Fixing AWS Config Cost Pitfall When Using EKS Fargate Cron Jobs

If you are running multiple EKS Fargate cron jobs and AWS Config is enabled, be mindful of the AWS Config cost incurred because of these Jobs.

Let’s say a cron job is scheduled to run every 5 minutes. Means 12*24*30.25=approx 8700 invocations per month
Now every time a pod is started, a new network interface is created for that pod. This means changes happened at VPC, subnet and security group level.
AWS config is recording all these changes and per change recorded cost us .003. So total AWS config cost:
8700*3*.003=78 USD

Similar config changes will be recorded when pod is terminated. So if you are running multiple cron jobs, config cost can shoot up quickly.

To mitigate this cost, you can exclude AWS::EC2::VPC, AWS::EC2::SecurityGroup and AWS::EC2::Subnet resource type from Config monitoring. You may refer to https://aws.amazon.com/about-aws/whats-new/2023/06/aws-config-recording-exclusions-resource-type/ for details.

If you don’t want to use resource type exclustion method, then refer to https://aws.amazon.com/about-aws/whats-new/2023/11/aws-config-periodic-recording/ and change the monitoring type for AWS::EC2::VPC, AWS::EC2::SecurityGroup and AWS::EC2::Subnet from CONTINUOUS to PERIODIC so that you record configuration items for changes once per day.

Now instead of recording 8700 configuration changes per month, you now record only 30 changes.