惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

月光博客
月光博客
Cyberwarzone
Cyberwarzone
L
LINUX DO - 最新话题
N
News and Events Feed by Topic
T
Troy Hunt's Blog
Help Net Security
Help Net Security
S
Security @ Cisco Blogs
Google DeepMind News
Google DeepMind News
Security Archives - TechRepublic
Security Archives - TechRepublic
M
MIT News - Artificial intelligence
G
Google Developers Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V2EX - 技术
V2EX - 技术
Y
Y Combinator Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
大猫的无限游戏
大猫的无限游戏
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Microsoft Security Blog
Microsoft Security Blog
Cisco Talos Blog
Cisco Talos Blog
T
Threatpost
Recent Commits to openclaw:main
Recent Commits to openclaw:main
S
SegmentFault 最新的问题
I
InfoQ
H
Hacker News: Front Page
D
Docker
Scott Helme
Scott Helme
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Blog — PlanetScale
Blog — PlanetScale
人人都是产品经理
人人都是产品经理
博客园 - 叶小钗
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
N
Netflix TechBlog - Medium
AWS News Blog
AWS News Blog
Know Your Adversary
Know Your Adversary
博客园 - 【当耐特】
T
Tor Project blog
U
Unit 42
H
Heimdal Security Blog
Microsoft Azure Blog
Microsoft Azure Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Privacy & Cybersecurity Law Blog
PCI Perspectives
PCI Perspectives
美团技术团队
O
OpenAI News
T
Tailwind CSS Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
B
Blog
GbyAI
GbyAI
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
MyScale Blog
MyScale Blog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
The 4-Way Compute Tradeoff: Reserved vs Spot vs Savings Plan vs On-Demand After 3 Years of FinOps Data
Muskan · 2026-05-11 · via DEV Community

Three years of cost retrospectives across mixed AWS fleets keep landing on the same finding. Teams that pick one compute commitment model and apply it across the whole fleet (all-Savings-Plan, all-On-Demand, all-Spot for the brave ones) overspend the optimum by 18 to 35 percent. The single-model decision is comfortable because it is one decision; the portfolio decision is uncomfortable because it is four decisions. Three years of data says the four-decision answer is worth the discomfort.

The portfolio that hit 95 percent of the maximum theoretical saving in the audits I ran is roughly 50 to 70 percent Savings Plan, 15 to 25 percent Spot, 5 to 15 percent Reserved Instance, and 10 to 20 percent On-Demand. The ranges are workload-mix dependent, not arbitrary. The shape that decides the slot is whether the workload is predictable, stateful, AZ-anchored, or unpredictable. Match shape to slot, accept the operational complexity of running four models concurrently, and the saving compounds.

This post is the four models, the workload-shape mapping, and the failure mode (commitment expiry) that nobody tracks until it bites. It composes with right-sizing without vibes and closed-loop FinOps. Right-sizing picks the per-instance type. Commitment portfolio picks the per-instance pricing model. The two answers multiply.

One model for the whole fleet is the wrong answer

The single-model patterns are familiar. The cost-conscious finance team pushes everything onto a 3-year Savings Plan to maximize discount; the engineering team that values flexibility runs everything On-Demand; the bold cost-optimizer pushes batch pipelines onto Spot and forgets the rest. Each of these captures part of the saving curve and leaves the rest on the table.

The retrospective math is clean once you compute it.

Strategy Discount captured Operational complexity Risk if workload changes
All On-Demand 0% (baseline) Lowest None
All Savings Plan (3yr) 60-66% on covered usage Low High; commitment locked 3 years
All Spot 70-90% on stable workloads High; every workload needs interruption handling Medium; price spikes still happen
Portfolio (mixed) 50-65% blended Medium-high Low; each workload sized to its own slot

The all-Savings-Plan strategy looks attractive on paper. It collapses when 30 percent of the fleet is unpredictable: that 30 percent runs On-Demand inside the SP umbrella anyway, and the SP commitment goes unused. The all-Spot strategy collapses on the first stateful workload that cannot tolerate interruption. The portfolio is the only strategy that does not collapse on the workload mix it was built for.

What the four models actually trade off

The four models are not interchangeable. Each has a different commitment shape, a different discount curve, and a different failure mode.

Model Discount vs On-Demand Commitment Flexibility Best for
On-Demand 0% None Highest; pay-per-second Unpredictable spikes, dev/test
Spot 70-90% None; interruptible with 2-min warning Low; runtime can vanish Stateless batch, fault-tolerant work
Savings Plan (Compute) 27-66% 1yr or 3yr commitment to $/hour High; covers EC2 + Fargate + Lambda, any region/family Predictable steady-state
Savings Plan (EC2 Instance) Up to 72% 1yr or 3yr commitment to specific family Low; locked to family Locked-family steady-state
Reserved Instance Up to 72% 1yr or 3yr commitment to specific instance type + AZ Lowest; locked to type and AZ Large DBs, GPU inference with AZ pinning

The Compute Savings Plan is the flexible default. It covers EC2, Fargate, and Lambda, any instance family, any region. The flexibility costs a few percentage points of discount versus EC2 Instance Savings Plan, but the optionality is worth it for any workload that might change instance family in the next 1 to 3 years (which, in practice, is most of them).

Reserved Instances retain a niche. Workloads that need a specific instance type and AZ for performance reasons (a large i3en.metal database that cannot move, a p4d.24xlarge GPU instance for inference latency) get the deepest discount on RI. The flexibility cost is paid for by the certainty that the workload will not migrate.

Spot is its own decision. The discount is real, but only if the workload survives interruption.

Workload shape decides the slot

The portfolio is not a finance allocation. It is a workload-shape allocation that finance reads after the fact. Four shape signals decide the slot.

Workload shape signal Maps to
Predictable load, runs 24/7, no AZ pinning Compute Savings Plan
Stateless, can checkpoint, batch or async Spot
Stateful, AZ-pinned, large DB or GPU inference Reserved Instance
Unpredictable spikes, dev/test that scales to zero On-Demand

The mapping is deterministic once the shape is known. The signals come from existing observability: average CPU and the variance around it tell you predictable vs unpredictable; the deployment manifest tells you stateful vs stateless; the instance type at provisioning tells you AZ-pinned vs not.

[diagram could not be rendered]

A common confusion: "predictable" does not mean "same load every minute." It means the daily and weekly shape repeats. A workload that runs at 60 percent capacity from 8am to 6pm and 10 percent overnight is predictable; the SP covers the steady-state baseline (30 percent of peak) and On-Demand absorbs the rest. A workload whose load can 10x in 90 seconds is unpredictable and stays On-Demand for the entire spike envelope.

The portfolio that beat single-model strategies

The 50/70/15/25/5/15/10/20 ranges (Savings Plan, Spot, RI, On-Demand) are not aspirational. They came from auditing about 40 mid-size AWS fleets across 3 years and computing what the optimum looked like for each, then taking the central tendency.

The interpretation:

  • Savings Plan, 50 to 70 percent. The steady-state baseline is the largest single bucket because most production workloads have a steady-state baseline. Cover 70 to 80 percent of historical usage with the SP commitment, not 90 percent. The overshoot capacity goes to On-Demand for spikes.
  • Spot, 15 to 25 percent. Batch pipelines, ML training, async workers, stateless rendering. The bucket size is bounded by how many workloads can absorb interruption, which is bounded by how much engineering investment you made in interruption handling.
  • Reserved Instance, 5 to 15 percent. Big databases, GPU inference, anything that needs AZ affinity. Small bucket because most fleets only have a handful of these.
  • On-Demand, 10 to 20 percent. The buffer above the SP commitment plus the genuinely unpredictable workloads. Treating On-Demand as the safety net for the top 10 to 20 percent of load is correct; treating it as the default for everything is the 35 percent overspend.

Teams that ran this portfolio shape in audits hit 95 percent of the maximum theoretical saving (the saving you would get if you had perfect foreknowledge of every workload's behavior for the next 3 years). The remaining 5 percent gap is the cost of operating four models concurrently instead of one. The 95-versus-65 percent difference between portfolio and single-model is the work paying off.

Spot interruption is an engineering investment, not a finance decision

The Spot bucket is the one most teams underuse because they treat it as a finance question. It is not. It is an engineering investment that, once shipped, applies to every Spot-eligible workload the team writes for the next 5 years.

The interruption rate runs 2 to 10 percent depending on instance type and AZ. AWS gives a 2-minute warning before reclaiming the instance. Workloads that survive cleanly need three things:

  • A PreStop hook that drains in-flight work, marks the queue position, and writes a checkpoint
  • A checkpointing strategy (typically every 1 to 5 minutes for long jobs) so a reclaimed instance can resume on the next instance instead of restarting
  • A queue-resume capability so the work item that was mid-flight when the interruption fired gets picked up by the next worker, not lost

Building these once costs maybe 2 to 4 weeks of engineer time. It then amortizes across every batch worker, every ML training job, every async pipeline you ship for the next 5 years. The Spot bucket grows from 5 percent to 25 percent of the fleet because new workloads land on Spot by default.

Teams that skip the engineering investment cap their Spot usage at 5 to 10 percent of the fleet (the fraction that happens to be naturally fault-tolerant) and leave 70 to 90 percent discount on the table for everything else. Teams that ship the investment unlock the upper end of the 15 to 25 percent range.

Commitment expiry is the failure mode nobody tracks

Three years of audit retrospectives surface the same hidden failure mode: a 1-year Savings Plan or RI expires silently and the next month's bill jumps 40 to 50 percent. The team finds out from the finance review, not from the alert that should have fired 90 days earlier.

The pattern that prevents the surprise is the renewal calendar. Three discrete checkpoints per commitment:

Days before expiry Action
90 days Pull utilization report; flag if SP coverage dropped below 70%
60 days Decide ratchet: renew at same level, smaller, larger, or let lapse
30 days Place the renewal commitment; auto-page if not done

The 90-day utilization check is the one teams skip and the one that costs the most. A 1-year Savings Plan bought when the fleet was 60 instances is wasteful when the fleet is now 30 instances and half the SP commitment is unused. The 90-day window is enough to ratchet down the new commitment instead of renewing at the same level.

The 30-day auto-page is the safety net. If nobody decided yet, the page goes out and forces the call. Without it, the SP lapses on a Friday, the bill jumps the following Tuesday, and the team is doing 6 weeks of forensics to understand why On-Demand spend doubled.

This is the same closed-loop pattern as auto-remediation: detect (utilization drift, expiry approaching), decide (the ratchet decision), act (place the new commitment), verify (next month's bill stays in range). The detect-decide-act-verify shape repeats across cost domains because the underlying problem is the same: deterministic responses to deterministic signals, on a schedule that gets ahead of the failure instead of behind it.

The portfolio answer to the four-way tradeoff is not a one-time configuration. It is a continuously renewed allocation, ratcheted at every commitment expiry against current workload reality. Three years of audits say teams that operate it that way leave less than 5 percent of the saving on the table. Teams that pick one model and forget the renewal calendar leave 18 to 35 percent on the table and find out from finance.