AWS
Infrastructure
Made Clear
Visualize your network. Analyze traffic. Cut waste.
All in one place. Completely free.
Network Topology
See your entire AWS network architecture. VPCs, subnets, gateways, and connections—visualized.
VPC Groups
See subnets, route tables, and network ACLs organized by VPC
Gateway Connections
NAT gateways, internet gateways, and transit gateway attachments
VPC Peering
Visualize peering connections between VPCs
Cost Optimization
Find idle resources. Right-size instances. Cut waste with automated checks.
$5,280/year potential savings
Critical issues requiring attention
Fixable in under 5 minutes
Daily Cost Waste (Last 7 Days)
~$18/day in preventable cloud costs
Example Cost Findings
High S3 data transfer - VPC endpoint recommended
application-data-bucket2.4 TB/month cross-region data transfer from us-east-1
Deploy VPC endpoint for S3 to eliminate data transfer charges. Current transfer rate: 2.4 TB/mo Ă— $0.09/GB = $216/mo. VPC endpoints are free and eliminate this cost entirely.
Log group with excessive retention (never expires)
/aws/lambda/data-processor-prod420 GB of CloudWatch Logs with infinite retention
Set retention to 30 days for application logs. Long-term log storage should use S3 ($0.023/GB) instead of CloudWatch ($0.50/GB). Consider exporting to S3 and deleting old logs.
Old unused AMI with snapshots
ami-0abc123def456 (api-server-v1.2.3-deprecated)AMI from 2022 with 4 associated snapshots (280 GB)
Deregister AMI ami-0abc123def456 and delete associated snapshots. This AMI hasn't been used to launch instances in 18 months. Always keep the last 3 production AMIs.
Security & Compliance
Continuous compliance monitoring across multiple frameworks. Identify security risks and misconfigurations before they become problems.
Immediate action required
Address within 7 days
368 controls passing
Example Security Findings
S3 bucket publicly accessible
prod-customer-dataBucket allows public read access - potential data exposure
Security group allows 0.0.0.0/0 on port 22
sg-0abc123def456 (web-servers)SSH access open to entire internet
IAM password policy - minimum length not set
AWS Account Password PolicyPassword policy doesn't enforce minimum length requirement
Multiple Frameworks
Monitor compliance across CIS AWS, PCI DSS, HIPAA, SOC 2, and more. All in one dashboard.
Continuous Monitoring
Automated daily scans detect new security issues immediately. Get notified of critical findings via Slack or email.
Audit-Ready Reports
Generate compliance reports for auditors. Export findings with evidence and remediation steps.
Tag Compliance
Enforce tagging standards across all resources. Define policies, catch violations, and maintain governance at scale.
Enforcing 12 required tags
73% compliance rate
8 high, 12 medium, 4 low
Active Policy: Production Tagging Standard
Required tags and validation rules for all production resources
Example Violations
Missing "Environment" tag
i-0abc123def456 (api-server-prod)Add tag Environment with value 'prod'. This tag is required by the Production Tagging Standard policy for cost allocation.
Invalid "Owner" value: "john"
rds-analytics-clusterUpdate Owner tag to a valid email format (e.g., john@company.com). Current value 'john' doesn't match the required email pattern.
Missing "CostCenter" and "Project" tags
sg-0def789abc123 (default-sg)Add CostCenter tag (format: CC-XXXX) and Project tag. Both are required by organizational tagging policy.
Custom Policies
Define required tags, allowed values, and validation rules. Enforce different standards per account or environment.
Continuous Scanning
Automatically audit all resources against your policies. New resources are checked as soon as they're discovered.
Governance at Scale
Track compliance across all accounts. Generate reports, monitor trends, and hold teams accountable for tagging standards.
Service Quotas
Monitor AWS service limits across all accounts. Get alerts before you hit quotas and prevent outages.
Across 4 accounts, 6 regions
3 critical, 7 warning
All accounts healthy visibility
Quota Usage Overview
Services approaching their limits
Example Quota Alerts
Running On-Demand Standard Instances
Request a limit increase immediately. Current usage is at 95% — auto-scaling events or new deployments will fail.
VPCs per Region
Only 1 VPC remaining. New environment or service deployments will be blocked. Request increase to 10.
Concurrent Executions
Usage trending upward. At current growth rate, you'll hit the limit in ~2 weeks. Request increase proactively.
Multi-Account Monitoring
Track quotas across all AWS accounts and regions. One dashboard for your entire organization's service limits.
Proactive Alerts
Get notified before you hit limits. Configurable warning and critical thresholds with Slack and email notifications.
Usage Trends
Track quota usage over time. Predict when you'll hit limits and plan capacity increases ahead of demand.
Traffic Analysis
See traffic flows between resources. Track data transfer. Identify bottlenecks and find cost savings.
Infrastructure Visualization
Click on any resource to see details, connections, and cost optimization recommendations
Query Builder
Query your flow logs with a powerful visual interface. No SQL required. Filter, aggregate, and export results in seconds.
| srcaddr | dstaddr | srcport | dstport | bytes | action |
|---|---|---|---|---|---|
| 10.0.2.45 | 10.0.3.12 | 54321 | 5432 | 43,200,000 | ACCEPT |
| 10.0.1.45 | 10.0.2.45 | 443 | 8080 | 18,700,000 | ACCEPT |
| 203.0.113.42 | 10.0.1.45 | 12345 | 22 | 1,200 | REJECT |
Visual Filters
Build complex queries visually. Filter by IP, port, protocol, action, and time range without writing SQL.
Fast Results
Queries run on AWS Athena for blazing fast results. Search through billions of flow log records in seconds.
Export & Share
Export results to CSV for further analysis. Save queries to reuse later or share with your team.
Completely Free
Every feature. No credit card. No time limit.
100% Free
Every feature. No credit card required. No time limits. No hidden charges. CloudWrangler is completely free to use.
Built by AWS Experts
Created by engineers who've built their careers on AWS. We know the pain points because we've lived them. Real-world experience meets practical solutions.
Your Data Stays Yours
We never sell, share, or monetize your infrastructure data. Read-only access means we only analyze metadata—never your application data. Your privacy is sacred.
Support Us (Optional)
Love what we're building? Buy us a coffee or become a sponsor. Your support helps us keep improving CloudWrangler for everyone.
Support development (completely optional)
Ready to Cut Cloud Waste?
Connect your AWS account and start discovering cost savings, visualizing network topology, and analyzing traffic—all in under 5 minutes. Free. No credit card required.