AWS COST AUDIT · BOOTSTRAPPED SAAS · $500 TO $5K/MO SPEND

Cut AWS waste
without guessing.

Bastioneer finds exactly what to cut in your AWS account: idle EC2s, forgotten RDS instances, unattached Elastic IPs, and quiet infrastructure waste hiding in plain sight. Flat-fee report. No upsells.

Free scan in minutes

Every resource flagged by ID, not just category

Safe vs. investigate findings separated clearly

START FREE SCAN → SEE WHAT'S INCLUDED

90 sec

Typical Setup

Minutes

Scan Runtime

Exact IDs

Report Output

bastioneer.com/report?id=scan_••••••

bastioneer

acct 387761228848
sample scan · Apr 16, 2026

TOTAL ESTIMATED WASTE

$261/mo

across 4 findings · 147 resources checked

$3,132

projected / yr

findings

high severity

$261

total waste

findings

high risk

147

scanned

TOP FINDINGS

Idle EC2 instance

i-0a4f2b8c · avg CPU 1.2% / 21 days

$96/mo

Stopped RDS, still billing

db-prod-XXXX · 47 days stopped

$138/mo

Unattached Elastic IPs ×3

eipalloc-*** · no association

$11/mo

Idle load balancer

Zero traffic in 14 days

Investigate

Full report unlocks everythingResource IDs, suggested remediation steps, recommended CLI commands

UNLOCK $29

WHAT THE REPORT INCLUDES

What the report includes

A compact, concrete report. Short notes, exact IDs, savings estimates, and a clear next step for every finding.

01 · RESOURCE IDS

Exact AWS resource IDs, so you know what to inspect.

02 · SAVINGS

Estimated monthly savings per finding, so the tradeoff is obvious.

03 · WHY FLAGGED

Why each resource was flagged, with the usage pattern or billing signal behind it.

04 · RISK LABEL

Safe to cut or investigate first, so low-risk cleanup stands apart from anything sensitive.

05 · NEXT ACTION

Recommended action for each finding, so you know whether to remove, resize, or review.

GET THE FULL REPORT, $29 →

FREE SCAN FIRST · PAY ONLY IF FINDINGS ARE WORTH IT · RESULTS IN MINUTES

HOW IT WORKS

Three steps. No ongoing access required.

The setup takes a few minutes. The scan completes in minutes, and the summary lands right after.

Connect a read-only IAM role

Deploy a one-click CloudFormation stack that creates a read-only IAM role in your account. Takes about 90 seconds. No credentials shared. No standing access granted.

We scan your AWS account

Bastioneer reads your resource metadata across EC2, RDS, S3, load balancers, Elastic IPs, and more. Scan completes in minutes. Credentials expire automatically after the session.

You receive a report with exact cuts

Free scan shows total waste found and service categories. The $29 full report delivers every resource ID, cost estimate, safe vs. investigate classification, and suggested remediation steps.

WHO THIS IS FOR

Built for one situation specifically.

Not for enterprises. For founders and small teams who got an unexpected bill and do not have a DevOps engineer to call.

The bill shock moment

Your AWS bill jumped from $600 to $1,400 last month and you do not know why. Cost Explorer shows you what you spent, not what to cut.

Pre-fundraise cleanup

You are talking to investors. You want your infrastructure to look lean and intentional, not like a staging environment graveyard.

Profitability pressure

Growth slowed. Cloud spend did not. You need to cut costs but cannot risk breaking production. You need to know what is actually safe to remove.

GOOD FIT / NOT A FIT

Bootstrapped or early-stage SaaS, $500 to $5K/mo AWS

Solo founder or 2 to 5 person team without a DevOps hire

Already felt bill shock at least once

Needs actionable cuts, not just another dashboard

Enterprise teams with a dedicated DevOps or FinOps function

Businesses running entirely on-prem or shared hosting

START FREE SCAN →

SECURITY: READ THIS FIRST

Your AWS account stays yours.

We know giving any third party access to your AWS account feels uncomfortable. Here is exactly what we can and cannot do. Nothing hidden.

Read-only IAM role

We can only describe and list resources. No write, delete, or modify actions are possible in your account.

Secured with External ID

A unique token ensures only Bastioneer can assume your role. Nobody else can assume it, even if they know your account ID.

No long-term data storage

Scan results stored only for report delivery. Raw resource data is never retained beyond 30 days.

Revoke anytime

Delete the CloudFormation stack and all access is permanently removed instantly. You are always in control.

Full transparency

The exact IAM policy and CloudFormation template are shown before you deploy. No hidden permissions, ever.

Runs in your region

All scanning happens within AWS infrastructure. Your data never leaves AWS to external APIs.

Credentials expire automatically, typically within 5 to 10 minutes

Bastioneer uses AWS STS temporary credentials to access your account. These expire automatically after the scan completes. No standing access is ever maintained. After the session expires, Bastioneer has zero access to your account until you explicitly authorize a new scan.

COMMON QUESTIONS

Straight answers.

Everything you would want to know before running your first scan.

Cost Explorer shows what you spent. Bastioneer shows what to cut and how. They answer different questions.

No. Free scan first. The summary shows total waste found and which service categories are affected. Pay $29 only if the findings are worth acting on.

No. Bastioneer uses a read-only IAM role with no permission to modify, stop, start, or delete anything in your account. Ever.

Most accounts complete in minutes. Larger accounts may take a bit longer, and you will receive an email when results are ready.

EC2, RDS, S3, Elastic IPs, EBS snapshots, and load balancers, with more services added as the platform evolves.

Go to CloudFormation in your AWS console, find the Bastioneer stack, and click Delete. All access is immediately and permanently removed.

No. Onboarding is one CloudFormation click. Reports are written in plain language any founder or manager can act on.

You get a clean bill of health. The free scan confirms it before you pay anything. If there is no meaningful waste, there is nothing to buy.