The 7 Signs Your AWS Environment Needs a Health Check

The 7 signs your AWS environment needs a health check

I manage AWS environments day-to-day. Some are well-architected from the start. Many are not — not because the people who built them were incompetent, but because cloud environments accumulate technical debt quickly, especially when they are built under pressure or by teams whose primary job is building product rather than managing infrastructure.

Most cloud problems announce themselves before they become incidents. Here are the seven most reliable warning signs I see — and what each of them usually means.

1. Your AWS bill is higher than expected and you cannot explain why

This is the most common sign I see. The bill went up, nobody changed anything (as far as anyone knows), and no one can pinpoint the cause. In most cases, this is one of three things: an orphaned resource that was never decommissioned, an AWS Lambda function running more than expected, or data transfer costs that were not modelled correctly. All three are fixable — but you need to know which one it is first.

2. You have had an outage that was not caught by monitoring

You found out your application was down because a user told you, not because an alert fired. This means either your monitoring coverage is incomplete or your alert thresholds are set incorrectly. In a well-managed environment, you should know about an issue before your users do — ideally before it becomes an outage at all.

3. You are not sure what all your AWS resources are actually doing

You can log in to the AWS Console and see a list of resources, but you cannot confidently say what all of them do or whether they are still needed. This is very common in environments that have been built iteratively over time. Undocumented resources are a cost risk, a security risk, and an operational risk — because no one knows what will break if they are removed.

4. Your IAM policies are overly permissive

If any of your IAM users, roles, or policies include * on Action or Resource without a specific reason, that is a problem. Over-permissive IAM is one of the most common findings in our Well-Architected Reviews, and it is one of the most significant security risks in any AWS environment. The blast radius of a compromised credential is directly proportional to how permissive that credential is.

5. You are not using Reserved Instances or Savings Plans for your steady-state workloads

If you have Amazon EC2 instances or Amazon RDS databases that run 24/7, and you are paying on-demand rates for all of them, you are almost certainly overpaying by 30–60%. Reserved Instances and Savings Plans require upfront commitment, but for predictable workloads, they are a straightforward way to reduce your bill significantly without changing anything about your architecture.

6. Your last backup test was "a while ago"

Backups that are never tested are not backups — they are optimistic assumptions. In our experience, a meaningful proportion of backup configurations contain errors that are only discovered during a recovery attempt. A health check will verify that your backup policies are correctly configured, that backups are completing successfully, and — ideally — that they can be restored.

7. Your environment was built quickly and never formally reviewed

Startup environments, MVP environments, and "we just needed something working" environments often accumulate significant architectural debt. The decisions that made sense at speed — an Amazon EC2 instance instead of AWS Lambda because it was faster to configure, an Amazon RDS instance that is bigger than it needs to be because you were not sure of the load — compound over time. A health check surfaces those decisions and gives you a prioritised list of what to address first.

What happens in a Cloud Health Check?

Our Free Cloud Health Check is a 30-minute session with a certified AWS architect. We review your environment against the AWS Well-Architected Framework, identify the most significant risks and cost opportunities, and give you a prioritised action plan. There is no commitment involved and no sales pitch at the end — just an honest view of where your environment stands.

If we identify significant findings during the health check, we will recommend a full Well-Architected Review. That is free for qualifying customers.