FEATURES

111 Detection Rules.
20+ AWS Services. Zero Guesswork.

AWS Trusted Advisor gives you vague warnings. CostPatrol gives you specific findings with dollar amounts, root causes, and remediation steps — built from real-world cost audits across hundreds of AWS accounts.

111 Detection Rules
20+ AWS Services
<3 min Scan Time
How it works

Two engines. Complete coverage.

CostPatrol runs two detection engines in parallel: optimization rules that scan live infrastructure, and anomaly rules that analyze daily cost patterns. Together, they catch waste that either engine would miss alone.

Optimization Engine

Proactive waste detection

Scans your live AWS resources for misconfigurations, idle resources, and oversized infrastructure. Finds savings whether costs are spiking or not.

  • Idle and underutilized resources
  • Previous-generation instance types
  • Storage misconfigurations
  • Missing lifecycle policies
  • Over-provisioned capacity
  • Commitment underutilization
Anomaly Engine

Reactive cost monitoring

Analyzes your cost history to detect spikes, runaway trends, and unusual patterns. Alerts you before a surprise bill lands.

  • Service-level cost spikes
  • Runaway data transfer charges
  • Log ingestion surges
  • Storage growth anomalies
  • Budget breach forecasting
  • Credential compromise signals
Amazon EC2

Compute waste is the #1 source of AWS overspend

EC2 instances are easy to launch and easy to forget. CostPatrol detects idle instances, previous-generation types, oversized allocations, and stopped instances still burning EBS storage costs.

Idle Instance Detection

Identifies instances with near-zero utilization over extended periods — bastion hosts, forgotten dev boxes, and orphaned workers costing you money for nothing.

Generation & Graviton Upgrades

Detects instances running retired families and x86 workloads eligible for Graviton ARM migration. Current-gen ARM delivers 20-40% savings with better performance.

Right-Sizing & Scheduling

Finds instances where sustained low CPU indicates they can be downsized. Also identifies non-production resources that can be shut down off-hours for 65-70% savings.

Spot & Stopped Instance Audit

Stopped instances still incur EBS charges. Autoscaled workloads often run on-demand when Spot would save up to 90%. CostPatrol flags both.

Database Services

Database instances are the most expensive resource to leave idle

CostPatrol covers RDS, Aurora, DynamoDB, DocumentDB, Neptune, MemoryDB, and Keyspaces with dedicated rules for each cost driver — from idle instances to I/O-Optimized eligibility.

Idle Database Detection

Multiple detection paths for RDS, Aurora, and DynamoDB: zero-connection databases, tables with no read/write activity, and unused Global Secondary Indexes.

Capacity & Cluster Optimization

Over-provisioned DynamoDB tables, redundant Aurora readers with no traffic, billing mode mismatches, and RDS read replicas with zero connections.

Storage & Backup Waste

Backup storage overage, storage auto-growth runaway, Standard-IA class opportunities for DynamoDB, missing TTL on time-series tables, and PITR on non-production.

I/O-Optimized & Extended Support

Identifies Aurora, DocumentDB, and Neptune clusters eligible for I/O-Optimized (saves up to 40%). Flags databases entering costly Extended Support windows.

Serverless

Serverless does not mean cost-free

Lambda costs scale with memory allocation and architecture. Step Functions charge per state transition. CostPatrol finds over-provisioned functions, architecture mismatches, and recursive loops.

ARM64 Migration

Identifies functions running on x86 with ARM-compatible runtimes. Graviton2 delivers 20% cost savings with equal or better performance — and migration is a config change.

Memory Right-Sizing

Analyzes CloudWatch metrics to find functions using a fraction of their allocated memory. Recommends optimal sizing with a safety buffer to prevent OOM errors.

Provisioned Concurrency Waste

Detects Lambda functions with provisioned concurrency far exceeding actual invocations. You are paying for idle compute capacity you do not need.

Anomaly Detection anomaly

Duration spikes, invocation surges, recursive loops, and Step Functions transition storms. Catches runaway serverless costs before your bill explodes.

Storage

Storage volumes and buckets are the quietest source of waste

CostPatrol covers EBS, S3, EFS, ECR, snapshots, and AMIs — everything that accumulates cost silently when lifecycle policies are missing.

Volume & Snapshot Optimization

GP2 to GP3 migration, orphaned volumes, over-provisioned IOPS, stale snapshots, snapshot archive opportunities, and orphaned AMIs consuming snapshot storage.

S3 Lifecycle & Tiering

Missing lifecycle policies, version bloat, incomplete multipart uploads, Intelligent-Tiering opportunities, and KMS Bucket Keys for 95-99% encryption cost reduction.

EFS & Container Registry

EFS lifecycle to Infrequent Access (up to 94% savings), over-provisioned throughput, and ECR repositories without lifecycle policies accumulating old images.

Networking

Network costs are the hardest to attribute — and the easiest to waste

NAT Gateways, data transfer, public IPv4, Transit Gateway, VPC endpoints, Route 53, and CloudFront. CostPatrol audits your entire networking cost surface.

NAT Gateway & VPC Endpoints

Idle NAT Gateways costing $32+/month for nothing. High-traffic gateways where free S3/DynamoDB Gateway Endpoints would eliminate data processing charges.

Data Transfer & IPv4

Cross-region and cross-AZ data transfer waste. Public IPv4 audit across EC2, ELB, RDS, and NAT — every address costs $3.60/month since February 2024. Orphaned Elastic IPs.

Infrastructure Sprawl

Idle Transit Gateway attachments, empty Route 53 hosted zones, idle PrivateLink endpoints paying multi-AZ ENI-hours, and CloudFront price class mismatches.

Load Balancer Audit

Unused load balancers with no healthy targets and idle ELB target groups. Each costs $16+/month in fixed charges even with zero traffic.

Containers & Analytics

ECS, EKS, Redshift, OpenSearch, MSK, Kinesis, Glue, EMR

Modern AWS architectures run on containers and managed analytics services. CostPatrol has dedicated rules for each — from EKS extended support fees to Glue DPU oversizing.

Container Optimization

ECS task right-sizing, idle EKS clusters, EKS extended support fee detection ($0.60 vs $0.10/cluster-hour), and over-provisioned ECS services.

Analytics Right-Sizing

Idle Redshift clusters, oversized OpenSearch domains, MSK Graviton migration, Kinesis shard overprovisioning, Glue DPU oversizing, and long-running EMR clusters.

Modernization Opportunities

Redshift DC2/DS2 to RA3/Serverless migration, OpenSearch Reserved Instances, Redshift Serverless reservations, and Timestream retention optimization.

Monitoring, Billing & Governance

The costs you forgot you were paying

CloudWatch log retention, orphaned alarms, untagged resources, RI/Savings Plans utilization gaps, and cost commitment recommendations. CostPatrol surfaces what your AWS console hides.

CloudWatch Optimization

Excessive log retention, orphaned alarms, unfiltered Metric Streams, unused custom metrics, Lambda dual-write logging waste, and VPC Flow Logs over-scoping.

Commitment Optimization

Savings Plans underutilization, Reserved Instance waste, RI/SP purchase recommendations, and Compute Optimizer passthrough for machine-learning-powered right-sizing.

Governance & Security

Untagged resource detection for cost allocation, GuardDuty unused features, Secrets Manager to Parameter Store migration, and detailed EC2 monitoring audit.

Full rule catalog

Every rule at a glance

78 optimization rules and 33 anomaly detection rules across every major AWS service. We add more every day.

Optimization 78 Optimization Rules

Compute

Previous-generation instance types10-30%
Idle EC2 instances100%
Oversized EC2 instances (right-sizing)30-60%
Stopped EC2 with attached storage100%
EC2 Graviton (ARM) migration20-40%
Non-production scheduling (off-hours)65-70%
Spot opportunity for autoscaled computeUp to 90%
EC2 Detailed Monitoring audit$2.10/inst
Orphaned / unused AMIs100%

Serverless

Lambda ARM64 migration20%
Lambda memory right-sizing10-40%
Lambda provisioned concurrency wasteIdle cost
Step Functions Standard vs Express mismatch30%+

Database

Idle RDS instances100%
RDS cluster / instance sprawl70-100%
RDS backup storage overage20-100%
Unused RDS read replicas100%
RDS storage auto-growth runawayPreventive
RDS Multi-AZ on non-production50%
RDS/Aurora I/O-Optimized eligibilityUp to 40%
RDS Extended Support charge exposureAvoidance
Burstable RDS CPU credit overchargesHidden cost
DynamoDB over-provisioned capacity30-70%
DynamoDB on-demand to provisioned20-40%
Unused DynamoDB tables100%
Unused DynamoDB GSIs100%
DynamoDB Standard-IA opportunity40-60%
Missing TTL on time-series dataGrowth prev.
PITR on non-production tables15-20%
ElastiCache idle clusters100%
DocumentDB I/O-Optimized eligibilityUp to 40%
Neptune I/O-Optimized eligibilityUp to 40%
MemoryDB reserved nodes opportunitySignificant
Keyspaces table underutilizationGB-month

Storage

GP2 to GP3 migration20%
Unattached EBS volumes100%
Idle Fast Snapshot Restore100%
GP3 over-provisioned IOPS/throughput10-70%
EBS snapshot archiving opportunity75%
Stale EBS snapshots100%
S3 missing lifecycle rules40-70%
Versioned bucket noncurrent bloat20-80%
Incomplete multipart uploadsVaries
S3 KMS Bucket Keys missing95-99%
S3 Intelligent-Tiering missing40-68%
EFS lifecycle to Infrequent AccessUp to 94%
EFS provisioned throughput underutilizationAdd-on waste
ECR missing lifecycle policyUp to 90%

Network

NAT Gateway optimization50-90%
Orphaned Elastic IPs$3.60/IP
Public IPv4 audit$3.60/IP
Unused Load Balancers100%
Idle / empty ELB target groups100%
Cross-region data transfer30-80%
Transit Gateway idle attachmentsHourly waste
PrivateLink idle endpoint ENI-hoursENI-hour
Route 53 hosted zone sprawl$0.50/zone
CloudFront price class mismatch5-20%

Monitoring & Logging

Excessive log retention50-80%
CloudWatch Logs excessive ingestion driversIngestion
Lambda dual-write logging (CW + APM)100%
Orphaned CloudWatch alarms$0.10/alarm
CloudWatch Metric Streams unfiltered50-70%
CloudWatch custom metrics audit$0.30/metric
VPC Flow Logs over-scoping50-80%

Analytics

Redshift cluster idle runtime50-90%
Redshift DC2/DS2 modernization10-30%
Redshift Serverless ReservationsUp to 24%
OpenSearch idle/oversized domains20-60%
OpenSearch Reserved Instances31-48%
MSK Graviton broker upgrade10-24%
MSK cluster overprovisioning30-70%
Kinesis shard underutilizationShard-hour
Glue job DPU oversizingDPU-hour
EMR idle/long-running clustersCluster-hour
Timestream memory store retentionGB-hour

Billing & Commitments

Reserved Instance gaps30-40%
Savings Plans gaps20-30%
Savings Plans underutilization wasteCommitment
Reserved Instance utilization wasteCommitment
RI purchase recommendationsUp to 75%
SP purchase recommendationsUp to 72%
Compute Optimizer passthroughDouble-digit

Containers

Idle EKS clusters100%
EKS extended support fee avoidance~$365/mo
ECS service right-sizing20-50%

Governance & Security

Untagged resource detectionVisibility
GuardDuty unused optional featuresVaries
Secrets Manager to Parameter Store$0.40/secret
SageMaker idle notebooks100%

Anomaly 33 Anomaly Detection Rules

Cost Intelligence

Service-level daily spend spikespike
Region-level daily spend spikespike
Linked-Account daily spend spikespike
Tag / Cost-Category spend spikespike
Forecasted budget breachthreshold

Compute & Serverless

Idle EC2 Instance (cost pattern)idle
Lambda duration spikespike
Lambda invocation spikespike
Lambda recursive loop / runawayspike
Auto Scaling runaway / denial of walletspike
Over-provisioned ECS tasksoversized
Step Functions transition stormspike

Storage & Database

S3 storage growth spikespike
EBS snapshot storage cost spiketrend
RDS storage growthtrend
Idle RDS Instance (cost pattern)idle
DynamoDB on-demand cost spikespike
Timestream memory store bytes spikespike
Keyspaces storage growthtrend

Network & Logging

CloudWatch Logs ingestion spikespike
CloudWatch custom metrics growthtrend
NAT Gateway data processing spikespike
Cross-AZ data transfer growthdata transfer
Internet data transfer spikespike
Public IPv4 cost spikespike

Analytics & AI

Bedrock / GenAI token cost spikespike
API Gateway request cost spikespike
Redshift cost spikespike
OpenSearch cost spikespike
Kinesis shard count surgespike
Glue DPU-hour spikespike
EMR cluster hours spikespike
EKS control plane cost tier shiftstep-change
WorkSpaces usage spikespike

Security

Credential compromise compute spikespike

See how much you're overspending — free.

111 rules and growing. Free scan shows your total savings. Upgrade to Pro for full resource details, fix commands, and Slack alerts.

Scan my account free