awsspectre — AWS resource waste auditor with cost estimates. Part of SpectreHub.
- Scans EC2, RDS, EBS, ELB, NAT Gateway, EIP, Lambda, Kinesis, SQS, SNS, snapshots, and security groups
- Detects idle, orphaned, and oversized resources using CloudWatch metrics
- Estimates monthly waste in USD per finding
- Supports tag-based exclusions and configurable thresholds
- Outputs text, JSON, SARIF, and SpectreHub formats
- Not a real-time monitor — point-in-time scanner
- Not a remediation tool — reports only, never modifies resources
- Not a security scanner — checks utilization, not vulnerabilities
- Not a billing replacement — uses embedded on-demand pricing
brew tap ppiankov/tap
brew install awsspectregit clone https://github.com/ppiankov/awsspectre.git
cd awsspectre
make buildawsspectre scan --region us-east-1 --format json| Command | Description |
|---|---|
awsspectre scan |
Scan AWS account for idle and wasteful resources |
awsspectre init |
Generate IAM policy and config file |
awsspectre version |
Print version |
awsspectre feeds AWS resource waste findings into SpectreHub for unified visibility across your infrastructure.
spectrehub collect --tool awsspectreawsspectre operates in read-only mode. It inspects and reports — never modifies, deletes, or alters your resources.
| Document | Contents |
|---|---|
| CLI Reference | Full command reference, flags, and configuration |
MIT — see LICENSE.
Built by Obsta Labs