AWS Unused Resources Report ๐Ÿ’ธ

Account: 123456789012 (Mock Data)

Generated: 2025-01-22 12:45:00 UTC

Scanned Assets: 434



Top 10 AWS Services by Cost

Service Name Cost
Amazon EC2 $4,200.12
Amazon RDS $3,100.89
Amazon EMR $2,750.33
Amazon S3 $1,500.32
AWS Lambda $1,450.17
Amazon ElastiCache $1,375.24
Amazon DynamoDB $990.55
Amazon SNS $915.77
AWS Key Management Service $312.05
Amazon Route53 $380.99

Potential Savings Summary

Category Potential Monthly Savings ($) Potential Annual Savings ($) Percentage of Potential Annual Savings Over Current Annual Bill
S3 Storage Optimizations $1,123.45 $13,481.40 3.20%
Unused Route 53 Zones: 2 $58.66 $703.92 0.18%
Old Snapshots: 2 $525.32 $6,303.84 1.20%
Unused Secrets: 9 $154.73 $1,856.76 0.70%
VPC Endpoints: 5 $929.11 $11,149.32 2.90%
Log Groups without Expiration: 39 $137.88 $1,654.56 0.40%
Total Potential Savings $2,929.15 $35,149.80 207.05%

S3 Storage Optimization: 5 Buckets

Potential Monthly Savings: $1,123.45 | Potential Annual Savings: $13,481.40

Bucket Name Total Objects Objects that can be Moved to STANDARD_IA STANDARD_IA Savings ($) Objects that can be Moved to GLACIER GLACIER Savings ($) Total Savings ($)
mock-bucket-analytics 58,000 20,000 $320.50 10,000 $190.10 $510.60
mock-bucket-internal-backups 34,500 15,000 $250.10 5,000 $75.40 $325.50
mock-bucket-dev-logs 5,200 4,900 $145.62 0 $0.00 $145.62
mock-bucket-invoices 2,100 2,100 $98.20 0 $0.00 $98.20
mock-bucket-upload-temp 1,750 1,750 $43.53 0 $0.00 $43.53

Unused Route 53 Zones: 2

Potential Monthly Savings: $58.66 | Potential Annual Savings: $703.92

Resource ID Current Type Region Creation Date Monthly Savings Annual Savings CLI Command
dev.mock.example.com Route 53 Zone Global 2024-03-10 $29.33 $351.96 
aws route53 delete-hosted-zone --id ZABCDE12345
unused.mock.io Route 53 Zone Global 2023-07-01 $29.33 $351.96 
aws route53 delete-hosted-zone --id ZFAKE67890

Recommendations:

1. Use Alias records with AWS services (ELB, CloudFront, S3) to reduce Route53 query fees.

2. Use Route53 Traffic Flow for advanced routing capabilities, avoiding unnecessary DNS queries.

3. Monitor DNS query logs to quickly detect misconfigurations or unused records.


Old Snapshots: 2

Potential Monthly Savings: $525.32 | Potential Annual Savings: $6,303.84

Resource ID Size Region Creation Date Monthly Savings Annual Savings CLI Command
snap-0fake111aa111bb2 450 GB eu-west-3 2024-02-25 $275.14 $3,301.68 
aws ec2 delete-snapshot --snapshot-id snap-0fake111aa111bb2 --region eu-west-3
snap-0fake222cc333dd4 390 GB ap-southeast-2 2024-06-10 $250.18 $3,002.16 
aws ec2 delete-snapshot --snapshot-id snap-0fake222cc333dd4 --region ap-southeast-2

Recommendations:

1. Implement snapshot lifecycle policies to automatically remove old snapshots.

2. Use incremental snapshots to store only changed blocks, reducing total storage.

3. Share or copy snapshots across accounts when needed, avoiding duplicates.


Unused Secrets: 9

Potential Monthly Savings: $154.73 | Potential Annual Savings: $1,856.76

Resource ID Last Used Region Creation Date Monthly Savings Annual Savings CLI Command
migration_secret 365 days ago us-east-1 2024-01-01 $11.05 $132.60 
aws secretsmanager delete-secret --secret-id migration_secret --region us-east-1
app_test_config 250 days ago us-west-2 2024-02-10 $11.05 $132.60 
aws secretsmanager delete-secret --secret-id app_test_config --region us-west-2
old_mailgun_api 180 days ago us-east-2 2024-06-24 $11.05 $132.60 
aws secretsmanager delete-secret --secret-id old_mailgun_api --region us-east-2
test_secret1 150 days ago us-west-1 2024-08-10 $11.05 $132.60 
aws secretsmanager delete-secret --secret-id test_secret1 --region us-west-1
test_secret2 150 days ago us-west-1 2024-08-10 $11.05 $132.60 
aws secretsmanager delete-secret --secret-id test_secret2 --region us-west-1
unused_oauth_key 120 days ago eu-north-1 2024-04-18 $11.05 $132.60 
aws secretsmanager delete-secret --secret-id unused_oauth_key --region eu-north-1
legacy_webhook_secret 210 days ago us-east-1 2024-03-20 $11.05 $132.60 
aws secretsmanager delete-secret --secret-id legacy_webhook_secret --region us-east-1
old_stripe_key 250 days ago us-west-2 2024-02-10 $11.05 $132.60 
aws secretsmanager delete-secret --secret-id old_stripe_key --region us-west-2
unused_sms_api 340 days ago us-east-2 2023-10-10 $11.05 $132.60 
aws secretsmanager delete-secret --secret-id unused_sms_api --region us-east-2

Recommendations:

1. Regularly rotate secrets to limit exposure of older credentials.

2. Use AWS Secrets Manager to automate rotation and track usage.

3. Apply least-privilege so only minimal roles or services can view or rotate secrets.


VPC Endpoints: 5

Potential Monthly Savings: $929.11 | Potential Annual Savings: $11,149.32

Resource ID Current Type Region Creation Date Monthly Savings Annual Savings CLI Command
vpce-0fake111e4d8a222 VPC Endpoint us-east-1 2024-07-05 $190.00 $2,280.00 
aws ec2 delete-vpc-endpoint --vpc-endpoint-ids vpce-0fake111e4d8a222 --region us-east-1
vpce-0fake222ab777333 VPC Endpoint us-west-2 2024-09-12 $185.22 $2,222.64 
aws ec2 delete-vpc-endpoint --vpc-endpoint-ids vpce-0fake222ab777333 --region us-west-2
vpce-0fake333xy444999 VPC Endpoint eu-west-3 2023-12-01 $180.00 $2,160.00 
aws ec2 delete-vpc-endpoint --vpc-endpoint-ids vpce-0fake333xy444999 --region eu-west-3
vpce-0fake444kk111abc VPC Endpoint us-east-2 2024-01-20 $185.89 $2,230.68 
aws ec2 delete-vpc-endpoint --vpc-endpoint-ids vpce-0fake444kk111abc --region us-east-2
vpce-0fake555zz888ccc VPC Endpoint ap-southeast-2 2024-10-15 $188.00 $2,256.00 
aws ec2 delete-vpc-endpoint --vpc-endpoint-ids vpce-0fake555zz888ccc --region ap-southeast-2

Recommendations:

1. Restrict access to these VPC Endpoints using specific IAM policies to avoid unwanted traffic.

2. Monitor data transfer charges and remove endpoints when not needed.

3. Use PrivateLink to keep traffic within the AWS network, potentially lowering costs.


Log Groups without Expiration: 39

Potential Monthly Savings: $137.88 | Potential Annual Savings: $1,654.56

Resource ID Size Region Creation Date Monthly Savings Annual Savings CLI Command
/aws/lambda/mock-func-1 12.40 GB us-east-2 2024-03-30 $40.00 $480.00 
aws logs delete-log-group --log-group-name /aws/lambda/mock-func-1 --region us-east-2
/aws/lambda/mock-func-2 5.70 GB ap-southeast-2 2024-01-09 $18.40 $220.80 
aws logs delete-log-group --log-group-name /aws/lambda/mock-func-2 --region ap-southeast-2
/aws/codebuild/mock-project-a 8.40 GB us-east-1 2024-04-10 $28.78 $345.36 
aws logs delete-log-group --log-group-name /aws/codebuild/mock-project-a --region us-east-1
/aws/codebuild/mock-project-b 3.20 GB eu-west-3 2024-02-09 $10.70 $128.40 
aws logs delete-log-group --log-group-name /aws/codebuild/mock-project-b --region eu-west-3
/aws/apigateway/mock-api-prod 2.90 GB us-west-1 2024-05-20 $10.00 $120.00 
aws logs delete-log-group --log-group-name /aws/apigateway/mock-api-prod --region us-west-1

Recommendations:

1. Configure log retention so that older data is automatically removed or archived.

2. Archive older logs to lower-cost storage like S3 Glacier Deep Archive.

3. Compress or batch logs to reduce total storage before final archiving.


Inactive IAM Users: 5

Resource ID Last Used Current Type Creation Date CLI Command
alice Never used IAM User 2024-09-01 
aws iam delete-user --user-name alice
bob Last used 120 days ago IAM User 2024-06-15 
aws iam delete-user --user-name bob
charlie Never used IAM User 2024-03-01 
aws iam delete-user --user-name charlie
๐Ÿ‘‘ devadmin Last used 300 days ago IAM User 2024-02-10 
aws iam delete-user --user-name devadmin
tester Never used IAM User 2024-06-20 
aws iam delete-user --user-name tester

Note: The crown emoji (๐Ÿ‘‘) indicates that the IAM Role or User has the capability to escalate their privileges.

Recommendations:

1. Favor IAM roles over IAM users wherever possible.

2. Use least-privilege to reduce the chance of unauthorized actions.

3. Periodically audit IAM users, deleting those who are inactive.


Inactive IAM Roles: 44

Resource ID Last Used Creation Date CLI Command
lz-dummy-vpc-role Never used 2024-01-10 
aws iam delete-role --role-name lz-dummy-vpc-role
๐Ÿ‘‘ admin-controltower-role Never used 2023-11-01 
aws iam delete-role --role-name admin-controltower-role
old-codebuild-service-role No recent usage 2024-01-09 
aws iam delete-role --role-name old-codebuild-service-role
mock-proxy-role Never used 2024-02-07 
aws iam delete-role --role-name mock-proxy-role
unused-service-role Never used 2024-05-09 
aws iam delete-role --role-name unused-service-role

Note: The crown emoji (๐Ÿ‘‘) indicates that the IAM Role or User has the capability to escalate their privileges.

Recommendations:

1. Only grant the minimum privileges necessary when creating IAM roles.

2. Regularly audit roles and remove those no longer in use.

3. Rotate role credentials periodically to improve security posture.


Generated with ๐Ÿงก by unusd.cloud, a product of zoph.io.

Connect with us:

ยฉ 2025 zoph.io. All rights reserved.