Angga.
← Back to all posts
devopsawsopen-sourcego

Building cloudsweep: finding AWS waste from the terminal

An open-source Go CLI that scans an AWS account for idle and orphaned resources and estimates the monthly cost — the Trusted Advisor checks you shouldn't need a Support plan for. Here's the origin story.

· 6 min read

The itch

Every AWS account I've touched has the same quiet leak: an unattached EBS volume nobody deleted, an Elastic IP sitting idle, a NAT gateway with no traffic, snapshots from a machine that's long gone. None of it screams. It just shows up on the bill.

The tools that catch this are either locked away — AWS Trusted Advisor's full cost checks need a paid Support plan — or they're broad dashboards you have to host and babysit. I wanted the opposite: a single command I could point at an account and get a ranked list of waste, in dollars, in seconds. That became cloudsweep.

What it does

cloudsweep scan --profile prod

It scans for the unambiguous stuff first — the waste you can act on without a meeting:

  • Unattached EBS volumes
  • Unassociated Elastic IPs
  • Orphaned EBS snapshots (old, and not referenced by any AMI)
  • Stopped EC2 instances still billing for their volumes
  • Idle NAT gateways
  • Underused load balancers

…then prints each finding with an estimated monthly cost and a fix command. Output is a table by default, or JSON for CI.

The design decisions

A few choices mattered more than the code:

  • Read-only, always. It uses describe/list calls only, ships with a least-privilege IAM policy, and the fix output only ever *prints* the commands — it never deletes anything. Trust before automation.
  • High-confidence checks first. v1 only flags waste that's hard to argue with (a volume attached to nothing is wasted, full stop). Judgment-call checks — rightsizing, idle RDS, S3 lifecycle — are deferred so the first run is trustworthy, not noisy. A scanner that cries wolf gets uninstalled.
  • Estimates, labelled as estimates. Pricing comes from a small embedded table (region-approximate, on-demand). Good enough to prioritize; honest about being approximate. The AWS Pricing API is a v2 accuracy upgrade.
  • Go, single binary. go install and you're done — no runtime, no dashboard to host. It's the lingua franca of cloud CLIs for a reason.

What's next

v1 is the wedge: inventory the waste. From here — more checks (RDS, rightsizing, S3 lifecycle), real Pricing-API numbers, a GitHub Action wrapper so it runs in CI, and continuous multi-account monitoring. It's open source and MIT-licensed: github.com/angga-22/cloudsweep.

Enjoyed this? More posts coming weekly — see the full archive.