Slash Your AWS Costs with CloudOn AWS FinOps Guardian: The Ultimate Guide

Whether you’re running a small development environment or managing a large-scale AWS setup, keeping costs in check can be a constant challenge. Idle EC2 instances, unattached EBS volumes, abandoned load balancers — these forgotten resources can silently rack up monthly bills.

In this post, discover how Cloudon AWS FinOps Guardian helps you:

• Identify wasteful resources across multiple AWS regions
• Automatically shut down or remove them
• Integrate safety measures so critical workloads stay protected

Let’s explore how you can slash your AWS bill with a serverless, open-source solution that fits seamlessly into your workflow.

The Problem: Runaway Cloud Costs

Over time, AWS environments accumulate “resource clutter” such as:

• Development instances running after hours
• Unattached EBS volumes left behind when instances are terminated
• Empty load balancers from outdated services
• Idle RDS instances in non-production environments
• Unused Kinesis streams and OpenSearch domains

Each one continues to bill you until manually deleted. Hand cleaning is risky, slow, and prone to errors. In busy or large teams, resource sprawl becomes nearly impossible to track.

Automation is the key to keeping your AWS environment lean and cost-effective.

The Solution: Cloudon AWS FinOps Guardian

Our open-source project provides an all-in-one, serverless application to locate and remove orphaned resources automatically. Running as an AWS Lambda function on a schedule, it examines your resources across different AWS regions and proactively cleans them up.

Highlights at a Glance

1. Multi-Resource Support

• EC2: Stop running instances and disable unneeded detailed monitoring
• Elastic IPs: Release any unassociated addresses
• EBS Volumes: Remove unattached volumes
• Load Balancers: Clean up idle, empty ones
• RDS: Stop or remove non-production instances and clusters
• EKS: Scale node groups to zero when not in use
• Kinesis, MSK, OpenSearch: Delete unused streams, clusters, and domains

2. Fail-Safe Features

• Dry Run Mode: Test the entire cleanup logic before actual deletion
• Tag Protection: Tag critical resources you want to keep
• Spot Instance & EKS Volume Preservation: Prevent accidental terminations
• Special Handling for Critical Services: Granular control on high-impact resources

3. Efficient & Intelligent

• Concurrent Execution: Speeds up multi-region cleanups
• Comprehensive Error Handling & Logging: Easy troubleshooting
• Detailed Reporting: Know exactly which resources got cleaned or skipped

4. Built-In Notifications

• SES Email Alerts: Get cleanup reports in your inbox
• Status Summaries:
  • Successfully deleted resources
  • Skipped or protected resources
  • Any failures or errors

Under the Hood: How It Works

Developed in Python, the solution leverages:

• Lambda as the engine for cleanup logic
• CloudWatch Events for automatic scheduling
• SES for sending out email notifications
• IAM Roles to securely access AWS services and resources

Configuring Your Setup

• CHECK_ALL_REGIONS: Toggle between scanning all AWS regions or a select few
• KEEP_TAG_KEY: Specify the tag key/value pairs to preserve specific resources
• DRY_RUN: Enable or disable simulation mode
• EMAIL_IDENTITY / TO_ADDRESS: Set up verified SES email addresses for alerts
• Multi-Region: Tweak settings to clean up resources across whichever regions matter to you

How to Deploy

1. Clone the Repository

git clone https://github.com/cloudon-one/FinOps-Guardian.git
cd aws-finops

2. Configure Variables (terraform.tfvars)

function_name     = "aws-resource-cleanup"
check_all_regions = false
keep_tag_key      = { "auto-deletion" = "skip-resource" }
dry_run           = true
email_identity    = "your-email@domain.com"
to_address        = "notifications@domain.com"
event_cron        = "cron(0 20 * * ? *)" # 8 PM GMT

3. Deploy with Terraform

terraform init
terraform plan
terraform apply

Best Practices

1. Start Safe

• Use dry_run = true to watch the cleanup process without risking necessary resources
• Run in a non-production environment first
• Review your initial cleanup reports to validate the results

2. Tag Wisely

• Maintain a consistent tagging strategy
• Use descriptive tags for critical systems (e.g., auto-deletion=skip-resource)
• Regularly audit which resources are protected

3. Stay Proactive

• Keep an eye on your CloudWatch Logs for errors or anomalies
• Promptly address any email notifications
• Re-verify your SES email configuration periodically
• Refine and update your tagging as business needs evolve

Ready to Slash Your AWS Bill?

Cloudon AWS FinOps Guardian is a robust plug-and-play solution that enforces good cloud hygiene. By removing or pausing unused resources, you can save significantly on monthly AWS costs — without the risk of deleting vital infrastructure.

The project is open-source under the MIT License, and we welcome any contributions or feedback.

Check out our GitHub repo for the code, documentation, and the latest updates.

Pro Tip: Always start in dry-run mode and thoroughly test in a safe environment before rolling out to production.

Level up your AWS cost optimization and let automation do the heavy lifting.

Get started with the Cloudon AWS FinOps Guardian today!