Production release 1.0

CloudPR

Enterprise cloud cost governance

Turn AWS waste into clear, reviewable engineering work. CloudPR scans read-only metadata, explains the evidence, and opens the report where your teams already approve changes.

Real AWS scans. Real review requests. No automatic resource changes.

Open CloudPRImplementation guide

CloudPR report

.cloudpr/recommendations.md

AWS
AccessSTS AssumeRole + ExternalId
EvidenceAWS metadata and ownership tags
DecisionPull request or merge request
RemediationManual approval required
AWSEvidenceReview
EC2 / VPCidle + unattachedpull request
RDS / S3usage + policymerge request
EKS / ECScapacity signalapproval gate

10+

AWS service families covered

0

write permissions required for scanning

2

free scans before tokens are required

Read-only by design

CloudPR assumes a constrained AWS role, gathers metadata, and never changes production infrastructure automatically.

Review before action

Every optimization becomes a GitHub pull request or GitLab merge request with evidence and remediation guidance.

Built for governance

Security, platform, and finance teams get a shared record of what was found, why it matters, and who approved it.

Production coverage

Broad infrastructure checks without a write-capable role.

CloudPR correlates AWS inventory, ownership tags, and CloudWatch usage signals. Findings are conservative by design: they explain what was observed and what a reviewer should verify before action.

Storage

Unattached EBS volumes and old EBS snapshots

Network

Idle Elastic IPs and NAT gateways without traffic

Load balancing

Load balancers with no healthy targets

Database

RDS instances with low CPU and no connections

Kubernetes

EKS control planes with no managed compute

Containers

ECS clusters with no services or running tasks

Security

Security groups detached from network interfaces

Object storage

S3 buckets without lifecycle policy

Governance

Missing owner, team, environment, and cost tags

Operating model

From cloud inventory to approved engineering work.

1

Connect

Add the read-only AWS role and select your review repositories.

2

Scan

CloudPR gathers usage, ownership, and configuration evidence.

3

Decide

Teams review the report, then merge or reject remediation work.

Security posture

AWS accessSTS AssumeRole with ExternalId
Execution modelRead-only scanner and explicit review gates
Change boundaryReports only; infrastructure remains untouched
Provider flowGitHub pull requests and GitLab merge requests