CloudAgent gives you AI agents that manage your cloud infrastructure. They handle tasks like security compliance, cost optimization, deployments, and monitoring. You remain in control as agents show you their plans, wait for your approval, then execute. Think of it as having a cloud operations team that works 24/7 without needing to hire an army of cloud experts.

How can AI agents be trusted with production cloud infrastructure?

You stay in control through approval workflows where every infrastructure change can require human approval before execution, custom security controls with granular access rules, complete audit trails of every action, self-hosted deployment options, and progressive trust models starting with read-only access.

How does it actually reduce costs?

CloudAgent agents delete unused resources, schedule non-production shutdowns, right-size infrastructure based on usage patterns, and recommend architectural optimizations. Early customers report 15-40% cost reduction within 90 days. Unlike dashboards, CloudAgent actually fixes the problems.

1. Assessment

Inventory VPCs and Network ACLs
Identify unassociated Network ACLs
User: Approve unassociated Network ACLs for deletion

2. Configuration

Delete approved unassociated Network ACLs

3. Validation

Validate selected Network ACLs are deleted
Verify no unintended unassociated Network ACLs remain

1 Credits

Identify and Remove Unused Network ACLs in VPCs

Overview

Identify and clean up unused Network ACLs across your VPCs to keep network configurations lean, easier to manage, and less error‑prone. The plan inventories all Network ACLs, identifies those that are not associated with any subnets and are safe to remove, guides you through approving which ones to delete, and then validates that the cleanup was successful and that no unexpected unassociated ACLs remain.

Execution Details

Assessment

Inventory VPCs and Network ACLs

First, discover the network scope and build a detailed inventory:

Define which Regions and VPCs will be analyzed.
For each in-scope Region, list all VPCs and collect their IDs.
For each VPC, list all Network ACLs and capture:
- Network ACL ID and corresponding VPC ID.
- Whether each ACL is the default ACL for that VPC.
- All subnet associations (subnet IDs and association IDs).
- Basic metadata such as tags (e.g., Name, environment, owner).
- Optionally, the count of inbound and outbound entries for context.
Store this inventory in a structured format (such as a table or JSON) to drive later steps.

Identify Unassociated Network ACLs

Next, narrow the focus to ACLs that are candidates for removal:

From the inventory, select Network ACLs that have no subnet associations.
Exclude any ACLs that are marked as the VPC’s default ACL (these cannot be deleted).
For all remaining ACLs, record their IDs, VPC IDs, Regions, and tags for context.
Compile and store a candidate list of unassociated, non-default ACLs for your review.

User Approval for Deletion

You are then guided through selecting which ACLs to delete:

Review the candidate list, including IDs, VPCs, Regions, and tags.
Highlight any ACLs whose names or tags suggest possible future or special use, helping you make informed decisions.
Choose which unassociated ACLs should be deleted and which should be retained as exceptions.
Optionally record the rationale for exceptions.
Produce and store a final, user‑approved list of Network ACLs (with VPC and Region) to be removed.

Configuration

Delete Approved Unassociated Network ACLs

With the approved list, the plan performs the cleanup:

Retrieve the user‑approved list of Network ACLs to delete.
Immediately before deletion, re-verify for each ACL that:
- It has no subnet associations.
- It is not the default ACL for its VPC.
Skip and log any ACL that is now associated to a subnet or is discovered to be the default ACL, recording the reason as an exception.
Delete each remaining approved, unassociated, non-default ACL in its respective Region and VPC.
Capture the outcome for each deletion, including any errors.
Confirm deletions by checking that successfully removed ACLs no longer appear in each affected VPC.
Produce a summary of all ACLs successfully deleted and those that could not be removed, with recommended follow‑up where needed.

Validation

Validate Selected Network ACLs Are Deleted

Confirm that the requested cleanup was applied correctly:

Retrieve the final list of Network ACLs in all Regions and VPCs where deletions were attempted.
For each ACL that was approved and reported as successfully deleted, verify it no longer exists.
For any ACL that remains:
- Determine if the deletion failed or was intentionally skipped because it became associated or is a default ACL.
Document any ACLs that were meant to be deleted but still exist, along with required remediation steps.
Produce a validation report summarizing successful deletions and any outstanding items.

Verify No Unintended Unassociated Network ACLs Remain

Finally, ensure the environment is clean and only expected ACLs remain:

Re-run a Network ACL inventory and association check across all in-scope Regions and VPCs, mirroring the initial assessment.
Identify ACLs with zero subnet associations and exclude default ACLs.
Compare remaining unassociated, non-default ACLs against your list of explicitly approved exceptions.
Flag any unassociated ACLs that are not on the exception list as potential oversights.
Document the final state, confirming that only default ACLs or user‑approved exceptions remain unassociated.
Produce a final summary indicating whether the environment is free of unintended unassociated, non-default Network ACLs, and listing any that require further review.