What are common causes of CPUUtilization going high in Amazon EC2?

Runaway process — a background job, cron task, or zombie process consumes CPU indefinitely without completing Missing database index — a slow query forces the application to do CPU-intensive table scans rather than index lookups Sudden traffic spike — application receives a volume of requests beyond its designed capacity, all of which require CPU-bound processing CPU credit exhaustion on T-series instances — burstable instance runs above baseline for too long, exhausts credits, and gets throttled to baseline rate Cryptographic operations under load — TLS termination, password hashing, or encryption operations consume more CPU than expected at scale

CloudWatch Metric Guide

AWS/EC2/CPUUtilizationPercent

CPUUtilizationAmazon EC2 CloudWatch metric

Q: What is the recommended CloudWatch alarm threshold for CPUUtilization?

Recommended threshold: > 80% for 15 consecutive minutes. A 15-minute sustained evaluation period (ConvOps recommendation) avoids alarming on brief CPU spikes caused by deployment, scheduled tasks, or garbage collection. For T-series burstable instances, add a separate alarm on CPUCreditBalance < 10 to catch credit exhaustion before the hard throttle takes effect. The 80% threshold balances alarm sensitivity against false positive rate for general workloads.

Q: Which CloudWatch namespace does CPUUtilization belong to?

CPUUtilization is published in the AWS/EC2 CloudWatch namespace, with a unit of Percent. See AWS documentation: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/viewing_metrics_with_cloudwatch.html

CPUUtilization measures the percentage of allocated EC2 compute units (vCPUs) that are in use on the instance, as reported by the hypervisor.

Audit your AWS for free Learn about ConvOps Watch

What it measures

About CPUUtilization

CPUUtilization measures the percentage of allocated EC2 compute units (vCPUs) that are in use on the instance, as reported by the hypervisor.

Namespace	AWS/EC2
Metric name	CPUUtilization
Unit	Percent
AWS docs	Official Amazon EC2 metrics reference

Why this metric matters

EC2 CPUUtilization is the most commonly monitored metric and the most commonly misconfigured alarm. The problem isn't knowing that high CPU is bad — it's knowing the difference between a legitimate utilization plateau and a runaway process. An instance running at 75% CPU doing useful work is healthy; an instance at 75% CPU because a cron job is stuck in an infinite loop is not.

For T3 and T3a instance families (burstable instances), CPU credits add a layer of complexity. The instance can burst above its baseline rate using accumulated credits. When credits are exhausted, CPU is hard-throttled to the baseline — an instance might drop from 80% to 20% effective CPU capacity instantly, causing severe application latency degradation without the CPUUtilization metric showing an obvious anomaly.

Recommended alarm threshold for CPUUtilization

Recommended threshold

> 80% for 15 consecutive minutes

A 15-minute sustained evaluation period (ConvOps recommendation) avoids alarming on brief CPU spikes caused by deployment, scheduled tasks, or garbage collection. For T-series burstable instances, add a separate alarm on CPUCreditBalance < 10 to catch credit exhaustion before the hard throttle takes effect. The 80% threshold balances alarm sensitivity against false positive rate for general workloads.

Is your CPUUtilization alarm already set up correctly?

The free ConvOps Audit scans your CloudWatch setup and flags missing or misconfigured alarms — including CPUUtilization — in 5 minutes.

Run a free audit →

Common failures that show up in CPUUtilization

When CPUUtilization reaches an alarm threshold, these are the most common root causes — in order of how often ConvOps sees them across customer AWS accounts.

Runaway process — a background job, cron task, or zombie process consumes CPU indefinitely without completing
Missing database index — a slow query forces the application to do CPU-intensive table scans rather than index lookups
Sudden traffic spike — application receives a volume of requests beyond its designed capacity, all of which require CPU-bound processing
CPU credit exhaustion on T-series instances — burstable instance runs above baseline for too long, exhausts credits, and gets throttled to baseline rate
Cryptographic operations under load — TLS termination, password hashing, or encryption operations consume more CPU than expected at scale

How ConvOps debugs CPUUtilization alarms

When CPUUtilization triggers an alarm, ConvOps Diagnose reads CloudWatch Logs, CloudTrail (recent API calls, deploys, config changes), and the current resource state in parallel. It correlates these with AWS/EC2 metrics on the same resource — giving you a plain-English root cause with numbered fix options, sent to WhatsApp or Slack, usually within 60 seconds of the alarm firing.

Before any anomaly in CPUUtilization reaches you as a proactive alert (via ConvOps Watch), it passes through 9 verification checks: a Recovery check (did the metric self-heal?), an AWS Status check (is AWS itself having an incident?), a Deploy check (was there a recent Lambda update, ECS deploy, or RDS parameter change in the last 120 minutes?), a Quota check, an Infrastructure check, a Security check, a Flap check (has this metric been anomalous more than 5 times in the last 24 hours?), a TLS check, and a Vulnerability check. Only anomalies that pass all relevant checks reach you — with full context attached.

ConvOps Watch

Detects CPUUtilization anomalies with z-score against 30-day time-bucketed baselines. 9 verification checks before any alert.

ConvOps Diagnose

When a CPUUtilization alarm fires, reads logs, CloudTrail, and resource state. Sends root cause + fix options to WhatsApp or Slack.

ConvOps Audit

Scans your CloudWatch setup for missing or misconfigured CPUUtilization alarms. Free, 5-minute read-only scan.

See how ConvOps debugs your AWS →

Related Amazon EC2 metrics

CPUUtilization rarely fails in isolation. These metrics tend to correlate — monitor them together for complete Amazon EC2 coverage.

NetworkIn NetworkOut StatusCheckFailed

FAQ

Frequently asked questions about CPUUtilization

Common questions about setting up CloudWatch alarms for CPUUtilization in Amazon EC2.

What is the recommended CloudWatch alarm threshold for CPUUtilization?+

> 80% for 15 consecutive minutes. A 15-minute sustained evaluation period (ConvOps recommendation) avoids alarming on brief CPU spikes caused by deployment, scheduled tasks, or garbage collection. For T-series burstable instances, add a separate alarm on CPUCreditBalance < 10 to catch credit exhaustion before the hard throttle takes effect. The 80% threshold balances alarm sensitivity against false positive rate for general workloads.

Which CloudWatch namespace does CPUUtilization belong to?+

CPUUtilization is published in the AWS/EC2 namespace with a unit of Percent. You can find it in the CloudWatch console under "Metrics" → "AWS/EC2". See the Amazon EC2 CloudWatch metrics reference in the AWS documentation.

Does ConvOps automatically create CloudWatch alarms for CPUUtilization?+

ConvOps does not create alarms for you by default — it debugs the alarms you already have (or identifies missing ones). The free ConvOps Audit scans your CloudWatch setup and tells you which Amazon EC2 resources are missing a CPUUtilization alarm. ConvOps Watch then monitors CPUUtilization using z-score anomaly detection against a 30-day baseline, running 9 verification checks before alerting you.

Can I use ConvOps without already having a CPUUtilization alarm set up?+

Yes. ConvOps Watch monitors CPUUtilization independently of your CloudWatch alarm configuration — it reads the metric directly from CloudWatch every 5 minutes on the Growth plan. If you run the free Audit first, it will tell you which resources need a CPUUtilization alarm and provide the copy-paste AWS CLI command to create it.