Use Lucidum to Save Cost in AWS
April 23, 2021
Lucidum Official

How to effectively monitor and detect costly resources in AWS can be a big challenge to any enterprise. AWS provides a powerful and flexible computing environment, but sometimes the big cost numbers on the billing report can be a surprise. For example, imagine the cloud admin see the expensive r5.4xlarge instance record on the current month’s billing report:



The admin will go to the AWS EC2 management console and look for the r5.4xlarge instances. Surprisingly, there are no currently running EC2 instances with this type:



Therefore, those r5.4xlarge instances must have been terminated. In order to trace back those instances, the admin probably needs to dig into the AWS CloudTrail events to search for all instance creation/termination events or CloudWatch logs to look at the previous instances’ running metrics. However, CloudTrail and CloudWatch typically store a huge amount of data, and it will be very time-consuming to manually look through all the data to get these instances.

A better and more efficient solution? Lucidum! Lucidum is an asset discovery platform that eliminates blind spots across cloud, security, and IT operations. Lucidum applies its patent-pending machine learning to discover, triangulate, and identify all assets — even previously unknown unknowns — delivering visibility essential to truly secure, manage, and transform your enterprise. Let’s see how to quickly pinpoint these costly instances with a simple query on the Lucidum UI:



As shown in the picture, the cloud admin can now easily search for:

  • • All AWS EC2 assets (across different AWS accounts and regions) within the enterprise
  • • The instance type is r5.4xlarge
  • • The instances are last seen within 30 days
  • • The instances are detected as “idle” from Lucidum’s machine learning engines

Boom! In a few minutes, the Lucidum UI will present a detailed report to the cloud admin on the costly r5.4xlarge instances, even these instances do not exist anymore! Below is an example report from the query:


Asset Account ID First Time Seen IP Address Idle Instance (yes/no) Instance Name Last Time Seen Monthly Cost (US Dollar) Region User Name
I-02F613ED925D8C9ED 1234567890 2021/4/1 18:54 [] Yes test-ec2-v2 2021/4/5 8:08 806 us-west-1 MIKE
I-063E751ACE2884BD1 1234567890 2021/3/31 18:48 [] Yes test-ec2-v1 2021/4/1 8:10 806 us-west-1 MIKE
I-0F896BCC57DAE45B1 1234567890 2021/3/22 17:48 [,] No test-ec2-v0 2021/3/25 8:14 806 us-west-1 JOHN


From the report, the cloud admin can quickly find the instances with a lot of contextual information, such as:

  • • The AWS cloud account ID
  • • The IP addresses
  • • The instance name
  • • The AWS region
  • • First and last time seen for the instance. This gives the time period when the EC2 instance is alive
  • • The user name
  • • The estimated monthly cost for the instance
  • • The idling indicator for the instance. “Yes” means the EC2 is in idle state during the period when it is alive.
  • • and more!

The cloud admin can then take some immediate actions to reduce the operating costs, such as:

  • • Email the users to remind them of the enterprise’s policies on creating costly EC2 instances
  • • Communicate with the users to stop or terminate these EC2 instances if they are not actively used, especially for those “idling” ones
  • • If some instances cannot be terminated, suggest the users change the instance type to lower the costs

With Lucidum, managing and controlling your cloud environment will no longer be a difficult job. Lucidum provides complete asset visibility, identifies and connects all users, assets, physical locations, and org structures to enable the complete and accurate history of all users, assets, and IP addresses. Better asset discovery, smarter cost management, and safer environment.

