FEATURES

Find $1,300+/Mo of AWS Waste
Without a FinOps Team.

CostPatrol audits your AWS accounts the way an experienced FinOps engineer would. Real dollar amounts. Specific resources. Copy-paste fix commands. Read-only access, results in under three minutes.

$1,300 Found in 90 sec on a real audit
123 Detection rules across 20+ services
<3 min Scan time, read-only access
Real audits. Real numbers.

What CostPatrol has actually found.

Every link below is a write-up of an audit we ran. Account size, finding, fix command, and the dollar amount are all there.

$6,496/mo
RDS cluster sprawl across 4 regions
Aurora replicas, idle clusters, oversized instances
$1,300/mo
Mid-size SaaS, 90-second audit
Aurora I/O, NAT, CloudWatch, EC2
$1,168/mo
DynamoDB on-demand misuse
Tables that should be provisioned, missing TTL
$1,112/mo
7-region multi-account sweep
NAT, Aurora, CloudWatch, EC2 right-sizing
$520/mo
Aurora I/O-Optimized eligibility
Single-cluster billing-mode switch
$284/mo
Single-region small account
Unattached EBS, idle RDS, orphaned EIPs
Trust posture

What you actually share with us.

Read-only metadata, encrypted in transit and at rest, processed in eu-west-1. We cannot create, modify, or delete anything in your account. Full IAM policy is on the security page.

Read-only IAM
CloudFormation-deployed role. Describe, Get, List only. Zero write permissions.
eu-west-1 only
Your data never leaves Ireland. Customer choice of region available on Business and Enterprise.
GDPR DPA
Data Processing Agreement available on request. We process infrastructure metadata, not personal data.
SOC 2 Type II
Audit in progress, targeted within 12 months. Architecture and IAM documentation available now.
Encryption
TLS 1.2+ in transit. AES-256 at rest. KMS-managed keys for sensitive metadata.
No long-term creds
1-hour STS session tokens. External ID per tenant prevents confused deputy attacks.
How it works

Two engines. Complete coverage.

CostPatrol runs two detection engines in parallel: optimization rules that scan live infrastructure, and anomaly rules that analyze daily cost patterns. Together, they catch waste that either engine would miss alone.

Optimization Engine

Proactive waste detection

Scans your live AWS resources for misconfigurations, idle resources, and oversized infrastructure. Finds savings whether costs are spiking or not.

  • Idle and underutilized resources
  • Previous-generation instance types
  • Storage misconfigurations
  • Missing lifecycle policies
  • Over-provisioned capacity
  • Commitment underutilization
Anomaly Engine

Reactive cost monitoring

Analyzes your cost history to detect spikes, runaway trends, and unusual patterns. Alerts you before a surprise bill lands.

  • Service-level cost spikes
  • Runaway data transfer charges
  • Log ingestion surges
  • Storage growth anomalies
  • Budget breach forecasting
  • Credential compromise signals
Amazon EC2

Compute waste is the #1 source of AWS overspend

EC2 instances are easy to launch and easy to forget. CostPatrol detects idle instances, previous-generation types, oversized allocations, and stopped instances still burning EBS storage costs.

We find idle instances, previous-generation types eligible for Graviton ARM migration, oversized allocations needing right-sizing, and stopped instances still burning EBS storage. Off-hours scheduling on non-prod alone saves 65 to 70 percent. Spot opportunities for autoscaled compute can hit 90 percent.

Typical compute spend reduction. 30 to 60 percent.

Database Services

Database instances are the most expensive resource to leave idle

CostPatrol covers RDS, Aurora, DynamoDB, DocumentDB, Neptune, MemoryDB, and Keyspaces with dedicated rules for each cost driver — from idle instances to I/O-Optimized eligibility.

We cover RDS, Aurora, DynamoDB, DocumentDB, Neptune, MemoryDB, ElastiCache, and Keyspaces. We catch idle clusters, redundant Aurora readers, oversized DynamoDB capacity, missing TTL on time-series tables, I/O-Optimized eligibility, Extended Support fee exposure, and Multi-AZ on non-production. We have rules that found $6,496 per month on a single audit.

Typical database spend reduction. 20 to 40 percent. Often more on Aurora and DynamoDB.

Serverless

Serverless does not mean cost-free

Lambda costs scale with memory allocation and architecture. Step Functions charge per state transition. CostPatrol finds over-provisioned functions, architecture mismatches, and recursive loops.

We catch x86 Lambdas ready for Graviton ARM (20 percent saved on a config change), over-allocated memory, idle provisioned concurrency, recursive loops, and Step Functions Standard versus Express misuse (30 percent or more). The anomaly engine separately catches duration spikes, invocation surges, and runaway transition storms before they hit your bill.

Typical serverless spend reduction. 20 to 40 percent.

Storage

Storage volumes and buckets are the quietest source of waste

CostPatrol covers EBS, S3, EFS, ECR, snapshots, and AMIs — everything that accumulates cost silently when lifecycle policies are missing.

We cover EBS, S3, EFS, ECR, snapshots, and AMIs. We catch missing lifecycle policies, S3 version bloat, GP2 volumes that should be GP3, stale snapshots eligible for archive, Intelligent-Tiering opportunities, and EFS migration to Infrequent Access (up to 94 percent). KMS Bucket Keys alone cut S3 encryption cost 95 to 99 percent.

Typical storage spend reduction. 40 to 70 percent.

Networking

Network costs are the hardest to attribute — and the easiest to waste

NAT Gateways, data transfer, public IPv4, Transit Gateway, VPC endpoints, Route 53, and CloudFront. CostPatrol audits your entire networking cost surface.

We audit NAT Gateways, data transfer, public IPv4, Transit Gateway, VPC endpoints, Route 53, and CloudFront. One idle NAT Gateway costs $32 per month doing nothing. We catch missing S3 and DynamoDB Gateway Endpoints, orphaned Elastic IPs at $3.60 each, idle Transit Gateway attachments, idle PrivateLink endpoints, unused load balancers at $16 per month, and CloudFront price-class mismatches.

Typical network spend reduction. 30 to 80 percent. Often more if a single NAT is misconfigured.

Containers & Analytics

ECS, EKS, Redshift, OpenSearch, MSK, Kinesis, Glue, EMR

Modern AWS architectures run on containers and managed analytics services. CostPatrol has dedicated rules for each — from EKS extended support fees to Glue DPU oversizing.

We cover ECS, EKS, Redshift, OpenSearch, MSK, Kinesis, Glue, EMR, and Timestream. We catch oversized ECS tasks, idle EKS clusters, EKS Extended Support fees ($0.60 vs $0.10 per cluster-hour, around $365 per month), DC2 and DS2 Redshift waiting on RA3 modernization, oversized Kinesis shards, and Glue DPU oversizing.

Typical managed-services spend reduction. 20 to 50 percent.

Monitoring, Billing & Governance

The costs you forgot you were paying

CloudWatch log retention, orphaned alarms, untagged resources, RI/Savings Plans utilization gaps, and cost commitment recommendations. CostPatrol surfaces what your AWS console hides.

We catch excessive CloudWatch log retention, orphaned alarms, unused custom metrics, Lambda dual-write logging waste, VPC Flow Logs over-scoping, Savings Plans utilization gaps, Reserved Instance waste, and untagged resources blocking cost allocation. Plus the visibility you need to attribute the rest.

Typical CloudWatch and observability spend reduction. 50 to 80 percent.

Why CostPatrol exists

Built by an engineer who kept finding the same waste in every account.

I'm Mohamed Shehabeldin. I built CostPatrol after running cost audits across dozens of AWS accounts and seeing the same patterns: idle Aurora replicas, x86 Lambdas one config flag away from 20 percent ARM savings, NAT Gateways routing 4 TB through DataProcessing because a free Gateway Endpoint was missing.

The existing options were either AWS Trusted Advisor (vague suggestions, no resource IDs, no fix commands) or enterprise FinOps platforms that cost more than what they save on a $25K/month account. Nothing in between.

CostPatrol is what I wanted: 123 deterministic rules built from real waste patterns, every finding backed by CloudWatch data, every fix command copy-paste runnable. No AI guesswork. No black box. Read-only access. Results in three minutes.

More on the about page. Reach me directly at [email protected].

Full rule catalog

Every rule at a glance

78 optimization rules and 33 anomaly detection rules across every major AWS service. We add more every day.

Optimization 78 Optimization Rules

Compute

Previous-generation instance types10-30%
Idle EC2 instances100%
Oversized EC2 instances (right-sizing)30-60%
Stopped EC2 with attached storage100%
EC2 Graviton (ARM) migration20-40%
Non-production scheduling (off-hours)65-70%
Spot opportunity for autoscaled computeUp to 90%
EC2 Detailed Monitoring audit$2.10/inst
Orphaned / unused AMIs100%

Serverless

Lambda ARM64 migration20%
Lambda memory right-sizing10-40%
Lambda provisioned concurrency wasteIdle cost
Step Functions Standard vs Express mismatch30%+

Database

Idle RDS instances100%
RDS cluster / instance sprawl70-100%
RDS backup storage overage20-100%
Unused RDS read replicas100%
RDS storage auto-growth runawayPreventive
RDS Multi-AZ on non-production50%
RDS/Aurora I/O-Optimized eligibilityUp to 40%
RDS Extended Support charge exposureAvoidance
Burstable RDS CPU credit overchargesHidden cost
DynamoDB over-provisioned capacity30-70%
DynamoDB on-demand to provisioned20-40%
Unused DynamoDB tables100%
Unused DynamoDB GSIs100%
DynamoDB Standard-IA opportunity40-60%
Missing TTL on time-series dataGrowth prev.
PITR on non-production tables15-20%
ElastiCache idle clusters100%
DocumentDB I/O-Optimized eligibilityUp to 40%
Neptune I/O-Optimized eligibilityUp to 40%
MemoryDB reserved nodes opportunitySignificant
Keyspaces table underutilizationGB-month

Storage

GP2 to GP3 migration20%
Unattached EBS volumes100%
Idle Fast Snapshot Restore100%
GP3 over-provisioned IOPS/throughput10-70%
EBS snapshot archiving opportunity75%
Stale EBS snapshots100%
S3 missing lifecycle rules40-70%
Versioned bucket noncurrent bloat20-80%
Incomplete multipart uploadsVaries
S3 KMS Bucket Keys missing95-99%
S3 Intelligent-Tiering missing40-68%
EFS lifecycle to Infrequent AccessUp to 94%
EFS provisioned throughput underutilizationAdd-on waste
ECR missing lifecycle policyUp to 90%

Network

NAT Gateway optimization50-90%
Orphaned Elastic IPs$3.60/IP
Public IPv4 audit$3.60/IP
Unused Load Balancers100%
Idle / empty ELB target groups100%
Cross-region data transfer30-80%
Transit Gateway idle attachmentsHourly waste
PrivateLink idle endpoint ENI-hoursENI-hour
Route 53 hosted zone sprawl$0.50/zone
CloudFront price class mismatch5-20%

Monitoring & Logging

Excessive log retention50-80%
CloudWatch Logs excessive ingestion driversIngestion
Lambda dual-write logging (CW + APM)100%
Orphaned CloudWatch alarms$0.10/alarm
CloudWatch Metric Streams unfiltered50-70%
CloudWatch custom metrics audit$0.30/metric
VPC Flow Logs over-scoping50-80%

Analytics

Redshift cluster idle runtime50-90%
Redshift DC2/DS2 modernization10-30%
Redshift Serverless ReservationsUp to 24%
OpenSearch idle/oversized domains20-60%
OpenSearch Reserved Instances31-48%
MSK Graviton broker upgrade10-24%
MSK cluster overprovisioning30-70%
Kinesis shard underutilizationShard-hour
Glue job DPU oversizingDPU-hour
EMR idle/long-running clustersCluster-hour
Timestream memory store retentionGB-hour

Billing & Commitments

Reserved Instance gaps30-40%
Savings Plans gaps20-30%
Savings Plans underutilization wasteCommitment
Reserved Instance utilization wasteCommitment
RI purchase recommendationsUp to 75%
SP purchase recommendationsUp to 72%
Compute Optimizer passthroughDouble-digit

Containers

Idle EKS clusters100%
EKS extended support fee avoidance~$365/mo
ECS service right-sizing20-50%

Governance & Security

Untagged resource detectionVisibility
GuardDuty unused optional featuresVaries
Secrets Manager to Parameter Store$0.40/secret
SageMaker idle notebooks100%

Anomaly 33 Anomaly Detection Rules

Cost Intelligence

Service-level daily spend spikespike
Region-level daily spend spikespike
Linked-Account daily spend spikespike
Tag / Cost-Category spend spikespike
Forecasted budget breachthreshold

Compute & Serverless

Idle EC2 Instance (cost pattern)idle
Lambda duration spikespike
Lambda invocation spikespike
Lambda recursive loop / runawayspike
Auto Scaling runaway / denial of walletspike
Over-provisioned ECS tasksoversized
Step Functions transition stormspike

Storage & Database

S3 storage growth spikespike
EBS snapshot storage cost spiketrend
RDS storage growthtrend
Idle RDS Instance (cost pattern)idle
DynamoDB on-demand cost spikespike
Timestream memory store bytes spikespike
Keyspaces storage growthtrend

Network & Logging

CloudWatch Logs ingestion spikespike
CloudWatch custom metrics growthtrend
NAT Gateway data processing spikespike
Cross-AZ data transfer growthdata transfer
Internet data transfer spikespike
Public IPv4 cost spikespike

Analytics & AI

Bedrock / GenAI token cost spikespike
API Gateway request cost spikespike
Redshift cost spikespike
OpenSearch cost spikespike
Kinesis shard count surgespike
Glue DPU-hour spikespike
EMR cluster hours spikespike
EKS control plane cost tier shiftstep-change
WorkSpaces usage spikespike

Security

Credential compromise compute spikespike

See your number in three minutes.

Free scan reveals your top finding with the exact fix command. Pro unlocks every resource ID, fix command, and the daily Slack digest.

Run a free scan