DEV Community

Vikas Tripathi
Vikas Tripathi

Posted on

I built a free API to find AWS cost waste — here's how it works

#devops #python #aws #cloud

Every AWS bill has waste in it. The problem is finding it.

I got tired of manually checking for idle EC2 instances,
forgotten EBS volumes, and unused Elastic IPs across multiple
regions. So I built an API that does it automatically.

What It Does

You pass read-only AWS credentials. It scans your account
and returns real findings with dollar estimates:

{
  "summary": {
    "waste_score": 45,
    "total_findings": 3,
    "estimated_monthly_savings_usd": 124.50
  },
  "findings": [
    {
      "type": "unattached_ebs",
      "resource_id": "vol-0abc1234",
      "size_gb": 100,
      "age_days": 45,
      "estimated_monthly_savings": 10.00,
      "recommendation": "100GB gp2 volume unattached for 45 days. Delete if not needed."
    },
    {
      "type": "idle_ec2",
      "resource_id": "i-0abc1234",
      "instance_type": "t3.medium",
      "avg_cpu_14d": 1.2,
      "estimated_monthly_savings": 30.37,
      "recommendation": "Instance averaged 1.2% CPU over 14 days. Consider stopping."
    }
  ]
}
Enter fullscreen mode Exit fullscreen mode

Not generic advice. Actual resource IDs and dollar amounts.

What Gets Scanned

  • Idle EC2 instances — running but under 5% CPU for 14+ days
  • Unattached EBS volumes — created but not attached to anything
  • Unused Elastic IPs — allocated but not associated
  • Old snapshots — older than 90 days

How To Use It

Step 1: Create a read-only IAM user

Attach this policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeVolumes",
        "ec2:DescribeAddresses",
        "ec2:DescribeSnapshots",
        "cloudwatch:GetMetricStatistics",
        "sts:GetCallerIdentity"
      ],
      "Resource": "*"
    }
  ]
}
Enter fullscreen mode Exit fullscreen mode

Step 2: Call the API 

import requests

url = "https://cloud-waste-detector1.p.rapidapi.com/scan"

headers = {
    "x-rapidapi-key": "YOUR_RAPIDAPI_KEY",
    "x-rapidapi-host": "cloud-waste-detector1.p.rapidapi.com",
    "Content-Type": "application/json"
}

payload = {
    "aws_access_key": "YOUR_READ_ONLY_KEY",
    "aws_secret_key": "YOUR_READ_ONLY_SECRET",
    "region": "us-east-1"
}

response = requests.post(url, headers=headers, json=payload)
result = response.json()

print(f"Waste Score: {result['summary']['waste_score']}/100")
print(f"Potential savings: ${result['summary']['estimated_monthly_savings_usd']}/month")

for finding in result['findings']:
    print(f"- {finding['type']}: save ${finding['estimated_monthly_savings']}/month")
Enter fullscreen mode Exit fullscreen mode

Step 3: Automate it

Run it weekly via cron, add it to your CI/CD pipeline,
or hook it to Slack alerts.

Security

Credentials are used only for the scan duration.
Never stored, never logged.

Always use a read-only IAM user — never your root account.

Try It Free

Free tier available — 50 scans/month, no credit card needed.

https://rapidapi.com/quimztech-solutions-baselayer-quimztech-solutions-baselayer-default/api/cloud-waste-detector1

Would love feedback — what other AWS resources should I scan next?

Top comments (0)