Nobody at your startup owns AWS costs. I will.

Compute Analyzer

Analyzes every EC2, ECS, EKS, and Lambda resource. Flags over-provisioned instances, previous-gen types (m4, c4), missing Graviton4 migration, dev/test running 24/7, and Spot opportunities. Includes Compute Optimizer cross-reference.

Database Analyzer

Reviews RDS, Aurora, DynamoDB, ElastiCache, OpenSearch, and Redshift. Catches idle Multi-AZ, RDS Extended Support surcharges on EOL engines (PostgreSQL 11/12, MySQL 5.7), DynamoDB provisioned vs on-demand mismatch, and unused GSIs.

Storage Analyzer

Audits S3 lifecycle policies, versioning without expiry rules, incomplete multipart uploads, gp2→gp3 EBS migration (20% cheaper), orphaned snapshots, ECR image over-retention, and FSx file systems that are often forgotten.

Network Analyzer

Traces where money flows through the network: NAT Gateway vs VPC endpoints for S3/ECR/CloudWatch, inter-AZ data transfer ($0.01/GB each direction), CloudFront cache hit ratios, idle load balancers, and Transit Gateway attachment costs.

Serverless Optimizer

Goes beyond basic Lambda sizing: finds REST APIs that should be HTTP APIs (3.5× cheaper), Step Functions Standard workflows that should be Express (1000× cheaper per transition), over-provisioned concurrency, and high-error-rate functions amplifying cost via retries.

Pricing Advisor

Analyses commitment coverage and timing. Recommends Compute Savings Plans for EC2+Fargate+Lambda, RIs for RDS/ElastiCache/OpenSearch, Spot for fault-tolerant workloads, and flags expiring commitments within 30/60/90 days. Always optimize first, commit later.

Security Services

Identifies GuardDuty enabled in unused regions, redundant Security Hub standards, unused WAF ACLs, and Secrets Manager secrets that could move to SSM Parameter Store (90% cheaper). Also flags security gaps with cost-to-fix estimates.

Observability Analyzer

CloudWatch logs are often a silent budget drain at $0.50/GB ingested. Finds log groups with no retention policy (infinite growth), orphaned log groups from deleted resources, Container Insights metric explosion, and over-sampled X-Ray traces.

Architecture Review

Principal-architect-level review of the full infrastructure. Identifies structural anti-patterns (lift-and-shift residue, microservice sprawl, wrong service for the job), single points of failure, missing IaC, and produces a target architecture with estimated post-optimization cost.

Tagging Auditor

Calculates tagging compliance score across all resources. Flags untagged high-cost resources, inconsistent tag values (prod/production/PROD), and the most common FinOps gap: tags applied in AWS but not activated in the Billing console - a 5-minute fix that unlocks Cost Explorer attribution.

Cross-Service Optimizer

Finds waste invisible to single-service analyzers: ECS tasks pulling ECR images through NAT instead of VPC endpoints, CloudWatch Logs costs split across 20 services adding up to more than any single line item, and consolidation opportunities like multiple ALBs → one with host-based routing.