展示HN:CleanCloud – 20条规则帮助你找出在AWS和Azure上花费的费用来源
大多数云成本工具需要写入权限,向SaaS平台发送数据,并生成无人采取行动的报告。<p>CleanCloud 则不同:它是只读的,运行在您的环境中,并作为CI/CD的门槛来强制执行卫生管理。<p>AWS 规则(10条):
- 未附加的EBS卷
- 旧的EBS快照(90天以上)
- 无限保留的CloudWatch日志
- 未附加的弹性IP(30天以上)
- 脱离的网络接口(60天以上)
- 未标记的资源(EBS、S3、日志组)
- 旧的AMI(180天以上)
- 空闲的NAT网关(每个约32美元/月)
- 空闲的RDS实例(14天以上零连接)
- 空闲的负载均衡器(14天以上零流量)<p>Azure 规则(10条):
- 未附加的托管磁盘
- 旧的快照
- 未使用的公共IP
- 空的负载均衡器
- 空的应用程序网关
- 空的应用服务计划
- 空闲的VNet网关
- 停止(未释放资源)的虚拟机——仍然产生全额计算费用
- 空闲的SQL数据库(14天以上零连接)
- 未标记的资源<p>每个发现包括:
- 置信度等级(高/中)
- 使用的证据和信号
- 资源详情及其年龄<p>在CI/CD中强制执行:
cleancloud scan --provider aws --all-regions --fail-on-confidence HIGH
退出码0 = 通过。退出码2 = 政策违规。
- 无写入权限。
- 无遥测数据。
- 无SaaS。<p>“pip install cleancloud”并在5分钟内运行您的第一次扫描。<p>GitHub: https://github.com/cleancloud-io/cleancloud<p>如果您是200多名下载CleanCloud的用户之一,我们非常希望听到您的反馈。请在 https://github.com/cleancloud-io/cleancloud 提出问题或在下方留言。
查看原文
Most cloud cost tools require write access, send data to SaaS platforms, and generate reports no one acts on.<p>CleanCloud is different: read-only, runs in your environment, and enforces hygiene as a CI/CD gate.<p>AWS Rules (10):
- Unattached EBS Volumes
- Old EBS Snapshots (90+ days)
- Infinite Retention CloudWatch Logs
- Unattached Elastic IPs (30+ days)
- Detached Network Interfaces (60+ days)
- Untagged Resources (EBS, S3, Log Groups)
- Old AMIs (180+ days)
- Idle NAT Gateways (~$32/mo each)
- Idle RDS Instances (zero connections 14+ days)
- Idle Load Balancers (zero traffic 14+ days)<p>Azure Rules (10):
- Unattached Managed Disks
- Old Snapshots
- Unused Public IPs
- Empty Load Balancers
- Empty Application Gateways
- Empty App Service Plans
- Idle VNet Gateways
- Stopped (Not Deallocated) VMs — still incurring full compute charges
- Idle SQL Databases (zero connections 14+ days)
- Untagged Resources<p>Every finding includes:
- Confidence level (HIGH / MEDIUM)
- Evidence and signals used
- Resource details and age<p>Enforce in CI/CD:
cleancloud scan --provider aws --all-regions --fail-on-confidence HIGH
Exit 0 = pass. Exit 2 = policy violation.
- No write access.
- No telemetry.
- No SaaS.<p>"pip install cleancloud" and run your first scan in 5 minutes.<p>GitHub: https://github.com/cleancloud-io/cleancloud<p>If you’re one of the 200+ users who have downloaded CleanCloud, we’d love to hear what you found. Please open an issue at https://github.com/cleancloud-io/cleancloud or leave a comment below.