Show HN: CleanCloud – 20 rules to find what's costing you money in AWS and Azure

CleanCloud is different: read-only, runs in your environment, and enforces hygiene as a CI/CD gate.

AWS Rules (10):

- Unattached EBS Volumes

- Old EBS Snapshots (90+ days)

- Infinite Retention CloudWatch Logs

- Unattached Elastic IPs (30+ days)

- Detached Network Interfaces (60+ days)

- Untagged Resources (EBS, S3, Log Groups)

- Old AMIs (180+ days)

- Idle NAT Gateways (~$32/mo each)

- Idle RDS Instances (zero connections 14+ days)

- Idle Load Balancers (zero traffic 14+ days)

Azure Rules (10):

- Unattached Managed Disks

- Old Snapshots

- Unused Public IPs

- Empty Load Balancers

- Empty Application Gateways

- Empty App Service Plans

- Idle VNet Gateways

- Stopped (Not Deallocated) VMs — still incurring full compute charges

- Idle SQL Databases (zero connections 14+ days)

- Untagged Resources

Every finding includes:

- Confidence level (HIGH / MEDIUM)

- Evidence and signals used

- Resource details and age

Enforce in CI/CD:

cleancloud scan --provider aws --all-regions --fail-on-confidence HIGH

Exit 0 = pass. Exit 2 = policy violation.

- No write access.

- No telemetry.

- No SaaS.

"pip install cleancloud" and run your first scan in 5 minutes.

GitHub: https://github.com/cleancloud-io/cleancloud

If you’re one of the 200+ users who have downloaded CleanCloud, we’d love to hear what you found. Please open an issue at https://github.com/cleancloud-io/cleancloud or leave a comment below.

reply