There are multiple PrivateLink stacks (VPC Endpoint and NLB) currently running in various AWS accounts that appear to be unused. Since even unused VPC Endpoint and NLBs are billed by the hour, terminating these stacks presents a cost-saving opportunity.
We have listed all PrivateLink stacks which contain VPC Endpoint and NLB in all accounts in our organization for all VPC Endpoint that supposed to connect to VPC Endpoint Services and all VPC Endpoint Services that supposed to connect to NLBs, and we filtered the data to find unused VPC Endpoint and NLB matching the following criteria:
Here is the list of Unused NLB + PrivateLink, If one or more resources listed there belong to your product domain, check if you actually need them running and shut them down if you don’t. Once you’ve checked and terminated unused resources please update the Status column in the spreadsheet.
By terminating all listed resources, we can save around $2,405 per month.
Please mind that, there's a potential issue while deleting the PrivateLink stack especially for NLB, you will get the possibility of you can't delete the NLB due to ResourceInUse even there's no VPC Endpoint Services attached to the NLB, this situation potentially because PrivateLink service configures NLB during Endpoint Service creation, and in certain situations, during a failed addition or removal of an NLB from an Endpoint Service, the configuration of that NLB may not return to an expected state that may cause a user to be unable to remove these resources, we already raise a ticket for AWS for this issue and still waiting for their actionable item.
At least from our side, we can potentially resolve this issue by deleting the stack correctly in the order below:
1. Disassociate NLB from Endpoint Service (you can find which Endpoint Services attached to NLB by looking at NLB detail and go to "Integrated Services" tab)
2. Remove Endpoint Connection from Endpoint Service (you can find which Endpoint Service attached to the NLB by looking at the NLB detail and go to "Integrated Services" tab)
3. Remove VPC Endpoint (you can find which VPC Endpoint attached to the service by looking at the Endpoint Service detail and go to "Endpoint Connections" tab)
4. Remove Endpoint Service (make sure there's no NLB attached to the Endpoint Service by looking at the "Network Load Balancers" tab)
5. Remove NLB (make sure there are no Endpoint Service attached in this NLB by looking at "Integrated Services" tab)
If your PrivateLink is part of the Terraform stack you’re not currently using, delete the unused resources using terraform destroy command.
VPC Endpoint
Network Load Balancer
VPC Endpoint
aws \
ec2 \
delete-vpc-endpoints \
--vpc-endpoint-ids {{id of your vpc endpoint}}
Network Load Balancer
aws \
elb \
delete-load-balancer \
--load-balancer-name {{name of your load balancer}}