The Foreman logo The Foreman

What We Scan

Every resource type and check Foreman runs on your AWS accounts, every hour. No agents. No code changes. Read-only IAM access.

25
Resource types
40+
Distinct checks
Hourly
Scan frequency

Compute

EC2 Instances

2 checks
  • Idle - Average CPU below 1% over 7 days. Instance is running but doing nothing.
  • Low usage - CPU or memory below 10%. Likely over-provisioned for its workload.

Stopped EC2 Instances

1 check
  • Stopped but not terminated - Instance is off but attached EBS volumes and Elastic IPs continue to accrue charges.

Lambda Functions

7 checks
  • Over-provisioned memory - Allocated memory significantly exceeds actual peak usage.
  • Slow execution - Average duration near the configured timeout, indicating inefficiency or resource starvation.
  • Large package size - Deployment package is unnecessarily large, increasing cold starts and storage costs.
  • Excessive timeout - Timeout is set far above actual execution time, masking hangs and increasing cost per failure.
  • Debug logging enabled - DEBUG or TRACE log level left on in a production function, driving up CloudWatch Logs costs.
  • High error rate - Sustained invocation errors indicate a broken function still running (and failing) on a schedule.
  • Provisioned concurrency waste - Pre-warmed concurrency allocated but not actually consumed by traffic.

Databases

RDS Instances

3 checks
  • Idle - Zero database connections over the lookback window.
  • Low CPU - Average CPU below 10%.
  • Low memory utilization - High FreeableMemory suggests significant over-provisioning.

RDS Snapshots

1 check
  • Old manual snapshots - Manual snapshots older than 30 days. Automated snapshots are excluded since RDS manages their lifecycle.

ElastiCache Clusters

2 checks
  • Low CPU - Average CPU below 10% over 7 days.
  • Low memory usage - Cache memory utilization below 10% -- significantly over-provisioned for the working set.

DynamoDB Tables

2 checks
  • Provisioned capacity waste - Provisioned read/write capacity far exceeds consumed capacity.
  • Global Secondary Index waste - Same check applied per GSI -- idle or over-provisioned indexes often go unnoticed.

Redshift Clusters

2 checks
  • Idle - Zero database connections. Warehouse is running at full cost with no queries being served.
  • Low usage - Low CPU and disk utilization, suggesting the cluster is over-sized.

OpenSearch Domains

2 checks
  • Empty domain - Zero searchable documents. Cluster is allocated and running with nothing to index.
  • Idle - Low CPU and low JVM memory pressure together indicate no meaningful search activity.

Storage

EBS Volumes

1 check
  • Unattached volumes - Volume exists in "available" state with no instance attached. Full storage cost with zero utilization.

EBS Volume Type

1 check
  • gp2 volumes still in use - gp3 delivers the same or better performance at ~20% lower cost. No migration risk, just a parameter change.

EBS Snapshots

1 check
  • Old snapshots - EBS snapshots older than 90 days with no recent access. Manual snapshots often accumulate without a cleanup policy.

ECR Images

2 checks
  • Untagged images older than 30 days - Untagged images are rarely intentional; these are almost always build artifacts.
  • Stale images - Never pulled, or not pulled in 90+ days. Likely superseded by newer versions.

S3 Buckets

5 checks
  • Versioning without lifecycle policy - Every version of every object is kept forever. Old versions accumulate silently and can dwarf the current object storage.
  • Incomplete multipart uploads - Uploads abandoned more than 7 days ago. Parts are stored and billed even though no complete object exists.
  • Expensive region - Bucket is in a region with a storage premium (e.g. Sao Paulo, Cape Town) without an explicit reason.
  • Request metrics disabled - Without request metrics, a traffic spike -- a viral post, a misconfigured client -- is invisible until the bill arrives.
  • No S3 Analytics - S3 Analytics identifies objects that haven't been accessed in 30+ days and are candidates for Intelligent-Tiering or Glacier.

Networking

Elastic IPs

1 check
  • Unattached EIPs - Reserved but not associated with a running instance. AWS charges ~$3.65/mo per idle EIP.

NAT Gateways

1 check
  • Idle - No bytes transferred in the past 7 days. NAT Gateways cost ~$32/mo at baseline before any data fees.

Application Load Balancers

1 check
  • Idle - No traffic (zero RequestCount) in the past 7 days. Common after decommissioning a service without cleaning up the load balancer.

NLBs & Classic ELBs

2 checks
  • Idle NLBs - Network Load Balancers with no active flows or processed bytes in 7 days.
  • Idle Classic ELBs - Legacy load balancers with no request activity in 7 days.

VPC Interface Endpoints

1 check
  • Idle endpoints - Interface endpoint with no bytes transferred in the past 7 days. Each idle endpoint costs ~$7/mo at minimum.

Containers & Orchestration

EKS Clusters

1 check
  • No worker nodes - Control plane is running (~$72/mo) with no node groups or Fargate profiles attached. Nothing is being scheduled.

EKS Extended Support

1 check
  • End-of-life Kubernetes version - Cluster is past its standard support window. AWS charges an extended support fee on top of normal control plane costs.

Observability & Governance

CloudWatch Log Groups

2 checks
  • No retention policy - Logs are kept forever by default. CloudWatch charges $0.03/GB/mo for stored logs -- without a policy, costs compound indefinitely.
  • Stale log group - No log events ingested in 90+ days. The service or resource writing to this group no longer exists.

Cost Anomaly Detection

1 check
  • No anomaly monitors configured - AWS Cost Anomaly Detection can catch spend spikes (like a traffic surge hitting S3) before they show up on the bill. This finding flags accounts where it isn't set up.

Lifecycle & EOL Costs

RDS Extended Support

1 check
  • End-of-life engine version - Running MySQL 5.7, Postgres 11, or other EOL engines past their AWS standard support date. Extended support adds a per-vCPU surcharge on top of normal instance costs.

AMIs

1 check
  • Unused AMIs older than 30 days - Private AMIs with no running instances launched from them in the past 30 days. The underlying EBS snapshots continue to accrue storage costs.

Severity legend

Alert - High confidence waste. Resource is almost certainly idle or broken.
Warning - Likely waste. Worth investigating before acting.
Info - Visibility gap or configuration risk with no direct cost estimate.

See what your account is flagging right now

Free scan. No credit card. Results in minutes.

Coming Soon