Skip to content

radiusmethod/aws-cost

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
CLAUDE.md
CLAUDE.md
 
 
README.md
README.md
 
 
common.sh
common.sh
 
 
cost-analysis.sh
cost-analysis.sh
 
 
savings-check.sh
savings-check.sh
 
 

Repository files navigation

AWS Cost Analysis

Two zero-config shell scripts that report your AWS spend and find waste — across one account or an entire AWS Organization.

Use it with Claude Code (easiest)

  1. Clone the repo and cd into it.
  2. Make sure you're logged in to AWS: aws sso login (SSO) or aws configure (static keys).
  3. Open Claude Code in the repo and say one of:
    • analyze my AWS costs
    • find AWS savings opportunities
    • quickly scan for AWS waste

Claude reads CLAUDE.md, picks the right script, and runs it. No need to pre-populate account IDs or profile names — the scripts discover everything from your AWS credentials at runtime.

Use it manually

# Monthly cost breakdown
bash cost-analysis.sh

# Find waste across all accounts and regions (thorough, ~5–10 min)
bash savings-check.sh

# Faster scan — default region per account, no CloudWatch metric lookups
bash savings-check.sh --region-default --skip-cloudwatch

# Specific profile / single region
bash cost-analysis.sh --profile my-payer
bash savings-check.sh --profile my-payer --region us-east-1

Prerequisites

Tool Install
AWS CLI v2 brew install awscli / download
jq brew install jq / apt install jq
bc usually preinstalled; otherwise brew install bc
bash 4+ macOS users: brew install bash (system bash is 3.2)

You need at least one configured AWS profile with valid credentials. To check: aws sts get-caller-identity.

What the scripts do

cost-analysis.sh

  • Monthly cost per linked account (last 3 months by default)
  • Top 5 services per account
  • Month-over-month change indicators

savings-check.sh — per-account, per-region scans for:

  • Unattached EBS volumes, gp2 volumes (gp3 upgrade savings)
  • Stopped EC2 instances (still paying for EBS/EIP)
  • Unused Elastic IPs
  • Snapshots and AMIs older than 90 days
  • Idle NAT Gateways (no traffic in 14 days)
  • Idle load balancers (no targets)
  • CloudWatch log groups with no retention policy
  • Lambda functions with zero invocations in 90 days

Plus Cost Explorer recommendations: cost spikes, EC2 rightsizing, Savings Plans, Reserved Instance coverage gaps.

Account discovery

If your profile is an AWS Organizations payer, the scripts call aws organizations list-accounts to find every linked account, then match each one to a local profile in ~/.aws/config. If you're not in an Organization, the scripts just report on the current account.

Required IAM permissions

Read-only across:

  • organizations:ListAccounts
  • ce:GetCostAndUsage, ce:GetRightsizingRecommendation, ce:GetSavingsPlansPurchaseRecommendation, ce:GetReservationCoverage
  • ec2:Describe*
  • cloudwatch:GetMetricStatistics
  • lambda:ListFunctions
  • logs:DescribeLogGroups
  • elasticloadbalancing:Describe*
  • account:ListRegions
  • sts:GetCallerIdentity

Troubleshooting

Symptom Fix
Credentials invalid or expired aws sso login --profile <name>
Cost Explorer returns empty Enable it once in the AWS Billing console (24h delay before first data)
savings-check.sh is slow Add --region-default --skip-cloudwatch
"Not an Organizations payer" but you expected linked accounts Make sure you ran with the payer profile, not a member account
GovCloud payer Not supported — Organizations runs in commercial only. GovCloud accounts work as members.

Notes

  • Cost numbers use UnblendedCost for accurate per-account attribution.
  • Waste estimates assume us-east-1 commercial pricing; GovCloud/China vary 10–25%.
  • Scripts are read-only; they make no changes to your AWS resources.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages