SkillAgentSearch skills...

Kosty

Identify AWS cost waste and security vulnerabilities across 16 core services with a single command

GenerateConvertImprove

Install / Use

/learn @kosty-cloud/Kosty
About this skill

Quality Score

0/100

Category

Operations

Supported Platforms

Universal

README

💰 Kosty - AWS Cost Optimization & Security Audit CLI Tool

<div align="center">

Kosty Logo Python AWS License

💡 Need expert help optimizing your AWS infrastructure? Professional consulting services available →

🚀 Identify AWS cost waste and security vulnerabilities across 16 core services with a single command

Save thousands of dollars monthly and improve security posture by finding unused resources, oversized instances, misconfigurations, and compliance issues

🎯 Quick Start📖 Documentation🔧 Installation💡 Examples

📊 Visual Dashboard

Not just CLI! Kosty includes a beautiful, modern web dashboard to visualize your optimization results:

Kosty Dashboard

Premium Features: Interactive charts, responsive design, real-time data visualization, and professional reporting.

</div>

🌟 Built by a Cloud Consultant, for Cloud Engineers

After years of AWS consulting , I kept finding the same costly patterns:

  • Load Balancers with no targets 10K$-30K$/year wasted
  • Orphaned EBS volumes: $1,000-2,500/year
  • Unused NAT Gateways, oversized instances, old snapshots,...

Every. Single. Time.

So I built Kosty - the tool I wish existed when I started consulting.

What Kosty Does

  • 🔍 Scans 16 core AWS services in one command
  • 💰 Quantifies cost savings with real dollar amounts (11 services)
  • 📊 Finds oversized instances (EC2, RDS, Lambda)
  • 🔐 Detects security vulnerabilities (public DBs, unencrypted storage, open ports)
  • 🛡️ Identifies compliance issues (old access keys, public snapshots, weak configurations)

One command. Full audit. Real savings. Free forever.

AWS costs and security risks can spiral out of control quickly. Kosty helps you:

  • 🔍 Discover unused resources and security vulnerabilities across 16 core AWS services
  • 💰 Quantify cost savings with real dollar amounts ($X/month calculations)
  • 🔐 Detect security misconfigurations and compliance issues
  • Optimize with prioritized recommendations by financial impact
  • 🏢 Scale across entire AWS Organizations with parallel processing
  • 📊 Track ROI with detailed cost reporting

🎯 Quick Start

# Install Kosty via pip (recommended)
pip install kosty

# Or install from source
git clone https://github.com/kosty-cloud/kosty.git
cd kosty && ./install.sh

# 🚀 ONE COMMAND TO RULE THEM ALL - Comprehensive scan
kosty audit --output all

# Organization-wide comprehensive scan with reports
kosty audit --organization --max-workers 20 --output all

# Individual service scans
kosty ec2 audit --cpu-threshold 20
kosty rds audit
kosty s3 audit

# Cost and security audits separately
kosty ec2 cost-audit --cpu-threshold 20
kosty s3 security-audit
kosty iam security-audit

# Individual checks
kosty ec2 check-oversized-instances --cpu-threshold 20
kosty ec2 check-stopped-instances --days 7
kosty s3 check-empty-buckets
kosty rds check-public-databases

# 📊 View results in beautiful dashboard
open dashboard/index.html

🔧 Installation

Prerequisites

  • Python 3.7+
  • AWS CLI configured with appropriate credentials

Quick Install (Recommended)

pip install kosty

Install from Source

git clone https://github.com/kosty-cloud/kosty.git
cd kosty
./install.sh

Development Install

git clone https://github.com/kosty-cloud/kosty.git
cd kosty
pip install -e .

💡 Examples

🏆 High-Impact Optimizations with Cost Savings

# Find oversized EC2 instances (potential $280/month per m5.2xlarge)
kosty ec2 check-oversized-instances --cpu-threshold 20

# Find oversized RDS instances (potential $700/month per db.r5.4xlarge)
kosty rds check-oversized-instances --cpu-threshold 20

# Find over-provisioned Lambda functions (memory optimization savings)
kosty lambda check-over-provisioned-memory

# Find orphaned EBS volumes (potential $10/month per 100GB)
kosty ebs check-orphan-volumes

# Find unattached Elastic IPs (potential $3.60/month each)
kosty eip check-unattached-eips

# 💰 View total potential savings in dashboard
kosty audit --output json && open dashboard/index.html

🔍 Resource Discovery & Security Audits

# Storage optimization & security
kosty s3 check-empty-buckets
kosty s3 check-public-read-access
kosty s3 check-encryption-at-rest
kosty ebs check-orphan-volumes
kosty ebs check-unencrypted-orphan
kosty snapshots check-old-snapshots --days 30
kosty snapshots check-public-snapshots

# Database optimization & security
kosty rds check-oversized-instances --cpu-threshold 20
kosty rds check-public-databases
kosty rds check-unencrypted-storage
kosty dynamodb check-idle-tables

# Network optimization & security
kosty lb check-no-healthy-targets
kosty nat check-unused-gateways
kosty sg check-unused-groups
kosty sg check-overly-permissive

# Security & compliance checks
kosty ec2 check-ssh-open
kosty ec2 check-imdsv1
kosty ec2 check-unencrypted-ebs
kosty iam check-root-access-keys
kosty iam check-unused-roles
kosty iam check-old-access-keys

🏢 Comprehensive Scanning

# 🎯 ULTIMATE COST AUDIT - All services, all checks
kosty audit --output all

# Organization-wide comprehensive scan (16 services)
kosty audit --organization --max-workers 20 --output json

# Multi-region comprehensive audit
kosty audit --regions us-east-1,eu-west-1,ap-southeast-1 --output csv

# Single region scan
kosty audit --region eu-west-1 --output json

# Quick console summary
kosty audit --output console

# Generate all report formats
kosty audit --organization --output all --max-workers 15

# 📊 Visualize results in dashboard
kosty audit --output json
open dashboard/index.html  # Upload the JSON file

🚀 Command Types

Kosty offers 3 types of commands for maximum flexibility:

1. 🎯 Complete Audits - Full service analysis

kosty <service> audit           # Complete audit (cost + security)
kosty ec2 audit                 # All EC2 checks
kosty s3 audit                  # All S3 checks

2. 💰 Targeted Audits - Cost or security focus

kosty <service> cost-audit      # Cost optimization only
kosty <service> security-audit  # Security issues only

kosty ec2 cost-audit           # EC2 cost issues only
kosty s3 security-audit        # S3 security issues only
kosty iam security-audit       # IAM security issues only

3. 🔍 Individual Checks - Specific issue detection

kosty <service> check-<issue>   # Specific check

kosty ec2 check-oversized-instances
kosty ec2 check-stopped-instances
kosty s3 check-empty-buckets
kosty rds check-public-databases
kosty iam check-root-access-keys

4. 🌍 Multi-Region & Organization - Comprehensive scanning

# Multi-region scanning
kosty audit --regions us-east-1,eu-west-1,ap-southeast-1
kosty ec2 audit --regions us-east-1,eu-west-1

# Organization-wide with multi-region
kosty audit --organization --regions us-east-1,eu-west-1 --max-workers 20
kosty s3 check-public-read-access --organization --regions us-east-1,eu-west-1

# Custom cross-account role for organization scanning
kosty audit --organization --cross-account-role MyCustomRole

# Separate organizational admin account
kosty audit --organization --org-admin-account-id 123456789012

# Combined custom role and admin account
kosty audit --organization --cross-account-role MyRole --org-admin-account-id 123456789012

5. 🔄 Multi-Profile Audits - Run across all profiles in parallel

# Run audit on all profiles from config file
kosty audit --profiles --output all

# Control parallel execution (default: 3 profiles at once)
kosty audit --profiles --max-parallel-profiles 5

# Multi-profile with custom config file
kosty audit --config-file /path/to/config.yaml --profiles --output json

# Override settings for all profiles
kosty audit --profiles --max-workers 10 --output csv

What happens:

  • Reads all profiles from your config file
  • Runs audits in parallel (default: 3 at a time)
  • Generates separate reports per profile: output/kosty_audit_<profile>_<timestamp>.json
  • Creates summary report: output/kosty_summary_<timestamp>.json
  • Continues on errors (failed profiles don't stop others)
  • Shows aggregated totals across all profiles

💰 Cost Quantification Engine

💵 Services with Cost Calculations (11 Services)

Kosty provides real monthly and annual savings estimates for these services:

| Service | Cost Calculation | Example Savings | |---------|------------------|----------------| | EBS | Orphaned volumes by size & type | $10.00/month (100GB gp2) | | EC2 | Stopped instances by type | $280.32/month (m5.2xlarge) | | EIP | Unattached Elastic IPs | $3.60/month (fixed rate) | | NAT Gateway | Unused gateways | $32.85/month (per gateway) | | Load Balancer | ALBs with no targets | $16.43/month (per ALB) | | S3 | Lifecycle optimization candidates | $2.30/month (100GB) | | Snapshots | Old EBS snapshots | $5.00/month (100GB) | | Backup | Empty AWS Backup vaults | $0.00/month (no storage) | | RDS | Oversized instances (<20% CPU) | $700.80/month (db.r5.4xlarge) | | Lambda | Over-provisioned memory (>512MB) | $0.68/month (optimization) | | DynamoDB | Idle tables (low RCU/WCU) | Variable (on-demand savings) |

📈 Services with Audit Only (5 Services)

These services provide security and compliance audits without cost quantification:

  • IAM: Sec

kosty-cloud

View profile

View on GitHub
GitHub Stars265
CategoryOperations
Updated15d ago
Forks22
kosty-cloud/kosty

Languages

Python

Security Score

100/100

Audited on Mar 19, 2026

No findings