Azure WAF configurations attached to Application Gateways can persist after their backend pool resources have been removed — often during environment reconfiguration or application decommissioning. In these cases, the WAF is no longer serving any functional purpose but continues to incur fixed hourly costs. Because no traffic is routed and no applications are protected, the WAF is effectively inactive. These orphaned WAFs are easy to overlook without regular cleanup processes and can quietly accumulate unnecessary charges over time.

Classic Load Balancers that no longer serve active workloads will persist if they are not properly decommissioned. This often happens after application migrations, architecture changes, or testing activities. Even if no connections or traffic are passing through the CLB, it continues to incur baseline charges until manually deleted. Identifying and removing unused load balancers helps eliminate waste without impacting operations.

Network Load Balancers that are no longer needed often persist after architecture changes, service decommissioning, or migration projects. When no active TCP connections or traffic flow through the NLB, it still generates hourly operational costs. Identifying and removing these idle resources helps reduce unnecessary networking expenses without affecting service availability.

Application Load Balancers that no longer serve active workloads may persist after application migrations, architecture changes, or testing activities. When no incoming requests are processed through the ALB, it continues to generate baseline hourly and LCU charges. Identifying and decommissioning unused ALBs helps reduce networking expenses without impacting operational environments.

Gateway Load Balancers that no longer have active traffic flows can continue to exist indefinitely unless proactively decommissioned. This often happens after network topology changes, security architecture updates, or environment deprecations. Without active packet forwarding, the GLB provides no functional benefit but still incurs hourly and data transfer costs.

Some architectures unintentionally route large volumes of traffic between resources that reside in different Availability Zones—such as database queries, service calls, replication, or logging. While these patterns may be functionally correct, they can lead to unnecessary data transfer charges when the traffic could be contained within a single AZ. Over time, this can become a silent cost driver, especially for chatty microservices, replicated storage layers, or high-throughput pipelines. Re-architecting for AZ-locality—when possible—can reduce these charges without affecting availability in environments where high resilience isn’t required.

VPC Interface Endpoints are commonly deployed to meet network security or compliance requirements by enabling private access to AWS services. However, these endpoints often remain provisioned even after the original use case is deprecated. In some cases, the applications have been decommissioned; in others, traffic routing has changed and the endpoint is no longer used. Since interface endpoints generate hourly charges whether or not they are used, identifying and removing inactive ones can eliminate unnecessary costs.

NAT Gateways are convenient for enabling outbound access from private subnets, but in data-intensive environments, they can quietly become a major cost driver. When large volumes of traffic flow through the gateway—particularly during batch processing, frequent software updates, or hybrid cloud integrations—the per-GB charges accumulate rapidly. In some cases, replacing a managed NAT Gateway with a self-managed NAT instance can substantially reduce costs, provided that the organization is prepared to operate and maintain the alternative solution.

NAT Gateways are frequently left running after environments are re-architected, workloads are shut down, or connectivity patterns change. In many cases, they continue to incur hourly charges despite no active traffic flowing through them. Because hourly fees are not tied to whether the gateway is needed—just whether it exists—these resources can quietly drive recurring costs without delivering ongoing value. Identifying and removing unused gateways is a simple way to reduce waste.