The latest articles on Forem by Nat Thompson (@obsidianriver). https://forem.com/obsidianriver https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3847648%2F8f26f287-6da5-4c5d-a50f-5b544910296a.png https://forem.com/obsidianriver en Nat Thompson Sat, 28 Mar 2026 12:45:10 +0000 https://forem.com/obsidianriver/i-built-an-ai-powered-aws-cost-optimizer-heres-how-it-works-41d4 https://forem.com/obsidianriver/i-built-an-ai-powered-aws-cost-optimizer-heres-how-it-works-41d4 <p>I'm an AWS consultant. My clients always ask the same question: <em>"Why is my AWS bill so high?"</em></p> <p>The answer is always the same: idle resources, oversized instances, and services nobody remembered to turn off. So I built a tool to find them automatically.</p> <h2> The Architecture </h2> <p>Sharktooth connects to a customer's AWS account via a <strong>cross-account IAM role</strong> — the same pattern used by Datadog, CloudHealth, and AWS's own tools.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Customer AWS Account Sharktooth AWS Account ┌─────────────────┐ ┌──────────────────────┐ │ │ │ │ │ IAM Role ◄──────────────── STS AssumeRole │ │ (read-only) │ │ + ExternalId │ │ │ │ │ │ Cost Explorer │ │ Cost Analysis │ │ CloudWatch │────────► │ AI Recommendations │ │ EC2 Describe │ │ Dashboard │ │ RDS Describe │ │ │ └─────────────────┘ └──────────────────────┘ </code></pre> </div> <h3> Step 1: Connect (5 minutes) </h3> <p>The customer creates a read-only IAM role with this trust policy:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Principal"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"AWS"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:iam::SHARKTOOTH_ACCOUNT:root"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"sts:AssumeRole"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Condition"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"StringEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"sts:ExternalId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"UNIQUE_PER_CUSTOMER"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The <strong>ExternalId</strong> prevents confused deputy attacks — each customer gets a unique one.</p> <p>Permissions requested:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="s">ce:GetCostAndUsage</span> <span class="s">cloudwatch:GetMetricStatistics</span> <span class="s">ec2:DescribeInstances</span> <span class="s">ec2:DescribeInstanceTypes</span> <span class="s">rds:DescribeDBInstances</span> </code></pre> </div> <p>That's it. No write permissions. No S3, Lambda, or IAM access.</p> <h3> Step 2: Pull Cost Data </h3> <p>Using <code>STS AssumeRole</code>, we get temporary credentials (1-hour expiry) and call the Cost Explorer API:</p> <ul> <li> <strong>Monthly spend</strong> by service (last 6 months)</li> <li> <strong>Daily spend</strong> trend (last 30 days)</li> <li> <strong>Service breakdown</strong> with amounts</li> </ul> <h3> Step 3: Detect Idle Resources </h3> <p>For each running EC2 instance, we pull 7 days of CloudWatch <code>CPUUtilization</code>:</p> <ul> <li> <strong>Average CPU &lt; 5%</strong> = flagged as idle</li> <li> <strong>Average CPU 5-20%</strong> = right-sizing candidate</li> </ul> <p>For RDS, we check <code>DatabaseConnections</code>:</p> <ul> <li> <strong>0 connections over 7 days</strong> = flagged as idle</li> </ul> <h3> Step 4: AI Analysis </h3> <p>This is where it gets interesting. We feed everything into <strong>Claude</strong> (via AWS Bedrock):</p> <ul> <li>Monthly spend total and service breakdown</li> <li>30-day daily trend</li> <li>List of idle resources</li> <li>Right-sizing candidates</li> </ul> <p>The AI returns structured JSON:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"title"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Right-size or consolidate Lightsail instances"</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Lightsail represents 42.9% of total spend..."</span><span class="p">,</span><span class="w"> </span><span class="nl">"estimatedMonthlySavings"</span><span class="p">:</span><span class="w"> </span><span class="mf">45.36</span><span class="p">,</span><span class="w"> </span><span class="nl">"priority"</span><span class="p">:</span><span class="w"> </span><span class="s2">"high"</span><span class="p">,</span><span class="w"> </span><span class="nl">"effort"</span><span class="p">:</span><span class="w"> </span><span class="s2">"medium"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span></code></pre> </div> <p>Cost per AI analysis: <strong>~$0.005</strong> (half a cent) using Haiku.</p> <h2> Results </h2> <p>On my own account ($352/month), it found <strong>$135/month in savings</strong>:</p> <ul> <li>Consolidate Lightsail instances ($45/mo)</li> <li>Remove unused ELB ($20/mo)</li> <li>Audit WorkMail seats ($22/mo)</li> <li>Clean up VPC resources ($18/mo)</li> <li>Plus 6 more recommendations</li> </ul> <p>That's 38% waste. On an AWS consultant's own account.</p> <h2> Tech Stack </h2> <ul> <li> <strong>.NET 10</strong> — Razor Pages + Minimal API</li> <li> <strong>SQLite</strong> — EF Core, lightweight and self-contained</li> <li> <strong>AWS Bedrock</strong> — Claude Haiku 4.5 for AI analysis</li> <li> <strong>Chart.js</strong> — Cost trend visualizations</li> <li> <strong>Stripe</strong> — Billing</li> </ul> <p>The whole thing runs on a single Lightsail instance alongside 7 other .NET apps.</p> <h2> Try It </h2> <p>Free tier available at <a href="https://sharktoothproject.com" rel="noopener noreferrer">sharktoothproject.com</a>. Pro ($19/mo) adds idle detection, right-sizing, and AI recommendations.</p> <p>If you manage AWS for clients, the Team tier ($39/mo) covers unlimited accounts.</p> <p><em>Built by <a href="https://natthompson.com" rel="noopener noreferrer">Nat Thompson</a> at Obsidian River. Questions? Find me on LinkedIn or drop a comment below.</em></p> aws devops ai dotnet