Scenario 1: Savings Plans apply to all usage
You purchase a one-year, partial upfront Compute Savings Plan with a $50.00/hour commitment.
Your Savings Plan covers all of your usage because multiplying each of your usages by the equivalent Compute Savings Plans is $47.13. This is still less than the $50.00/hour commitment.
Without Savings Plans, you would be charged at On-Demand rates in the amount of $59.10.
Scenario 2: Savings Plans apply to some usage
You purchase a one-year, partial upfront Compute Savings Plan with a $2.00/hour commitment.
In any hour, your Savings Plans apply to your usage starting with the highest discount percentage (30 percent).
Your $2.00/hour commitment is used to cover approximately 2.9 units of this usage. The remaining 1.1 units are charged at On-Demand rates, resulting in $1.14 of On-Demand charges for r5.
The Fargate m5.24xlarge and Lambda usage are also charged at On-Demand rates, resulting in $55.10 of On-Demand charges. The total On-Demand charges for this usage are $56.24.
Scenario 3: Savings Plans apply to some usage, across products
You purchase a one-year, partial upfront Compute Savings Plan with a $19.60/hour commitment.
Scenario 4: Savings Plans and EC2 reserved instances apply to the usage
Your Savings Plans are first applied to the r5.4xlarge because it has the highest discount percentage (30 percent).
Savings Plans apply to the Fargate usage next because it has the next highest discount percentage (25 percent). Savings Plans apply to memory (GB) before compute (vCPU) because it has the lower Savings Plans rate. The hourly commitment of $19.60 is met, and the remaining usage is charged at On-Demand rates.
The m5.24xlarge and Lambda usage on On-Demand charges are $32.70.
Scenario 4: Savings Plans and EC2 reserved instances apply to the usage
You purchase a one-year, partial upfront Compute Savings Plan with an $18.20/hour commitment. You have two EC2 Reserved Instances (RI) for r5.4xlarge Linux shared tenancy in us-east-1.
First, the RI covers two of the r5.4xlarge instances. Then, the Savings Plans rate is applied to the remaining r5.4xlarge and the Fargate usage, which exhausts the hourly commitment of $18.20.
The m5.24xlarge and Lambda usage On-Demand charges are $32.70.
Scenario 5: Multiple Savings Plans apply to the usage
You purchase a one-year, partial upfront EC2 Instance Family Savings Plan for the r5 family in us-east-1 with a $3.00/hour commitment. You also have a one-year, partial upfront Compute Savings Plan with a
$16.80/hour commitment.
Your EC2 Instance Family Savings Plan (r5, us-east-1) covers all of the r5.4xlarge usage because multiplying the usage by the EC2 Instance Family Savings Plan rate is $2.40. This is less than the $3.00/
hour commitment.
Next, the Compute Savings Plan is applied to the Fargate usage because it has the highest discount percentage (25 percent) of the remaining usage. Savings Plans apply to memory (GB) before compute (vCPU) because memory has the lower Savings Plans rate. The hourly commitment of $16.80 is met, and the remaining usage is charged at On-Demand rates.
The m5.24xlarge and Lambda usage On-Demand charges are $32.70.
For more information, see Understanding Consolidated Bills in the AWS Billing and Cost Management User Guide.
Sample events from Savings Plans
Automating Savings Plans with Amazon EventBridge
EventBridge helps you automate your AWS services and respond automatically to system events such as application availability issues or resource changes. Events from AWS services are delivered to EventBridge in near-real time. Events are emitted on a best-effort basis. Based on the rules you create, EventBridge calls one or more target actions when an event matches the values that you specify in a rule.
The actions that can be automatically triggered include the following:
• Invoking an AWS Lambda function
• Invoking Amazon EC2 Run Command
• Relaying the event to Amazon Kinesis Data Streams
• Activating an AWS Step Functions state machine
• Notifying an Amazon SNS topic or an AWS SMS queue
Some examples of using CloudWatch Events with Savings Plans include:
• Activating a Lambda function when a Savings Plan retires.
• Notifying an Amazon SNS topic when a Savings Plan is marked payment-failed or active.
For more information, see the Amazon CloudWatch Events User Guide.
Sample events from Savings Plans
This section includes example events from Savings Plans. Savings Plans generate two types of events.
State change events that are triggered upon state changes, and state change alerts events that notify an upcoming state change that will occur in one or seven days.
Savings Plans state change event
Savings Plans state changes are generated when a Savings Plan transitions from one state to another.
For example, payment-pending state changes to active, or an active state changes to retired.
{"version": "0",
"id": "999cccaa-eaaa-0000-1111-123456789012",
"detail-type": "Savings Plans State Change", "source": "aws.savingsplans",
"account": "123456789012", "time": "2020-09-16T20:43:05Z",
"region": "us-east-1",
"resources": ["arn:aws:savingsplans::123456789012:savingsplan/07ec53ab-91c3-4ac5-bde6-79fd53192252"],
"detail": {
"severity": "INFO",
"previousState" : "payment-pending"
"currentState": "active",
Savings Plans state change alert event
"message": "PaymentSuccessful"
} }
The state change event contains fields for resources (Savings Plans ARNs), previous state, current state, severity, and message.
Possible values for state change events
previousState currentState severity message
Savings Plans state change alert event
Savings Plans state change alerts are generated when a Savings Plan transitions from the queued state to active, or active to retired in one or seven days. This is a proactive notification to alert you if any Savings Plan is retiring, or a queued state is fulfilled.
{"version": "0",
"id": "999cccaa-eaaa-0000-1111-123456789012",
"detail-type": "Savings Plans State Change Alert", "source": "aws.savingsplans",
"currentState" : "queued"
"nextState": "active", "remainingdays" : "1",
"nextStateChangeDate" : "2020-09-17"
"message": "queued savings plans will go to active state on 2020-09-17"
} }
The state change alert event contains fields for resources (Savings Plans ARNs), current state, next state, remaining days, next state change date, and message.
Savings Plans state change alert event
Possible values for state change alert events
currentState nextState remainingDaysmessage
queued active 1 Queued Savings Plans will go to active
state on YYYY-MM-DD.
queued active 7 Queued Savings Plans will go to active
state on YYYY-MM-DD.
active retired 1 Active Savings Plans will go to retired
state on YYYY-MM-DD.
active retired 7 Active Savings Plans will go to retired
state on YYYY-MM-DD.
Policy structure
Identity and Access Management for Savings Plans
AWS Identity and Access Management (IAM) is an AWS service that helps an administrator securely control access to AWS resources. IAM administrators control who can be authenticated (signed in) and authorized (have permissions) to use AWS resources. IAM enables you to create users and groups under your AWS account. You control the permissions that users have to perform tasks using AWS resources.
You can use IAM for no additional charge.
By default, IAM users don't have permissions for Savings Plans resources and operations. To allow IAM users to manage Savings Plans resources, you must create an IAM policy that explicitly grants them permissions, and attach the policy to the IAM users or groups that require those permissions.
When you attach a policy to a user or group of users, it allows or denies the users permission to perform the specified tasks on the specified resources. For more information, see Policies and Permissions in the IAM User Guide guide.
Policy structure
An IAM policy is a JSON document that consists of one or more statements. Each statement is structured as follows.
{ "Statement":[{
"Effect":"effect", "Action":"action", "Resource":"arn", "Condition":{
There are various elements that make up a statement:
• Effect: The effect can be Allow or Deny. By default, IAM users don't have permission to use resources and API actions, so all requests are denied. An explicit allow overrides the default. An explicit deny overrides any allows.
• Action: The action is the specific API action for which you are granting or denying permission.
• Resource: The resource that's affected by the action. Some Amazon EC2 API actions allow you to include specific resources in your policy that can be created or modified by the action. To specify a resource in the statement, you need to use its Amazon Resource Name (ARN). For more information, see Actions Defined by Savings Plans.
• Condition: Conditions are optional. They can be used to control when your policy is in effect. For more information, see Condition Keys for Savings Plans.
AWS managed policies
AWS managed policies
The managed policies created by AWS grant the required permissions for common use cases. You can attach these policies to your IAM user, based on the access that they need. Each policy grants access to all or some of the API actions for Savings Plans.
The following are the AWS managed polices for Savings Plans:
• AWSSavingsPlansFullAccess–Grants full access to Savings Plans.
• AWSSavingsPlansReadOnlyAccess–Grants read-only access to Savings Plans.
Example policies
In an IAM policy statement, you can specify any API action from any service that supports IAM. For Savings Plans, use the following prefix with the name of the API action: savingsplans:. For example:
• savingsplans:CreateSavingsPlan
• savingsplans:DescribeSavingsPlans
To specify multiple actions in a single statement, separate them with commas as follows:
"Action": ["savingsplans:action1", "savingsplans:action2"]
You can also specify multiple actions using wildcards. For example, you can specify all Savings Plans API actions whose name begins with the word "Describe" as follows:
"Action": "savingsplans:Describe*"
To specify all Savings Plans API actions, use the * wildcard as follows:
"Action": "savingsplans:*"
Savings Plans Information in CloudTrail
Logging Savings Plans API Calls with AWS CloudTrail
AWS Savings Plans is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Savings Plans. CloudTrail captures all API calls for Savings Plans as events. The calls captured include calls from the AWS Management Console and code calls to the Savings Plans API operations. If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Savings Plans. If you don't configure a trail, you can still view the most recent events in the CloudTrail console in Event history. Using the information collected by CloudTrail, you can determine the request that was made to Savings Plans, the IP address from which the request was made, who made the request, when it was made, and additional details.
To learn more about CloudTrail, see the AWS CloudTrail User Guide.
Savings Plans Information in CloudTrail
CloudTrail is enabled on your AWS account when you create the account. When activity occurs in Savings Plans, that activity is recorded in a CloudTrail event along with other AWS service events in Event history. You can view, search, and download recent events in your AWS account. For more information, see Viewing Events with CloudTrail Event History.
For an ongoing record of events in your AWS account, including events for Savings Plans, create a trail.
A trail enables CloudTrail to deliver log files to an Amazon S3 bucket. By default, when you create a trail in the console, the trail applies to all AWS Regions. The trail logs events from all Regions in the AWS partition and delivers the log files to the Amazon S3 bucket that you specify. Additionally, you can configure other AWS services to further analyze and act upon the event data collected in CloudTrail logs.
For more information, see the following:
• Overview for Creating a Trail
• CloudTrail Supported Services and Integrations
• Configuring Amazon SNS Notifications for CloudTrail
• Receiving CloudTrail Log Files from Multiple Regions and Receiving CloudTrail Log Files from Multiple Accounts
All Savings Plans actions are logged by CloudTrail and are documented in the AWS Savings Plans API Reference. For example, calling the CreateSavingsPlan action generates an entry in the CloudTrail logs.
Every event or log entry contains information about who generated the request. The identity information helps you determine the following:
• Whether the request was made with root or AWS Identity and Access Management (IAM) user credentials.
• Whether the request was made with temporary security credentials for a role or federated user.
• Whether the request was made by another AWS service.
For more information, see the CloudTrail userIdentity Element.
Understanding Savings Plans Log File Entries
Understanding Savings Plans Log File Entries
A trail is a configuration that enables delivery of events as log files to an Amazon S3 bucket that you specify. CloudTrail log files contain one or more log entries. An event represents a single request from any source and includes information about the requested action, the date and time of the action, request parameters, and so on. CloudTrail log files aren't an ordered stack trace of the public API calls, so they don't appear in any specific order.
The following is an example CloudTrail log entry for the CreateSavingsPlan action.
{ "eventVersion": "1.05", "userIdentity": {
"type": "AssumedRole",
"principalId": "[principalId]/[userName]",
"arn": "arn:aws:sts::[accountId]:assumed-role/[userName]/", "accountId": "[accountId]",
"accessKeyId": "[accessKeyId]", "sessionContext": {
"eventTime": "2019-10-01T00:00:00Z",
"eventSource": "savingsplans.amazonaws.com", "eventName": "CreateSavingsPlan",
"awsRegion": "us-east-1", "sourceIPAddress": "127.0.0.1", "userAgent": "[userAgent]", "requestParameters": { "commitment": "2.50",
"savingsPlanOfferingId": "[savingsPlanOfferingId]", "clientToken": "[clientToken]",
"tags": {
"tag-key": "tag-value"
} },
"responseElements": {
"savingsPlanId": "[savingsPlanId]"
},
"requestID": "[requestId]", "eventID": "[eventId]", "readOnly": false,
"eventType": "AwsApiCall",
"recipientAccountId": "[accountId]"
}
Document History
The following table describes the releases for this service.
update-history-change update-history-description update-history-date Expanded AWS Fargate Savings
Plans (p. 33) Savings Plans adds support for AWS Fargate usage on both Amazon ECS and Amazon EKS.
August 10, 2020
Lambda service
onboarded (p. 33) Lambda launched as a new service that is eligible for Savings Plans.
February 20, 2020
Initial release (p. 33) This release introduces Savings
Plans. November 6, 2019