CleanCloud – 20 rules to find what's costing you money in AWS and Azure

Most cloud cost tools require write access, send data to SaaS platforms, and generate reports no one acts on.

CleanCloud is different: read-only, runs in your environment, and enforces hygiene as a CI/CD gate.

AWS Rules (10): - Unattached EBS Volumes - Old EBS Snapshots (90+ days) - Infinite Retention CloudWatch Logs - Unattached Elastic IPs (30+ days) - Detached Network Interfaces (60+ days) - Untagged Resources (EBS, S3, Log Groups) - Old AMIs (180+ days) - Idle NAT Gateways (~$32/mo each) - Idle RDS Instances (zero connections 14+ days) - Idle Load Balancers (zero traffic 14+ days)

Azure Rules (10): - Unattached Managed Disks - Old Snapshots - Unused Public IPs - Empty Load Balancers - Empty Application Gateways - Empty App Service Plans - Idle VNet Gateways - Stopped (Not Deallocated) VMs — still incurring full compute charges - Idle SQL Databases (zero connections 14+ days) - Untagged Resources

Every finding includes: - Confidence level (HIGH / MEDIUM) - Evidence and signals used - Resource details and age

Enforce in CI/CD: cleancloud scan --provider aws --all-regions --fail-on-confidence HIGH Exit 0 = pass. Exit 2 = policy violation. - No write access. - No telemetry. - No SaaS.

"pip install cleancloud" and run your first scan in 5 minutes.

GitHub: https://github.com/cleancloud-io/cleancloud

If you’re one of the 200+ users who have downloaded CleanCloud, we’d love to hear what you found. Please open an issue at https://github.com/cleancloud-io/cleancloud or leave a comment below.