AWS 90-Day Retrospective Cost Analysis

May month-to-date is the largest segment and was marked estimated by Cost Explorer. The spike is mainly EC2 compute plus FSx and S3 persistence around live and recently deleted ParallelCluster workloads.

Top services

Regions

Usage types

ParallelCluster attribution

The parallelcluster:cluster-name blank bucket is $11,071.44 / 31.6%. Its largest services were S3, EC2 Other, RDS, EC2 Compute, and Support, so this bucket is mostly non-cluster or cluster-adjacent resources without cluster tags.

Live inventory covered the material spend regions us-west-2, us-east-1, eu-central-1, ap-south-1, global S3 buckets, and a lightweight core sweep of the remaining enabled regions. The low-spend-region sweep found no EC2, EBS, EIP, NAT, FSx, or RDS resources in the remaining regions.

Current active ParallelClusters

Focused collector tag status across 142 live resources

Live resources to tag

These are review targets, not deletion instructions. The two FSx filesystems are the largest clear savings surface. If their backing data has already been exported and no jobs are active, they should be prioritized for delete-plan review under the usual second-confirmation destructive-action policy.

This report family should be turned into a scheduled producer plus read-only Ursa consumer. Cost Explorer and regional inventory scans should stay off dashboard request paths.

Producer behavior

• Run daily after Cost Explorer data is expected to settle.
• Use explicit config only; missing config fails closed.
• Write versioned artifacts to a configured S3 bucket/prefix.
• Do not infer an S3 bucket from Ursa internal output buckets, cluster tags, default profile state, or service-side discovery.
• Precompute console links, plot artifacts, and stale/error metadata.

Recommended artifact layout

current/summary.json
current/resources.json
current/savings.json
current/report.md
current/plots/*.svg
runs/<run_id>/summary.json
runs/<run_id>/resources.json
runs/<run_id>/savings.json
runs/<run_id>/report.md
runs/<run_id>/plots/*.svg

Future Ursa config keys

cost_report_bucket: <required>
cost_report_prefix: <required>
cost_report_profile: <required>
cost_report_region: <required>
cost_report_max_age_hours: <required>

Route/API shape

• Add a read-only admin page such as /usage/aws-cost.
• Add GET /api/v1/aws-cost-report/current.
• Return freshness state, run ID, generated timestamp, report link, plot links, top cost drivers, untagged live resources, and savings candidates.
• Show explicit missing, stale, or error states when artifacts are absent or too old.
• Keep this separate from the existing Ursa spot-pricing monitor; that monitor captures partition spot-price availability, not actual Cost Explorer spend.

Cost Explorer evidence is preserved as raw response JSON under docs/aws_3month_retrospective_cost_analysis_assets/raw/; those filenames encode the grouped query dimensions. Read-only command evidence is preserved in inventory_commands.json.

Expected metadata misses

• 32 S3 buckets returned NoSuchLifecycleConfiguration.
• 21 S3 buckets returned NoSuchTagSet.
• Those are findings, not collector failures. After filtering those expected metadata misses, there were no unresolved read failures in the focused live inventory.

Limits

• Cost Explorer reflects historical cost and tag activation state; it cannot prove that a historical resource is still running.
• Live scan is current as of 2026-05-21 and may differ from historical spend sources that have since been deleted.
• Live resource coverage is deepest for the material regions and global S3. A core EC2/EBS/EIP/NAT/FSx/RDS sweep of remaining enabled regions found no resources.
• Savings estimates for FSx, EBS, EIP, and NAT are approximate run-rate estimates for prioritization, not invoices.