BUILT FOR DEVOPS

AWS Cost Optimization Built for DevOps Engineers

You own the infrastructure. You deploy the services. You get paged when things break. But when the AWS bill spikes, you are the last to know. CostPatrol changes that. Actionable savings delivered straight to Slack, with the exact CLI commands to fix them.

Start your free scan
The problem

DevOps owns the infra but gets no cost visibility

Finance sends a spreadsheet

You get a monthly cost report that is already three weeks old. No resource IDs. No region breakdown. No way to act on it. By the time you see the spike, the damage is done.

Dashboards require context-switching

Cost Explorer, Trusted Advisor, third-party dashboards. They all require you to leave your terminal, log into yet another tool, and manually correlate data. That is not how DevOps engineers work.

Nobody tells you what to fix

You know you are overspending. But which EC2 instances are idle? Which EBS volumes are unattached? Which Lambda functions are over-provisioned? Without specific resource IDs and metrics, cost optimization is guesswork.

Tools want write access

Most optimization tools ask for broad permissions or want to auto-remediate. In production, that is a non-starter. You need visibility, not a tool that modifies your infrastructure without your approval.

How CostPatrol works

Slack alerts with CLI commands, not dashboards

CostPatrol scans your AWS account daily, identifies waste, and delivers findings to Slack with the exact commands you need to fix each issue.

01

Daily automated scan

CostPatrol reads your AWS resources using a read-only IAM role. It checks EC2, Lambda, EBS, RDS, S3, DynamoDB, NAT Gateways, CloudWatch Logs, and more against 30+ optimization rules.

02

Findings posted to Slack

Each finding includes the resource ID, region, current cost, estimated savings, and a severity rating. No dashboard login required. You see it in the channel where your team already works.

03

Copy-paste fix commands

Every finding includes the exact AWS CLI command to remediate the issue. Copy it, review it, run it when you are ready. CostPatrol never makes changes on your behalf.

Real examples

What CostPatrol finds in your account

These are actual finding types from CostPatrol scans, complete with rule IDs and the CLI commands delivered in each alert.

EC2-O1 Idle EC2 instance ~$73/mo

Instance i-0a1b2c3d4e5f in us-east-1 averaged 2.1% CPU over 14 days. No meaningful network traffic. Running m5.xlarge on-demand.

aws ec2 stop-instances --instance-ids i-0a1b2c3d4e5f --region us-east-1
LAM-O1 Over-provisioned Lambda ~$42/mo

Function api-handler-prod allocated 1024 MB but peaks at 184 MB. Running on x86_64 when ARM64 (Graviton) would cut cost by an additional 20%.

aws lambda update-function-configuration --function-name api-handler-prod --memory-size 256 --architectures arm64
EBS-O1 Unattached EBS volume ~$24/mo

Volume vol-0f1e2d3c4b5a is a 300 GB gp3 in eu-west-1, unattached for 31 days. Snapshot it and delete the volume to stop paying for idle storage.

aws ec2 create-snapshot --volume-id vol-0f1e2d3c4b5a --description "Backup before delete" && aws ec2 delete-volume --volume-id vol-0f1e2d3c4b5a
CWL-O1 CloudWatch Logs without retention ~$118/mo

Log group /aws/lambda/data-processor has no retention policy set. 847 GB of logs stored indefinitely at $0.03/GB/month.

aws logs put-retention-policy --log-group-name /aws/lambda/data-processor --retention-in-days 30
NAT-O1 NAT Gateway with VPC Endpoint alternative ~$210/mo

NAT Gateway nat-0a1b2c3d processing 4.2 TB/month to S3 and DynamoDB. VPC Endpoints for these services are free and eliminate data processing charges.

aws ec2 create-vpc-endpoint --vpc-id vpc-12345 --service-name com.amazonaws.us-east-1.s3 --route-table-ids rtb-12345
Security-first

Read-only by design. No write access, no risk.

CostPatrol connects via a CloudFormation-deployed IAM role with zero write permissions. We observe and report. We never modify your infrastructure.

Read-only IAM role

Only Describe, Get, and List API actions. No Create, Modify, Delete, or Put permissions. You can audit every permission in the CloudFormation template before deploying.

Short-lived credentials

1-hour STS session tokens only. No long-term access keys stored anywhere. External ID prevents confused deputy attacks. Your security team can verify the entire trust chain.

You execute the fixes

CostPatrol gives you the command. You decide whether to run it, when to run it, and in which maintenance window. Full control stays with your team. Always.

No agents or sidecars

Nothing deployed inside your VPC. No Lambda functions in your account. No EC2 instances. Just a cross-account IAM role with read-only access, the same pattern AWS uses for its own services.

See every permission we request
Setup

2-minute setup. No agents. No sidecars.

Connect your AWS account in three steps. Your first scan results appear in Slack within minutes.

01

Deploy the CloudFormation template

One click in the AWS Console. Creates a read-only IAM role with an external ID unique to your account. Takes under 2 minutes. No parameters to configure.

02

Connect Slack

Authorize the CostPatrol Slack app and choose a channel. Your team picks where findings land. Engineering channel, dedicated cost channel, or DMs to the on-call engineer.

03

Get your first findings

CostPatrol runs the initial scan immediately. Within minutes, your Slack channel has prioritized findings with dollar amounts and fix commands. Daily scans run automatically from there.

Pricing

$99/mo flat. No per-resource billing.

One price. Unlimited scans. Unlimited resources. No surprise charges based on how many EC2 instances or Lambda functions you run.

$99/month
  • Daily automated scans across all supported services
  • 30+ optimization rules (EC2, Lambda, EBS, RDS, S3, DynamoDB, NAT, CloudWatch)
  • Slack integration with CLI fix commands
  • Unlimited resources scanned
  • Read-only IAM role, no write access
  • Anomaly detection with configurable thresholds
Start your free scan
FAQ

Frequently asked questions

Does CostPatrol modify any resources in my account?

No. CostPatrol uses a read-only IAM role with only Describe, Get, and List permissions. It cannot create, modify, or delete any resources. You execute the recommended CLI commands yourself, on your own schedule.

What AWS services does CostPatrol scan?

EC2, Lambda, EBS, RDS, S3, DynamoDB, NAT Gateways, CloudWatch Logs, ECS, ElastiCache, SageMaker, and Elastic Load Balancers. New rules are added regularly based on where customers are overspending.

Can I use CostPatrol with multiple AWS accounts?

Yes. Deploy the CloudFormation template in each account. Each account gets its own read-only IAM role. Findings from all accounts are delivered to the Slack channels you choose.

How is this different from AWS Trusted Advisor?

Trusted Advisor gives generic recommendations without resource-specific CLI commands. CostPatrol delivers actionable findings to Slack with exact fix commands, dollar-amount savings estimates, and daily monitoring. See our detailed comparison.

What if I only want findings above a certain dollar threshold?

CostPatrol supports configurable thresholds. You can set minimum savings amounts so your team only sees findings worth acting on. No noise from $0.50/month findings cluttering your Slack channel.

Is there a free plan?

Yes. Accounts with AWS spend under $5K/month are free forever — weekly scans, total savings summary, and Slack weekly digest included. No credit card required. Upgrade to Pro ($99/month) for full resource details, fix commands, and daily scans.

See what CostPatrol finds in your AWS account

Free scan. Read-only access. Actionable fix commands in Slack within minutes.

Start your free scan