B2B SaaS: −42% on AWS bill in 12 weeks

The context

A French B2B SaaS platform, 50 people including 12 engineers, with a Series A round looming. The AWS bill sat at €18,000/month and had doubled in 18 months without a clear cause. The CFO started asking questions, the board demanded a controlled cost trajectory ahead of the raise.

Technically, the team was solid but underwater: heavy product roadmap, no FinOps engineer, nobody to take the topic seriously. Three people occasionally checked Cost Explorer, with no action plan.

The 2-week diagnosis

The audit revealed the textbook pattern of a fast-growing SMB:

Cost line	Before audit	Why
Compute (EC2 + RDS)	€8,200/month	0% in Reserved Instances or Savings Plans
NAT Gateway	€1,800/month	No VPC Endpoints, all S3 traffic via NAT
Cross-AZ data transfer	€1,100/month	App + RDS spread across 3 AZs without need
CloudWatch Logs	€700/month	No retention configured, DEBUG ingestion in prod
EBS snapshots	€450/month	80% orphaned (volumes deleted >6 months prior)
Dev/staging	€2,200/month	Running 24/7
The rest	€3,550/month	Over-provisioned EC2, empty ALBs, unattached EIPs

A simple finding: 30 to 40% of the bill could disappear without touching application behavior, just by activating standard FinOps levers. They simply hadn’t had the time.

The intervention

The 3-month prioritized action plan:

Month 1 — Engagement + tagging

First step, clean the foundation. Without consistent tagging, you optimize blind. Environment, Owner, Project, CostCenter tags propagated via Terraform on 100% of existing resources in 5 days, validated in Cost Explorer after 48h.

In parallel, Compute Savings Plans commitment at 70% of EC2 + Lambda + Fargate baseline, calibrated on 6 months of history. Immediate saving: −€3,100/month. ROI: day zero, it’s a pricing change.

Month 2 — Infrastructure quick wins

VPC Gateway Endpoints S3 + DynamoDB deployed across all VPCs: NAT traffic divided by 2.5
CloudWatch Logs retention set to 30d (prod) / 7d (staging) / 1d (dev) on 200+ log groups
EventBridge + Lambda for automatic stop/start of dev instances outside business hours (Mon-Fri 8am-8pm)
Right-sizing 12 instances based on Compute Optimizer recommendations, staging then prod, one window at a time
S3 lifecycle policies on 3 log buckets > 1 TB: Standard → IA → Glacier IR transitions
Orphan cleanup: 240 EBS snapshots, 18 EIPs, 4 empty ALBs, 14 detached EBS volumes

Month 3 — Continuous discipline

Setting up the automated monthly drill:

Weekly Lambda scanning + alerting on new orphans (snapshots, EIPs, volumes)
Cost Explorer dashboard shared in daily standup
AWS Budget with Slack alerts at 80% and 100%
Bi-monthly office hours to arbitrate new architecture decisions

Measured results

At the end of the retainer (month 3):

Metric	Before	After	Delta
Monthly AWS bill	€18,000	€10,400	−42%
Compute SP coverage	0%	72%	—
Monthly NAT traffic	4.2 TB	1.6 TB	−62%
CloudWatch Logs ingested	280 GB	95 GB	−66%
Dev/staging cost	€2,200/month	€720/month	−67%
Orphan resources	280	0	−100%

Zero incidents during the 3 months of intervention. Zero application code changed.

Lessons we apply systematically

Three principles confirmed by this engagement:

Tagging is lever zero. Without it, you optimize blind. Always week one.
Savings Plans are the highest-ROI quick win, but require a stable baseline and confidence in product trajectory. Don’t commit if the product pivots within 6 months.
Continuous discipline matters more than the one-shot audit. Without the monthly routine, savings re-erode in 6 months. That’s why the retainer exists — not for you to stay dependent, but for the discipline to set in before we step out.

The client moved to a quarterly light follow-up after the initial 3 months. The AWS bill stays under €11,000/month today despite 30% traffic growth.