Overview
This report evaluates your AWS environment to identify unused, stale, or misconfigured resources that may be contributing to unnecessary costs, increased operational complexity, and an expanded attack surface. By cleaning up these resources, you can:
- Reduce monthly cloud costs
- Decrease security risk by minimizing your attack surface
- Improve resource visibility and operational hygiene
- Simplify identity, access, and network policies
The report provides resource-level details so that teams can take informed and targeted action.
Services and Evaluation Criteria
EC2
- EBS Volumes: No Unattached EBS Volumes
- EC2 Instances: No EC2 Instances Stopped > 30 days
- Elastic IPs: No Unused Elastic IPs
Amazon VPC
- Security Groups: No Unused Security Groups
- Internet Gateways: No Unused Internet Gateways
- Network ACLs: No Unused Network Access Lists (NACL)
IAM
- IAM Groups: No Empty IAM Groups
- IAM Users: No IAM Users with Unused Credentials
- IAM Server Certificates: No Expired IAM Server Certificates
AWS Load Balancers (ELB)
- Listeners: No Load Balancers with No Listeners
- Target Groups: No Load Balancers with No Target Groups
AWS Secrets Manager
- Secrets: No Unused Secrets
AWS SSO
- Permission Sets: No Unused Permission Sets
AWS WAF
- Web ACLs: No Empty WAF Web ACLs
- Classic Rule Groups: No Empty WAF Rule Groups
AWS Network Firewall
- Policies: No Empty Network Firewall Policies
- Rule Groups: No Empty Network Firewall Rule Groups
- Stateless Rule Groups: No Empty Stateless Network Firewall Rule Groups
At the end of the assessment, you will receive a detailed report listing unused resources across the evaluated services. This report can be used to guide resource cleanup, cost optimization, and security hardening.