· 5 min read · By Mehul Prajapati

How We Find AWS Cost Savings with Claude Code: 180 Checks, Read-Only by Design

A first-hand account of building AWS Cost Saver, an open source Claude Code plugin that runs 180 read-only checks across 30+ AWS services and prices every finding with real Cost Explorer data.

AWSCost OptimizationClaude CodeOpen SourcePlugins

AWS Cost Saver is an open source Claude Code plugin that finds cost savings in your AWS account by running 180 read-only checks across EC2, RDS, S3, Lambda, and more than 30 services in total. It prices every finding with real billing data from AWS Cost Explorer and writes a markdown report. A PreToolUse hook blocks any operation that could modify your account, so the scan cannot touch anything.

Why did we build another AWS cost tool?

I have worked with AWS for more than 8 years, and every account I have ever been handed had the same problem: quiet waste. A dev instance someone forgot on a Friday. Volumes detached from servers that no longer exist. A database sized for a launch that happened two years ago. None of it triggers an alarm. It just shows up on the bill, month after month.

At eagerminds, our AI product studio, we build AI products, ours and yours, and most of them run on AWS. Cost Explorer tells you where the money goes, but turning that into a list of concrete fixes still means clicking through a dozen consoles and cross-checking prices by hand. We already spend our working day inside Claude Code, so we built the audit into the tool we were already using.

How does the plugin find savings?

AWS Cost Saver runs 180 checks using 11 domain agents that scan in parallel, each one owning a slice of the account: EC2, RDS, S3, Lambda, ECS, EKS, Aurora, SageMaker, and the rest of the 30+ covered services. Parallel agents keep a full scan fast enough to run in a normal working session instead of as an overnight batch job.

Two design decisions came directly from our own frustration with cost tooling:

  • Confidence scoring. The fastest way to lose trust in a cost report is a false positive. Every finding gets a confidence score, and low-confidence noise is filtered out before it ever reaches the report.
  • Real pricing. Findings are priced with data from AWS Cost Explorer, not list-price guesses. A recommendation is only useful when the dollar figure next to it reflects what you actually pay.

The output is a markdown report you can commit to a repo, paste into a ticket, or hand to whoever owns the bill.

Is it safe to point an AI agent at your AWS account?

This was the first question we had to answer before shipping anything, because "let an agent loose on production AWS credentials" is a sentence that should make any engineer flinch. Our answer is enforcement in code, not politeness in prompts.

The plugin is read-only by design. A PreToolUse hook runs before Claude executes any AWS CLI call and checks it against an allowlist: only operations that start with describe-, get-, list-, lookup-, or search- are permitted. Everything else is denied by default. If the model ever tried to run a terminate, delete, or modify command, the hook would reject it before it executed. The plugin never modifies or deletes anything.

The safety model in one line

A system prompt that says "please be careful" is a suggestion. A hook that denies the call is a guarantee. That difference is the whole safety story.

How do you install and run it?

You need three things: Claude Code, AWS credentials configured through aws configure or SSO, and uv. Then it is two commands inside Claude Code:

/plugin marketplace add prajapatimehul/claude-aws-cost-saver
/plugin install aws-cost-saver@aws-cost-saver-marketplace

To run a scan, use the command directly or just ask in plain English:

/aws-cost-saver:scan

# or simply ask:
"Scan my AWS account for cost savings"

The plugin also installs into Codex, and any MCP-compatible agent can wire up the AWS API server it uses. The current release is v2.1.0, published under the MIT license, with 21+ stars on GitHub.

What does a scan actually return?

Here is the example straight from the project README:

You:    "Scan my AWS for cost savings"
Claude: Found 8 issues. Potential savings: $340/month.

Behind that one-line summary sits the markdown report: each finding listed with its confidence score and the monthly dollar figure pulled from Cost Explorer. Nothing gets changed. You read the report, decide what is real for your workload, and make the fixes yourself, with full context.

That handoff is deliberate. The right split, in our experience, is that the agent does the tedious reading and the human makes the changes.

AWS Cost Saver is one of the tools we build in the open and write up in Notes from the studio. If you run anything on AWS, a read-only scan is a cheap way to find out what your account has been quietly charging you for.

FAQ

Is AWS Cost Saver safe to run on a production AWS account?

Yes. The plugin is read-only by design. A PreToolUse hook enforces an allowlist that permits only describe-, get-, list-, lookup-, and search- AWS CLI operations, and everything else is denied by default. It never modifies or deletes anything in your account.

What does AWS Cost Saver check?

It runs 180 checks across EC2, RDS, S3, Lambda, ECS, EKS, Aurora, SageMaker, and more than 30 AWS services in total. Eleven domain agents scan in parallel, confidence scoring filters out false positives, and every finding is priced with real data from AWS Cost Explorer.

Does AWS Cost Saver work outside Claude Code?

Yes. The same plugin installs into Codex, and any MCP-compatible agent can wire up the AWS API server it uses. Claude Code remains the primary target, with a two-command install through the plugin marketplace.

What do I need to run it?

You need AWS credentials configured through aws configure or SSO, and uv installed. The plugin is free and open source under the MIT license. Install it from the marketplace, then run /aws-cost-saver:scan or just ask Claude to scan your account for cost savings.

Built in the open at github.com/prajapatimehul/claude-aws-cost-saver.

One last thing

Have a product stuck in your head? Let's get it shipped.