans offer more flexibility.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Rightsizing is about selecting the correct instance type and size for a workload's typical demand, reducing over-provisioning. Auto Scaling automatically adjusts the number of instances based on demand, handling variable traffic. Rightsizing complements Auto Scaling by ensuring each instance in the fleet is appropriately sized. For example, if you have a web server that always uses 30% CPU on an m5.large, rightsizing suggests m5.medium. If traffic spikes, Auto Scaling adds more m5.medium instances. The exam often tests this distinction: rightsizing for steady-state, Auto Scaling for variable.
Trusted Advisor cost optimization checks are automatically available if you have an AWS Business or Enterprise support plan. For Basic/Developer plans, you only get 7 core checks (S3 Bucket Permissions, Security Groups, IAM Use, MFA on Root Account, EBS Public Snapshots, RDS Public Snapshots, and Service Limits). To upgrade, change your support plan in the AWS Support Center. Once upgraded, navigate to Trusted Advisor in the console and view all checks under the Cost Optimization category.
Yes, but you must update the launch template or configuration used by the Auto Scaling group. If you manually resize an instance, the Auto Scaling group will later replace it with an instance based on the original template, undoing your change. To rightsize, modify the launch template to specify the new instance type, then perform a rolling update (e.g., increase desired capacity, then terminate old instances). This ensures all new instances use the correct type.
Compute Optimizer uses CloudWatch metrics: CPUUtilization, MemoryUtilization (if CloudWatch agent installed), NetworkIn, NetworkOut, DiskReadOps, DiskWriteOps, DiskReadBytes, DiskWriteBytes, and StatusCheckFailed. It analyzes up to 93 days of data. For EC2, it also considers the instance's architecture (e.g., x86 vs. Graviton). Memory metrics are optional but required for accurate memory-based recommendations. Without them, Compute Optimizer may miss memory over-provisioning.
If you resize to a different instance type within the same family (e.g., m5.large to m5.xlarge), you can modify the Reserved Instance to match the new size. If you change families (e.g., m5 to c5), the RI no longer applies, and you pay the On-Demand rate. You can sell the unused RI on the Reserved Instance Marketplace or exchange it (if within the same family). Savings Plans are more flexible and automatically apply to any instance type within the plan's scope.
AWS recommends reviewing rightsizing recommendations at least every 30 to 90 days. Workloads change over time due to software updates, user growth, or seasonal patterns. Use Cost Explorer's Rightsizing Recommendations or Compute Optimizer to get periodic reports. You can also set up AWS Budgets to alert you when costs exceed thresholds, prompting a review.
Cost Explorer rightsizing recommendations are based on historical CloudWatch metrics and provide suggestions for downsizing or upsizing EC2 instances, including purchase option recommendations (On-Demand, Reserved, Spot). Compute Optimizer uses machine learning to analyze more data points (up to 93 days) and provides recommendations for instance type, size, and even Graviton migration. Compute Optimizer also includes performance risk assessment. Both are free to use, but Compute Optimizer requires enabling.
You've just covered Rightsizing and Trusted Advisor — now see how well it sticks with free SAA-C03 practice questions. Full explanations included, no account needed.
Done with this chapter?