SAMPLE REPORT HOW IT WORKS TEMPLATES CONTACT START FREE SCAN โ†’
Most AWS accounts under $3K/month are wasting 20 to 35% on resources nobody is using. Is yours?
FOR BOOTSTRAPPED SAAS FOUNDERS ยท $500 TO $5K/MO AWS SPEND

Your AWS bill is higher
than it should be.

Bastioneer finds exactly what to cut: idle EC2s, forgotten RDS instances, NAT Gateway leaks. Flat-fee report. No upsells.

Report delivered in 48 hours or less
Every resource flagged by ID, not just category
Step-by-step cuts: safe vs. investigate flagged separately
START FREE SCAN โ†’ SEE SAMPLE REPORT
BASTIONEER AUDIT REPORT
SAMPLE
FINDINGS SNAPSHOT
Idle EC2 instance
i-0a4f2b8c ยท avg CPU 1.2% / 21 days
Save $96/mo
Stopped RDS, still billing
db-prod-XXXX ยท 47 days stopped
Save $138/mo
Unattached Elastic IPs x3
No association found
Save $11/mo
Idle load balancer
Zero traffic in 14 days
Investigate
Total waste found
$261/mo
Full report unlocks everythingResource IDs, remediation steps, safe vs. investigate classification
VIEW FULL SAMPLE REPORT โ†’
SAMPLE REPORT

See exactly what you will receive.

The full report is a concrete PDF. Every idle resource listed by ID, every dollar quantified, every cut labeled safe or investigate-first.

๐Ÿ”
Resource-level findings
Every flagged resource identified by its actual AWS resource ID, not just category. You know exactly what to go and check.
๐Ÿ’ฐ
Monthly and annual savings estimates
Conservative cost estimates per resource. Monthly and annualized. We err on understating, not overstating.
๐ŸŸข
Safe vs. investigate, flagged separately
Green means safe to cut. Amber means check usage patterns first. We do not let you accidentally break production.
๐Ÿ“‹
Step-by-step remediation instructions
Each finding includes the exact console steps or CLI commands to remove or resize it. No guessing needed.
GET THE FULL REPORT, $79 โ†’
FREE SCAN FIRST ยท PAY ONLY IF FINDINGS ARE WORTH IT ยท 48-HOUR DELIVERY
HOW IT WORKS

Three steps. No ongoing access required.

The whole process takes under 5 minutes to initiate. The report arrives within 48 hours.

1
Connect a read-only IAM role
Deploy a one-click CloudFormation stack that creates a read-only IAM role in your account. Takes about 90 seconds. No credentials shared. No standing access granted.
2
We scan your AWS account
Bastioneer reads your resource metadata across EC2, RDS, S3, load balancers, Elastic IPs, and more. Scan completes in under 10 minutes. Credentials expire automatically after the session.
3
You receive a report with exact cuts
Free scan shows total waste found and service categories. The $79 full report delivers every resource ID, cost estimate, safe vs. investigate classification, and step-by-step remediation.
WHO THIS IS FOR

Built for one situation specifically.

Not for enterprises. For founders and small teams who got an unexpected bill and do not have a DevOps engineer to call.

01
The bill shock moment
Your AWS bill jumped from $600 to $1,400 last month and you do not know why. Cost Explorer shows you what you spent, not what to cut.
02
Pre-fundraise cleanup
You are talking to investors. You want your infrastructure to look lean and intentional, not like a staging environment graveyard.
03
Profitability pressure
Growth slowed. Cloud spend did not. You need to cut costs but cannot risk breaking production. You need to know what is actually safe to remove.
GOOD FIT / NOT A FIT
Bootstrapped or early-stage SaaS, $500 to $5K/mo AWS
Solo founder or 2 to 5 person team without a DevOps hire
Already felt bill shock at least once
Needs actionable cuts, not just another dashboard
Enterprise teams with a dedicated DevOps or FinOps function
Businesses running entirely on-prem or shared hosting
START FREE SCAN โ†’
COMMON QUESTIONS

Straight answers.

Everything you would want to know before running your first scan.

Why not just use AWS Cost Explorer?
Cost Explorer shows what you spent. Bastioneer shows what to cut and how. They answer different questions.
Do I pay before seeing results?
No. Free scan first. The summary shows total waste found and which service categories are affected. Pay $79 only if the findings are worth acting on.
Can you change or delete my resources?
No. Bastioneer uses a read-only IAM role with no permission to modify, stop, start, or delete anything in your account. Ever.
How long does the scan take?
Most accounts complete in under 5 minutes. Larger accounts may take up to 10. You will receive an email when results are ready.
What AWS services does it scan?
EC2, RDS, S3, Elastic IPs, EBS snapshots, and load balancers, with more services added as the platform evolves.
How do I revoke access?
Go to CloudFormation in your AWS console, find the Bastioneer stack, and click Delete. All access is immediately and permanently removed.
Do I need to be technical?
No. Onboarding is one CloudFormation click. Reports are written in plain language any founder or manager can act on.
What if my account is already clean?
You get a clean bill of health. The free scan confirms it before you pay anything. If there is no meaningful waste, there is nothing to buy.
SECURITY: READ THIS FIRST

Your AWS account stays yours.

We know giving any third party access to your AWS account feels uncomfortable. Here is exactly what we can and cannot do. Nothing hidden.

Read-only IAM role
We can only describe and list resources. No write, delete, or modify actions are possible in your account.
Secured with External ID
A unique token ensures only Bastioneer can assume your role. Nobody else can assume it, even if they know your account ID.
No long-term data storage
Scan results stored only for report delivery. Raw resource data is never retained beyond 30 days.
Revoke anytime
Delete the CloudFormation stack and all access is permanently removed instantly. You are always in control.
Full transparency
The exact IAM policy and CloudFormation template are shown before you deploy. No hidden permissions, ever.
Runs in your region
All scanning happens within AWS infrastructure. Your data never leaves AWS to external APIs.
Credentials expire automatically, typically within 5 to 10 minutes
Bastioneer uses AWS STS temporary credentials to access your account. These expire automatically after the scan completes. No standing access is ever maintained. After the session expires, Bastioneer has zero access to your account until you explicitly authorize a new scan.
WHAT BASTIONEER OFFERS

Two products. Both self-service.

No retainers required. No calls. No contracts. Start with the free scan, pay only if the findings are worth it.

FREE + $79 FULL REPORT
Cloud Waste Audit

Bastioneer scans your AWS account across EC2, RDS, S3, load balancers, and more. The free summary confirms waste exists. The $79 full report gives you every resource ID, cost breakdown, safety classification, and step-by-step remediation guide.

START FREE SCAN โ†’
DIGITAL DOWNLOAD, FROM $29
Terraform Templates

Production-ready IaC modules for common AWS architectures. Secure VPC baselines, S3 + CloudFront setups, RDS configurations: validated, clean, and ready to deploy. No subscription required.

BROWSE TEMPLATES โ†’
EARLY CUSTOMERS

Real findings. Real accounts.

A few early customers let us share their anonymized results.

SAVED $261/MO
Found $261 a month in stuff I completely forgot about: a stopped RDS instance from a project I killed six months ago, and three Elastic IPs I had no idea were allocated. Paid for itself in the first week.
M
Marcus T.
Solo SaaS founder, $1,340/mo AWS baseline
Second case study coming soon
RUN A FREE SCAN, SHARE YOUR RESULTS
QUESTIONS

Questions before you start?

Ask about access, report scope, or anything else before running your scan.

CONTACT US โ†’
Prefer to try it first? Start your free scan.
Bastioneer Owl Mascot
GET STARTED, NO CREDIT CARD

Find out if you are wasting
money before you commit to anything.

Free scan confirms waste exists. Pay $79 only if the findings are worth acting on.

START FREE SCAN โ†’
48-HOUR DELIVERY ยท READ-ONLY ACCESS ยท NO SALES CALLS