AWS Cost & Security Audit

AWS bill too high? I find waste and risky misconfigurations fast.

Most AWS bills grow 20-40% faster than the workload justifies. The causes are rarely obvious - NAT data transfer, forgotten log retention, overprovisioned databases, and duplicated security controls add up silently. I audit your account with read-only access and deliver a prioritized fix list with exact CLI commands and Terraform code in 48 hours.

Book free 20-min video triage or email kontakt@haitmg.pl

Featured in Help Net Security 1,400+ monthly installs of cloud-audit AWS SA, Azure Admin, Palo Alto PCNSA Free 20-min triage · audits from EUR 50/h

Where AWS bills secretly bleed money

1. NAT Gateway data transfer

NAT Gateway charges $0.045/GB processed. A single misconfigured service routing traffic through NAT instead of a VPC endpoint can add $500-2,000/month silently.

Check Cost Explorer → filter by NAT Gateway → last 30 days

2. CloudWatch Logs without retention

Default retention is forever. A busy Lambda or ECS cluster can generate 50-200 GB/month of logs nobody reads. At $0.03/GB/month storage, that compounds fast.

List all Log Groups without retention policy set

3. Idle EC2 and unattached EBS/EIP

Stopped EC2 instances still pay for EBS. Unattached EBS volumes and Elastic IPs sitting unused cost money every hour. Most accounts have 3-5 of these.

Find instances with <5% avg CPU over 14 days

4. Overprovisioned RDS and ElastiCache

Production database on db.r6g.2xlarge when db.r6g.large would do. RDS right-sizing recommendations exist but most teams never check them.

Review RDS Performance Insights → CPU and memory utilization

5. Public exposure generating unnecessary traffic

S3 buckets, ALBs, or EC2 instances open to the internet attract scanning bots. The traffic itself costs money through data transfer and WAF charges.

Audit Security Groups with 0.0.0.0/0 inbound rules

6. Duplicated security controls

Running WAF + AWS Network Firewall + a third-party NGFW on the same traffic path. Each layer has its own cost. Often one or two layers are redundant.

Map which services inspect the same traffic flow

7. Bad firewall architecture

A GWLB + Palo Alto VM-Series stack can cost $9,287/month for a 3-AZ deployment. Sometimes a simpler architecture with AWS Network Firewall achieves the same security goal for $747/month.

Review the full infrastructure cost stack, not just license fees

Verify yourself in 20 minutes

☐ Check NAT Gateway data transfer cost in Cost Explorer (last 30 days)
☐ List CloudWatch Log Groups without retention policy set
☐ Find EC2 instances with <5% average CPU utilization (14 days)
☐ Review RDS right-sizing recommendations in Performance Insights
☐ Audit Security Groups with 0.0.0.0/0 inbound rules
☐ List unattached EBS volumes and unused Elastic IPs
☐ Review firewall layers processing the same traffic

Can't get through the list? Don't have time? That's what the free triage is for.

Book free video triage → Prefer offline? Download PDF checklist

What you get in 48 hours

Full cost breakdown with anomalies

Service-by-service analysis showing where money goes and where it shouldn't. Not a Cost Explorer screenshot - an engineer's reading of your bill.

Security misconfigurations tied to cost

Public S3 buckets generate egress charges. Open security groups attract scanner traffic. These are security problems that cost money.

Prioritized fix list with code

Every finding includes the AWS CLI command or Terraform snippet to fix it. Quick wins (under 1 hour) separated from architecture changes (1-2 weeks).

Estimated monthly savings

Dollar estimates per finding so you can prioritize by ROI, not just severity.

30-minute video walkthrough

Not a PDF you'll never read. A recorded walkthrough explaining what I found, why it matters, and what to fix first.

What a typical audit uncovers

From 100+ AWS accounts managed (including multi-year engagements with a Fortune 500 networking vendor), I built cloud-audit to automate the security side of these reviews. The most consistent findings:

▶ IAM roles with overly permissive trust policies (cross-account access anyone can assume)
▶ Security groups allowing 0.0.0.0/0 on non-public instances (attack surface + unnecessary traffic cost)
▶ CloudTrail and Config not enabled in all regions (compliance gap)
▶ EBS volumes and snapshots from terminated instances still accruing charges
▶ GWLB + firewall stacks costing $9,287/month when $747/month architecture achieves the same security outcome

Every finding comes with a fix. Every fix includes the exact command or Terraform code to apply it.

Start with a free 20-minute video triage

No commitment. If I can't find meaningful savings or security issues, I'll tell you straight.

Book on Cal.com or email kontakt@haitmg.pl

Questions

How fast can you start?

Within 48 hours of receiving read-only access. The triage call takes 20 minutes, and I deliver the full report within 2 business days after that.

What access do you need?

Read-only IAM access via a cross-account role. You create the role yourself using an IAM policy I provide. I never modify your infrastructure. The role can be deleted immediately after the audit.

What if I use AWS Organizations with multiple accounts?

I can audit multiple accounts in the same organization. The read-only role is created in each account you want reviewed. Most audits cover 1-5 accounts.

What if you don't find meaningful savings?

Then I tell you straight. No upsell, no invented findings. If your infrastructure is clean, I will say so and point out what you are doing right.

Do you work with startups or enterprises?

Both. Startups typically have 1-3 accounts with $5-30k/month spend. Enterprises have 10-50+ accounts with complex networking. The process scales - it just takes longer for larger environments.

Is the video triage really free?

Yes. You get a 20-minute video walkthrough of your AWS bill with concrete observations. No contract, no commitment. If you want a full deep-dive audit after that, we discuss scope separately.

What does a full audit cost?

Audits start at EUR 50/h, scoped per engagement based on account size and complexity. After the free 20-minute triage I send a written scope with a fixed-hours estimate so you know the number before you commit.