Run an AWS waste & hygiene audit in your GitHub Actions runner. No SaaS ingestion of AWS credentials. Outputs: Summary file + HTML + JSON/CSV artifacts.

memories.sh — One layer for memories, skills, and rules across any agent

One layer for memories, skills, and rules across any agent

I got tired of watching teams ignore their AWS cost audit reports. Every company I worked with had the same problem: they'd run Trusted Advisor, get a third-party tool, or hire a consultant, and then... nothing. The reports would sit unread because they were either too noisy (full of false positives) or too invasive (required shipping all their AWS inventory to a SaaS). The ones who did read them couldn't trust them enough to act. "Is this EC2 really idle, or are we about to break prod?" "Why is this unattached EBS being flagged when we just created it yesterday?" "Who approved giving this tool read access to our entire account?" The problem we're solving: AWS waste is real, 30-40% of cloud spend is addressable, but the tooling creates a different kind of waste: trust erosion. Existing tools either: Miss the mark because they guess at usage without real metrics Over-collect data in ways that make security/compliance teams uncomfortable Bury cost wins under risk findings (or vice versa), making prioritisation impossible How our approach evolved: We started narrow: "let's just get EC2 and EBS waste detection right with real CloudWatch metrics, and run it in the customer's GitHub Actions runner so nothing leaves their boundary." But as we talked to early pilot customers, we realised: they don't just want a "cost tool." They want an audit. Something that covers the obvious security posture gaps (root MFA, public S3, CloudTrail basics) alongside the money stuff, because that's how real audits work. So we pivoted from "cost optimizer" to "audit-in-a-box": Added security posture checks (IAM hygiene, exposure, audit logging) Separated financial findings from security findings in the report Made provenance transparent ("this was measured via CloudWatch" vs "this is a heuristic") Generated a one-page summary.md so teams can share wins without opening a 50-page HTML report The biggest learning: in B2B tooling, restraint is the feature. Fewer, more defensible findings > maximum "coverage." Privacy-first architecture > another dashboard. Evidence-grade outputs > "trust us." StackSage runs in your GitHub Actions, uses a customer-controlled read-only IAM role, and produces local artifacts (HTML + JSON/CSV + summary). No SaaS data egress, no billing export required, no credential sharing. If you've ever ignored an AWS audit report because it felt too noisy or too risky to act on, this is for you. Try the sample report: https://stacksageai.com/demo-report

Quick StackSage update since v0.3.0 (workspaces + config) 👇

We’ve leveled up from “find obvious waste” to architecture-grade savings recommendations:

v0.4.0: expanded coverage (DynamoDB, ElastiCache, CloudFront, Route53) + stronger CloudWatch-backed confidence
v0.5.0: modernization moves: EC2 → serverless, Lambda → Graviton (arm64), RDS → Aurora Serverless v2
v0.6.0 (just shipped): containers! Added ECS inventory + detectors for EC2-backed ECS → Fargate and Fargate Spot (non-prod) with savings estimates

Also cleaned up the site/docs to be more proof-first (fewer broken links, better light theme, clearer detector list).

If you want, give the free trial run a shot and let us know what else can be covered!