The other day, a friend of mine was complaining that every month, their AWS bill is landing like a small novel: hundreds of line items, multiple accounts, and no clear picture of why costs changed.
Manually digging through the Cost Explorer, various EC2 dashboards, Route 53 pages etc. was slow and very error-prone.
So, I started thinking, what it takes to build a modular AWS Cost Audit script to collect and summarize cost and usage data automatically. That experiment grew into a reusable FinOps toolkit for cloud teams, which is lightweight, transparent, and CI/CD-friendly.
🧭 The Cost Problem in AWS
AWS gives incredible flexibility — but that also makes it easy to overspend. Idle EC2 instances, forgotten EBS volumes, over-provisioned RDS databases, and cross-region data transfers quietly add up. Even with native tools like Cost Explorer and AWS Budgets, many teams struggle to:
- Continuously monitor all resources across accounts
- Correlate costs with resource usage
- Identify optimization opportunities fast enough
Cloud waste isn’t just a finance problem — it’s an engineering visibility shortfall.
💡 Enter AWS Cost Audit
AWS Cost Audit is a lightweight, automation-ready toolkit that helps you take control of your AWS spend — without complex dashboards or heavy FinOps platforms.
It bridges the gap between AWS billing data and actionable cost insights, complements FinOps principles by enabling shared visibility and data-driven decisions.
It helps teams to:
- Shift from reactive cost reviews to proactive optimization
- Democratize cloud spending data — not just finance’s job
- Build a culture of accountability across DevOps, engineering, and product
This isn’t about policing cost — it’s about empowering smarter usage.
⚙️ What It Does
- Audits AWS environment for unused or idle resources
- Summarizes spend by service, region, and tag
- Highlights cost anomalies and trends
- Generates clear, CLI-based reports for visibility or CI integration
- Helps teams adopt FinOps practices without adding overhead
🚀 Key Advantages
| Benefits | Helps with... |
|---|---|
| Immediate cost visibility | Understanding what’s costing you the most |
| Zero external dependencies | Works via CLI, with minimal setup |
| Multi-account awareness | Analyze organization-wide cost patterns |
| Automation-friendly | Integrate into CI/CD or cron jobs for continuous insights |
| FinOps-ready insights | Perfect for monthly cost reviews or reporting |
📊 What this Script Collects
| AWS Service | Data Collected | Why It Matters |
|---|---|---|
| EC2 | Instances + 7-day CPU avg | Find underutilized compute |
| RDS | DB list + Multi-AZ flag | Detect over-redundant DBs |
| EBS | Volumes + size | Spot unattached/idle disks |
| S3 | Bucket inventory + metrics | Track object-store sprawl |
| Route 53 | Zones, records, cost | Simplify redundant DNS |
| Elastic IP | Allocation + attachment state | Catch idle IPs billed hourly |
| Tags | Key/value compliance | Attribute spend correctly |
| Compute Optimizer | Enrollment state | Enable rightsizing insights |
All collectors talk directly to AWS CLI and write JSON into a timestamped output directory.
🧱 Prerequisites
- Bash 4+, macOS or Linux
-
AWS CLI v2 configured (aws configure), with read permissions for:
-
ce:*,ec2:*,rds:*,eks:*,route53:*,s3:*,tag:GetResources
-
jq,wc,tar,date(GNU or BSD)Optional (colors):
tput
⚡ Getting Started
AWS Cost Audit is simple to try out — no dependencies, just a single script; can be done in one of these two ways.
1️⃣ Easy installation using cURL:
curl -sSL https://raw.githubusercontent.com/dsantanu/aws-cost-audit/main/aws-cost-audit.sh -o aws-cost-audit.sh
bash aws-cost-audit.sh -h
2️⃣ Or, if you prefer git clone:
git clone https://github.com/dsantanu/aws-cost-audit.git
cd aws-cost-audit
bash aws-cost-audit.sh -h
Git Repo: AWS Cost Audit
🧩 CLI Options
Usage: aws-cost-audit.sh [options]
General options:
-p, --profile <name> AWS CLI profile (default: default)
-d, --dest <dir> Output directory
default: ./<acc-id>-outdir-YYYY-MM-DD
-o, --out <file> Output tar.gz filename
default: <acc-id>-aws-cost-audit-YYYYMMDD.tgz
-r, --report Only run the report generator (skip collectors)
-h, --help Show this help message
Selective collectors:
--all Run all collectors (default)
--dns Route 53 (zones/records/cost)
--ec2 EC2 inventory + CPU metrics
--eip Elastic IPs (addresses + cost)
--eks EKs + NodeGroups
--rds RDS inventory
--cost Cost Explorer summaries
--tags Resource tags
--network EKS + networking resources
--storage EBS + S3
--optimizer Compute Optimizer enrollment check
Example:
aws-cost-audit.sh -p prod -d outputs --ec2 --dns
🧪 Usage Examples
# Run full audit
bash aws-cost-audit.sh [--all]
# Use diffrent AWS profile
bash aws-cost-audit.sh -p <my-other-profile>
# Report-only mode on existing data
bash aws-cost-audit.sh -r
# Generate results to diffrent location
bash aws-cost-audit.sh -d /tmp/aca-outputs-2025-11-06
# Focus on DNS + EIPs only
bash aws-cost-audit.sh --dns --eip
🧾 Summary Report
Here’s what AWS Cost Audit produces at the end of each run — a quick summary highlighting your top cost drivers:
📈 Top 5 Services Breakdown
Behind the scenes, this summary is generated from AWS Cost Explorer data using the ce:GetCostAndUsage API.
It aggregates the last 30 days of spend, grouped by AWS service and account (if using AWS Organizations). The logic is straightforward:
- Pull spend data by service.
- Sort by descending cost.
- Display the top 5 contributors to your total AWS bill.
This helps teams instantly see where their money is going — without logging into the console or building reports manually.
💰 Turning Data Into FinOps Insight
| Insight | Example |
|---|---|
| Rightsizing | Identify EC2/RDS instances with low CPU or IOPS usage. |
| Idle cleanup | Find unattached EBS volumes or EIPs incurring hourly cost. |
| DNS optimization | Consolidate individual A-records via ALB aliases. |
| Tag hygiene | Detect untagged resources blocking cost allocation. |
This bridges the gap between raw AWS data and actionable FinOps decisions — without external tools.
🧮 Why It Matters for FinOps
- Visibility – instant service-level cost breakdowns.
- Repeatability – same data set every run; perfect for monthly reviews.
- Actionability – directly links metrics to optimization opportunities.
- Autonomy – no third-party SaaS dependency or hidden API costs.
Integrate it into CI/CD or cron, and you have a continuous cloud-cost observability loop.
🏁 Conclusion
Cloud cost optimization doesn’t have to be complicated — it just needs visibility.
Automating cost visibility with AWS Cost Audit, teams can see where money is going, act quickly, and embed FinOps thinking into everyday operations.
With a few hundred lines of well-structured Bash and the AWS CLI, we now produce clear, auditable reports every run — no spreadsheets, no guesswork.
If your team wrestles with growing AWS costs, start small, automate what you can, and evolve like we did. Transparency is the first step to optimization.
🪜 What’s Next
In the next episode, we’ll explore how to take the generated audit reports and transform them into a beautifully formatted Microsoft Word report — ready for FinOps review meetings and executive summaries.
Top comments (0)