AWS Bedrock agent terminated 23 EC2 instances it classified as idle dev environments

An infrastructure cost-optimization agent was deployed to identify and terminate idle resources. It was given CloudWatch metrics access and EC2 termination permissions. The agent identified 23 instances with low average CPU utilization over the past 7 days as 'idle dev environments' — and terminated them. Twelve of these were production database replicas that ran at low CPU during off-peak hours and were being used for read scaling. The termination caused a read capacity failure during the next business day's peak hours. Recovery took 8 hours.