I’ve built an open-source CLI tool that identifies wasted cloud resources (AWS) , CLoudSlash , and, more importantly, it helps you delete them without the fear of breaking production.
The Problem: Most "cloud cost" tools give you a CSV of "unused" resources. But deleting them is terrifying. Is that unattached EBS volume actually a production database backup? Is that idle NAT Gateway the only route for a silent legacy lambda?
I realized that detection is easy, but safe remediation is an unsolved distributed systems problem.
The Solution: CloudSlash builds an in-memory Directed Acyclic Graph (DAG) of your infrastructure to understand dependencies, not just utilization metrics. It effectively treats your infrastructure as a graph traversal problem.
Key Technical Features:
1. The "Lazarus Protocol" (Infrastructure Undo Button): If you choose to delete a resource (e.g., a Security Group), CloudSlash doesn’t just make the API call. It first:
- Snapshots the live configuration. - Generates a restore.tf file with the HCL definition. - Generates a precise terraform import command.
If you make a mistake, you can resurrect the resource and bridge it back into your Terraform state in seconds. It turns "destructive" operations into reversible transactions.
2. Graph-Based Forensic Engine: Instead of simple rules ("CPU < 5%"), it builds a dependency graph.
- Example: It won't flag a NAT Gateway as waste—even if it has 0 bytes of traffic—if it detects an active Route Table creating a "FlowsTo" edge targeting it. - The engine is written in Go, using custom string interning and contiguous memory layouts for the graph nodes to handle large enterprise accounts (10k+ resources) without GC thrashing.
3. Bin Packing, Not Just "Right-Sizing": For compute optimization, it uses a 2D Bin Packing algorithm (Best Fit Decreasing) to simulate how your current pods/workloads would fit into modern instance types. It visualizes the "fragmentation" of your clusters rather than just looking at average CPU usage.
Why Use This?
- Locally Run: No SaaS, no API keys leaving your machine. - Heuristics Catalog: All detection logic is open source. You can see exactly why an RDS instance was flagged (e.g., Connections == 0 for 7 days AND SnapshotCreated == true). - TUI: It includes a terminal UI (using Bubble Tea) for interactive graph exploration.
Repo: https://github.com/DrSkyle/CloudSlash
I’m eager for feedback on the graph traversal logic and the "Lazarus" restoration flow.
:) DrSkyle