Mastering AWS for Small Projects: Avoiding the 'Surprise Bill'

I learned the AWS billing lesson the hard way. Three days after deploying ServiceCrud to ECS, I received a billing notification: $47 for what I thought would be a $10/month setup. The culprit? A NAT Gateway I didn't know I'd created — AWS's default VPC configuration launches one automatically, and it charges $0.045 per hour plus data transfer fees. That single invisible resource cost more than my actual compute.

AWS is the most capable cloud platform in existence. It's also the most financially dangerous for developers who don't understand its pricing model. Services that appear free during setup can generate significant costs at scale. Default configurations often include expensive add-ons. And the billing dashboard is complex enough that problems aren't visible until the monthly invoice arrives.

The AWS Services That Make Sense for Small Projects

EC2 (t3.micro or t4g.micro): A single instance handles most small-to-medium API workloads. The t3.micro (2 vCPU, 1GB RAM) costs $0.0104/hour (~$7.50/month) and runs a Go Fiber API serving hundreds of concurrent connections comfortably. ARM-based t4g instances are 20% cheaper with comparable performance. For Kimaya's backend, a single t3.micro handles all API traffic at current scale.

RDS (db.t3.micro or db.t4g.micro): Managed MySQL or PostgreSQL. The db.t3.micro costs ~$15/month with 20GB storage. Alternative: run the database on your EC2 instance (free) — acceptable for early-stage projects where managed backup, failover, and maintenance aren't worth the cost premium. I moved to a separate Lightsail database at $15/month for its simpler pricing model.

S3: Object storage for images, uploads, and static assets. Pricing is genuinely cheap at small scale: $0.023/GB/month for storage, $0.0004 per GET request. Most small projects store under 10GB and make under 100,000 requests/month — total cost under $1/month.

ECR: Container image registry. Free tier: 500MB of storage. Beyond that, $0.10/GB/month. A Go application produces 10-20MB images — you'll never meaningfully exceed the free tier.

The AWS Services to Avoid (Until You Need Them)

NAT Gateway: $32/month minimum, plus data transfer charges. Required only if your private subnet resources need internet access. If you're running everything in a public subnet (acceptable for small projects), you don't need it. Check your VPC configuration and delete NAT Gateways you didn't intentionally create.

Application Load Balancer: $16/month minimum. For a single EC2 instance, an ALB is unnecessary — use Caddy or Nginx as a reverse proxy on the instance itself. I run Caddy on my EC2 instance for automatic HTTPS and reverse proxy, saving $16/month compared to an ALB.

Elastic IP (unattached): AWS charges $3.65/month for Elastic IPs that aren't attached to running instances. If you stop an EC2 instance, the associated Elastic IP starts costing money. Release unneeded Elastic IPs.

CloudWatch Logs (at scale): Log ingestion is $0.50/GB. Application logs can generate gigabytes of data quickly if log levels are too verbose. Set production log levels to WARN or ERROR, not DEBUG or INFO.

Cost Protection: The Non-Negotiable Setup

Billing Alerts: Set up AWS Budgets with alerts at $10, $25, $50, and $100. You'll receive email/SMS notifications when your spending approaches these thresholds. This is the single most important AWS configuration for solo developers — it's the difference between "I noticed the problem early" and "I found out at the end of the month."

AWS Cost Explorer: Review Cost Explorer weekly during your first month of deployment. It shows per-service costs and trends, making it easy to identify unexpected charges before they accumulate.

Free Tier tracking: The AWS Free Tier dashboard shows your usage relative to free tier limits. Monitor it monthly to catch services approaching the free tier boundary before they start incurring charges.

My Current AWS Bill Breakdown

For ServiceCrud and Kimaya's backend combined: EC2 t3.micro ($7.50), ECR ($0), S3 ($0.50), Route 53 ($0.50 per hosted zone), and CloudWatch ($0 within free tier). Total: approximately $9/month for a production Go API that handles authentication, product management, order processing, and payment integration. No ALB, no NAT Gateway, no managed database — just a single EC2 instance running Caddy and the Go binary.

AWS is a power tool. Like any power tool, it's extraordinarily capable when used correctly and extraordinarily dangerous when used carelessly. Set billing alerts before deploying anything. Review Cost Explorer weekly. Question every default configuration. And remember: the goal isn't to use the most AWS services — it's to use the right AWS services at the right cost.