Skip to main content

Success Story

CostPatrol — AWS Cost Anomaly Detection in 24 Hours

Our own SaaS product: scans AWS accounts daily, finds savings across 123 rules, and delivers exact fix commands with dollar amounts to Slack.

$6,496/moLargest Savings Found
Built by MSCLOUDTECH
AWS LambdaDynamoDBEventBridgeSQSAPI GatewayCost Explorer APISlack APITypeScriptStripeCloudFormation
123
Detection Rules
<24h
Anomaly Detection
30
AWS Services Covered
5-10x
Customer ROI

Challenge: AWS cost waste is a $30B problem. Teams get vague recommendations from Trusted Advisor or $10K/month enterprise platforms. Engineers don't have time for manual FinOps. Cost spikes go unnoticed until the monthly bill arrives.

Solution: We built CostPatrol as a serverless SaaS on the same AWS stack we use for clients. Daily scans across 123 rules, anomaly detection within 24 hours, and specific fix commands (not suggestions) delivered straight to Slack.

Result: Published scan reports show $284/mo to $6,496/mo in savings per customer. 5-minute setup via CloudFormation. Read-only access, zero risk. Customers save 5-10x what they pay.

Tech Stack

AWS LambdaDynamoDBEventBridgeSQSAPI GatewayCost Explorer APISlack APITypeScriptStripeCloudFormation

The Story

CostPatrol came from personal frustration. I kept finding the same AWS waste on client accounts. Aurora clusters running expensive workloads that belonged on DynamoDB plus OpenSearch. Metric Streams bleeding cost because nobody had set filters, just shipping everything to New Relic across accounts and regions. CloudWatch double-shipping logs to two destinations. These are recurring patterns across accounts. Every client engagement started with me running the same manual checks, finding the same waste, and thinking there has to be a better way.

So I built CostPatrol. 123 detection rules across 30 AWS services, starting with the heaviest spenders: Lambda, EC2, RDS, DynamoDB, S3, EBS, NAT Gateway, and CloudWatch. The rule set keeps growing. Each rule scans real resource configurations and outputs a specific fix, not a suggestion, an actual CLI command or Terraform snippet with the dollar amount attached. The scanning engine runs daily via EventBridge, pulls data from Cost Explorer, compares to 30-day rolling averages, and flags anything that looks wrong. Anomaly detection within 24 hours instead of waiting for the month-end bill.

I built CostPatrol using Claude Code and Cursor. Specs first, AI implements against the spec, human review gates on auth, money, and security. The whole platform is serverless on Lambda, DynamoDB, SQS, and EventBridge. Slack-first delivery because engineers dont live in dashboards. Stripe handles billing with tiered pricing. CloudFormation one-click onboarding gives us read-only access to customer accounts in 5 minutes, zero risk.

The patterns sell it. Aurora clusters sitting there because "it works, dont touch it." Metric Streams running unfiltered for months across multiple accounts. A single NAT Gateway burning hundreds per month because a chatty Lambda routed through it every 30 seconds. CostPatrol finds these patterns automatically. Published scans show $284/mo to $6,496/mo in savings per anonymized example. The goal is simple: teams spending $5K to $200K/mo on AWS should save 5-10x what they pay for CostPatrol.

How We Delivered

Our Delivery Process

See how our senior engineering pod delivered production-ready results

1

Daily Cost Scanning Engine

  • EventBridge triggers daily scans across all connected AWS accounts
  • Cost Explorer API pulls yesterday's spend, compares to 30-day rolling average
  • Flags spikes >20% or >$500 absolute increase with severity and resource ARN
2

30+ Optimization Rules

  • Covers EC2, Lambda, RDS, DynamoDB, S3, EBS, NAT Gateway, CloudWatch
  • Each rule outputs specific fix: CLI command or Terraform code with dollar savings
  • Rules ranked by impact across multi-account environments
3

Slack-First Delivery

  • Anomaly alerts with fix commands delivered within 24 hours
  • Daily optimization digests ranked by savings amount
  • No dashboard required. Engineers get fixes where they already work.

Final Outcomes

Results

$6,496/month savings identified in a single Aurora sprawl scan
$1,112/month savings across 7 AWS regions in one account
30+ automated detection rules replacing manual FinOps review
5-minute setup: CloudFormation one-click, read-only IAM, zero risk
Anomaly detection within 24 hours, not at month-end
Exact CLI and Terraform fix commands, not vague recommendations

Working on something similar?

Book a 15-minute call. We'll tell you honestly if we're the right fit.

Book a 15-min Call