Skip to content
Latest version: v2.15.0

AWS Doctor

Powerful open-source CLI to audit security, costs, and best practices in AWS.

Get Started View on GitHub
AWS Doctor

Core Features

Cost Analytics

Gain a fair assessment of your spending velocity. AWS Doctor compares your current month’s costs against the exact same period in the previous month (e.g., 1st–10th), allowing you to spot anomalies and spikes in real-time.

Zombie Discovery

Get a high-level health check of your entire AWS account. The tool scans multiple services simultaneously to identify idle, unattached, and forgotten resources, providing a unified view of infrastructure waste in seconds.

PDF Reporting

Generate professional, brandable PDF reports for stakeholders. AWS Doctor can now export all audit findings, cost trends, and waste summaries into a clean, ready-to-share document.

Region-Aware Pricing

Cost estimates are backed by live data from the AWS Pricing API for your configured region. If the API is unavailable, the tool falls back to built-in defaults so your scan never fails.

Output Formats

Choose the format that fits your workflow. Use rich terminal tables for quick manual audits, or generate structured JSON output to feed data into your CI/CD pipelines, custom dashboards, and automation scripts.

Security & IAM

Full support for MFA-protected roles and proactive IAM credential audits.

Instant Infrastructure Audit

Compute and EBS

Detect stopped EC2 instances, unattached EBS volumes, orphaned snapshots, unused AMIs, unused key pairs, expiring Reserved Instances, and over-provisioned Lambda memory.

Databases

Identify stopped RDS instances, old manual snapshots, and idle database connections.

Storage and Logs

Audit S3 buckets without lifecycle policies, abandoned multipart uploads, CloudWatch Log Groups without retention, and ECR repositories with untagged images or missing lifecycle policies.

Networking

Identify unassociated Elastic IPs, idle NAT Gateways, and Load Balancers without healthy targets.

Machine Learning

Detect idle SageMaker endpoints with zero recent invocations.

Configuration and Secrets

Flag unused Secrets Manager secrets that have not been accessed within a configurable threshold.

Join the Community

9 Contributors
18 Forks

Report Issues

Found a bug or have an idea for a new detection rule? Help us improve the tool by opening an issue on GitHub.

Contribute Code

Ready to contribute? We welcome PRs for new features, bug fixes, and documentation improvements.