Automating AWS Cost Optimization with an AI Agent: From Monthly Audits to Daily Savings
This is part three of our AWS cost optimization series. Part one mapped the seven places AWS bills leak. Part two walked through auditing all seven with native tools — Cost Explorer, Trusted Advisor, Compute Optimizer, CloudWatch, and the CLI.
If you ran that audit, you now have a findings document and a problem: the audit took hours, the findings started decaying the moment you exported them, and every fix still needs a ticket. Meanwhile the waste regenerates daily — every deploy can orphan a volume, every scale-up can open a coverage gap. Monthly audits versus daily waste is a losing race.
This article covers the automation step: how CloudThinker's CostOps agent runs those same seven checks continuously, what its first analysis of a typical account looks like, and — just as important — what it will not do without your approval.
How the CostOps agent works
Connection: a read-only IAM role, about 5 minutes
CostOps connects to AWS the way your security team would insist on anyway: a cross-account IAM role with read-only permissions. No agents on instances, no credentials stored, no write access at connection time. You create the role from a provided template, paste the role ARN, and the first scan starts. The whole flow takes about five minutes — the connection guide on docs has the exact policy JSON so your security review can see precisely what is (and isn't) granted.
Continuous scanning of all seven waste sources
Once connected, the agent runs the same checks you did manually in part two — continuously, across every region:
- Unattached EBS volumes and orphaned snapshots
- Idle or oversized EC2 instances (low CPU over 30 days)
- Reserved Instance / Savings Plans coverage gaps
- Unused Elastic IPs and idle load balancers
- Over-provisioned RDS instances
- Data transfer costs (cross-AZ, NAT gateway)
- Non-production environments running 24/7
The difference from your manual audit isn't the checks — it's the cadence. A volume orphaned on Tuesday is a finding on Tuesday, not a line in next quarter's audit. Findings carry the same evidence you'd gather yourself: the metrics window, the current cost, the projected saving as a range.
Graduated autonomy: you decide what the agent may touch
Every remediation type has an autonomy level you set per environment:
- Notify — the agent reports the finding. Nothing else. (The default for everything.)
- Suggest — the agent proposes the specific remediation with projected impact and rollback notes.
- Approve — the agent prepares the action and executes only after a named human clicks approve.
- Autonomous — the agent executes and reports. Most teams reserve this for provably-safe, reversible actions in non-prod — deleting a snapshotted unattached volume in staging, say — after weeks of watching the agent be right at the Approve level.
Every action, at every level, lands in an audit trail: what was found, what was proposed, who approved, what changed, when. Nothing about your part-two audit skills is wasted here — you're reviewing the same evidence, minus the hours of collecting it.
What the first analysis typically returns
Numbers below are illustrative — a composite of what a first scan tends to surface on a mid-market account around $60K/month. Your account will differ.
| Finding | Detail | Est. monthly impact |
|---|---|---|
| Unattached EBS volumes | 23 volumes, 4.1 TB, oldest 14 months | ~$380 |
| Orphaned snapshots | 1,900 snapshots past any plausible retention | ~$640 |
| Idle/oversized EC2 | 14 instances under 10% avg CPU over 30 days | ~$3,100 |
| Savings Plans gap | Coverage at 41%; stable baseline supports ~75% | ~$4,800 |
| EIPs + idle ALBs | 11 unassociated EIPs, 3 ALBs at near-zero requests | ~$110 |
| Over-provisioned RDS | 2 db.r5.2xlarge at 8% CPU → db.r5.xlarge | ~$1,050 |
| NAT gateway traffic | 18 TB/month, mostly S3 — VPC endpoint candidate | ~$1,300 |
| Non-prod running 24/7 | Staging + dev fleets, no schedule | ~$5,200 |
That's roughly $16,500/month identified on day one — about a quarter of the bill — before deeper architectural items. Notice the shape: two boring line items (Savings Plans coverage and non-prod scheduling) dominate, which matches what you'd find manually. The agent's value isn't exotic findings; it's that this table refreshes itself every day and each row arrives with a proposed, approval-gated fix.
Prompts to try in your first session
CostOps is conversational — you ask Alex, CloudThinker's cost engineering agent, in plain language:
@alex analyze spending trends over the last quarter and flag anything growing faster than 10% month-over-month@alex identify unattached volumes and unused elastic IPs across all regions@alex recommend reserved instance purchases for stable workloads, with break-even analysis@alex which non-production resources ran between midnight and 6am last week?@alex estimate what a gateway VPC endpoint for S3 would save on our NAT gateway costs
Each answer cites the underlying data — the same Cost Explorer and CloudWatch evidence from part two — so you can verify rather than trust.
What the agent does not do
Worth stating plainly, because "AI agent with access to prod" should make you ask:
- It is read-only by default. The connection role grants no write permissions. Remediation requires you to explicitly grant scoped write access and set an autonomy level above Notify.
- It does not delete, resize, or purchase without approval unless you have deliberately set that specific action class to Autonomous for that specific environment.
- It does not touch anything unfindable in the audit trail. Every proposed and executed action is logged with its evidence and approver.
- It does not replace judgment on architectural questions. It will tell you the NAT gateway is processing 18 TB of S3 traffic; whether to re-architect the VPC is an engineering decision, and it stays yours.
If you did the part-two audit manually, the right mental model is: the agent is that audit, running daily, with a remediation queue attached — not an autopilot you hand the keys to on day one.
From audit to habit
You know where AWS bills leak. You know how to audit every leak with native tools. The remaining gap is cadence — and that's an automation problem, not an effort problem. Teams that move from monthly manual reviews to continuous, approval-gated optimization typically reduce their AWS bill by 30–50% over the following months, with the biggest wins from coverage and scheduling.
Try CloudThinker free — 100 premium credits, no card required — and follow the connection guide to see your own account's first findings table within the hour.
