惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

SecWiki News
SecWiki News
量子位
The Cloudflare Blog
美团技术团队
T
The Exploit Database - CXSecurity.com
博客园 - 【当耐特】
Spread Privacy
Spread Privacy
P
Proofpoint News Feed
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园 - 三生石上(FineUI控件)
T
Tor Project blog
博客园 - 司徒正美
宝玉的分享
宝玉的分享
T
Threatpost
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Secure Thoughts
T
Threat Research - Cisco Blogs
Hacker News: Ask HN
Hacker News: Ask HN
Jina AI
Jina AI
博客园 - 聂微东
A
Arctic Wolf
I
Intezer
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Know Your Adversary
Know Your Adversary
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
爱范儿
爱范儿
Hugging Face - Blog
Hugging Face - Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
小众软件
小众软件
T
Tailwind CSS Blog
The Hacker News
The Hacker News
L
LINUX DO - 最新话题
Hacker News - Newest:
Hacker News - Newest: "LLM"
WordPress大学
WordPress大学
S
SegmentFault 最新的问题
TaoSecurity Blog
TaoSecurity Blog
Project Zero
Project Zero
博客园 - 叶小钗
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Cloudbric
Cloudbric
雷峰网
雷峰网
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
大猫的无限游戏
大猫的无限游戏
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Troy Hunt's Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
V2EX - 技术
V2EX - 技术
The GitHub Blog
The GitHub Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Privacy & Cybersecurity Law Blog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
FinOps Right-Sizing Without Vibes: The 5-Number Recipe That Cuts $200k of Idle EC2
Muskan · 2026-05-11 · via DEV Community

The average mid-size production EC2 fleet runs at 12 to 23 percent utilization. The remaining 77 to 88 percent is idle compute that ran continuously, billed continuously, and produced nothing. On a 200-instance fleet of m5.xlarge equivalents, that idle slice is worth $150,000 to $250,000 a year. The numbers come from AWS Trusted Advisor and the Flexera 2025 State of the Cloud report and they have not moved much in five years.

Right-sizing should fix this. Most teams treat it as judgement-driven: a senior engineer looks at peak CPU on a dashboard and picks an instance. Peak is the wrong signal. A workload with one weekly traffic spike to 80% CPU and a baseline of 12% gets sized to 80% by the senior engineer, over-provisioned by 5x for the 167 hours a week it is not spiking. Multiply across 200 instances and that is where the $200k lives.

The fix is to stop using vibes. Five CloudWatch numbers per instance are enough to derive the right instance type from a lookup table. Same workload shape always picks the same instance. The procedure is deterministic, repeatable, and does not need a senior engineer's approval. This post is the recipe, the lookup, and the 7-day sentinel that keeps right-sizing from reversing the first time someone says "this feels slow."

The pattern composes with VPA, HPA, and KEDA scaling. Right-sizing sets the per-instance baseline; the autoscalers handle the variation around it.

12% utilization, 100% billing

The reverse-cost property is what makes right-sizing high-impact. The 200 instances that cost the most are not the ones with high utilization. They are the ones with low utilization. High-utilization instances are running flat-out and are by definition appropriately sized. Low-utilization instances are over-provisioned and continuously paying for headroom they do not use.

Average CPU utilization Share of fleet Share of spend that is recoverable
Above 60% (right-sized) 5-15% <5%
30-60% (mildly over) 25-35% 15-25%
10-30% (significantly over) 35-45% 50-65%
Below 10% (extreme over) 15-25% 25-35%

The 15-25% of the fleet running below 10% CPU is where the extreme savings live. These are the instances that got provisioned for a launch that never came, a workload that moved to a different platform, or a "what if traffic 10x" scenario that did not happen. Right-sizing them first concentrates the saving without touching the rest.

The five numbers

Five CloudWatch metrics per instance, computed over a 30-day window:

Metric What it tells you CloudWatch query
p50 CPU Typical-day load; baseline for sizing Statistics: p50, Period: 60, MetricName: CPUUtilization
p99 CPU Worst case the workload sees Statistics: p99, Period: 60
p50 memory Baseline memory footprint (CloudWatch agent required) MetricName: mem_used_percent, Statistics: p50
p99 memory Worst memory pressure MetricName: mem_used_percent, Statistics: p99
Burst duration How long does p99 actually last Custom: count consecutive 1-min samples above 85% CPU

CloudWatch native metric resolution is 60 seconds with the standard agent. Over 30 days that is 43,200 data points per metric, plenty for stable percentile calculation. The memory metric requires the CloudWatch unified agent installed on the instance; without it, memory is invisible to AWS and you have to fall back to instance-internal collection.

The burst duration is the one most teams skip and it is the one that makes the recipe work. Two workloads can have identical p50 and p99 CPU but completely different shapes. One bursts to p99 for 30 seconds at a time twice a day; the other sustains p99 for 2 hours during business peak. The right instance type is different for each.

Burst duration is the missing axis

The T-family versus M-family question hinges on burst duration. T-family instances accumulate CPU credits during low utilization and spend them during bursts. M-family instances do not; they have full CPU available continuously, billed at a higher rate per hour.

Credit math for the popular T3.medium:

diagram

A workload bursting to p99 CPU for 2 minutes once a day uses 60 credits per burst. Idle time accrues credits at 24/hour, so the workload accrues 24 × 22 = 528 credits during the rest of the day. Net credit balance grows. T3.medium is the right instance.

A workload bursting to p99 CPU for 30 minutes during business peak uses 900 credits per burst. The credit cap is 576. The workload exhausts credits in 38 minutes and stalls back to the 20% baseline for the rest of the burst, causing user-facing latency degradation and pages. T3.medium is the wrong instance. M5.large at 2x the hourly rate but with no credit math is correct.

Burst duration (p99 sustained) Family Why
<5 minutes, infrequent T3 / T4g Credits comfortably cover bursts
5-30 minutes, daily T3 / T4g with monitoring Credit balance under pressure; alarm on credit drain
30+ minutes, sustained M5 / M6i / M7i Credit math is hostile; M-family avoids it
Steady high CPU C5 / C6i (compute-optimized) High CPU at lower per-vCPU price
Memory-bound (p99 mem >70%) R5 / R6i (memory-optimized) Memory ratio matters more than CPU

The lookup table

Given the five numbers, instance selection is deterministic.

p99 CPU Burst duration p99 memory Recommended class
<40% any <50% T3.small or smaller
40-70% <30 min 50-70% T3.medium / T3.large
40-70% 30+ min <70% M5.large / M5.xlarge
70-90% any <70% M5 sized to p99 / 0.85
70-90% any 70-85% R5 sized to memory
>90% sustained any any C5 or specialized; investigate workload

The "size to p99 / 0.85" rule keeps a 15% headroom above worst-case observed CPU. This is enough to absorb noise, leave room for periodic batch jobs, and survive a 1.5x traffic spike before HPA kicks in. Teams that size to p99 exactly run into pages on minor anomalies; teams that size to p99 / 0.5 are back to over-provisioning.

The same lookup applies to Kubernetes node pools. The five numbers are computed at the node level instead of per-pod, the burst duration is the cluster-wide burst (since pods are bin-packed), and the recommended instance is the node-pool default.

The 7-day sentinel

Right-sizing without rollback is a one-way street. The first time a senior engineer says "this feels slow," the change reverses, and the team learns to never right-size again. The sentinel is what keeps the data winning.

The procedure:

  1. Deploy the smaller instance to a single canary instance in the affected ASG
  2. Watch p99 application latency on that instance for 7 days
  3. If latency degrades by more than 5% versus the control group, auto-revert to the original instance
  4. If latency stays within 5%, roll out to the rest of the ASG
  5. After full rollout, watch p99 latency for another 7 days; auto-revert if degraded

The 5% threshold is the right number because it is wider than measurement noise (typically 1-2%) but narrower than user-perceptible degradation (typically 10%+). The 7-day window catches weekly traffic patterns, including the Sunday batch jobs that often cause the surprise burst that broke previous right-sizing attempts.

The sentinel runs as an autonomous closed-loop. Detect: latency-degradation alarm. Decide: roll back the right-size. Act: terminate the smaller instance and let the ASG re-launch on the original type. Verify: latency returns to baseline. The auto-revert is what makes right-sizing safe to ship at fleet scale.

Where the $200k actually lives

Run the recipe across the fleet, sort by potential saving descending, and 80% of the dollars come from 20% of the instances. Those instances are easy to identify: they have p99 CPU below 30%, p99 memory below 50%, and current instance class at xlarge or larger.

The CloudWatch Insights query is short. Group by InstanceId, compute avg(CPUUtilization) and max(CPUUtilization) and avg(mem_used_percent), filter where the average CPU is below 30 percent, sort ascending, limit 50. The top 50 instances from this query are the right-sizing candidates worth touching first. For a 200-instance fleet at average m5.xlarge cost ($140 per month), right-sizing them to m5.large or smaller saves $4,000 to $7,000 per month. Across the 50, that compounds to $200,000 to $350,000 per year.

The remaining 150 instances are mostly already right-sized or close to it. Touching them produces less saving and more risk. The reverse-cost property tells you to stop after the long-tail 20% rather than try to optimize every instance.

Right-sizing without vibes is the same five numbers, the same lookup table, and the same sentinel for every workload. The senior engineer's judgement is replaced by a procedure that runs to completion in an afternoon, ships measurable saving in 14 days, and reverses safely if any single canary degrades. The $200k a year exists because the procedure has been treated as a vibes-driven exercise; it does not have to be.