CloudPouch documentation
CloudPouch is a desktop application that analyzes your AWS bill and finds concrete savings: unattached EBS volumes, GP2 volumes that should be GP3, RDS and EKS Extended Support surcharges, idle Elastic IPs, oversized DynamoDB capacity, and more. It runs 100% locally on Windows, macOS, or Linux using your existing AWS profiles — there is no infrastructure to install in your AWS account, and your AWS cost data is never stored on any vendor’s servers.
What you get
Section titled “What you get”CloudPouch runs focused checks called Cost Insights across EC2, EBS, RDS, S3, EKS, Bedrock, Lambda, DynamoDB, CloudWatch, VPC, and more — see the full list of supported Cost Insights. Each insight names the resources that are wasting money, estimates the cost impact, and tells you what to do about it. You can run one service at a time or analyze every eligible service in a single bulk run.
Real results
Section titled “Real results”- GP2 to GP3 migration — in a 2021/2022 engagement, CloudPouch analyzed roughly 17,000 GP2 volumes in an account spending about $100,000/month on EBS and found a ~20% saving: $18,890/month.
- EBS snapshot parking — in a 2023 engagement, thousands of stopped EC2 instances were still paying $150,000/month for their EBS volumes. Replacing idle volumes with snapshots saved $109,926/month ($1.32M/year) and cut average monthly storage cost per EC2 instance from $14.20 to $5.82.
Start here
Section titled “Start here”New to CloudPouch? Getting Started walks you through the whole journey: install the desktop app, connect an AWS profile (CloudPouch reads the same ~/.aws files as the AWS CLI, including SSO), and run your first Cost Insight.
Clearing security review
Section titled “Clearing security review”Because CloudPouch is a desktop app, AWS cost and resource data travels between AWS and your computer. CloudPouch sends no telemetry, crash reports, or product analytics. Its only outbound connections besides AWS API calls are license key verification (your license key plus a machine identifier, sent at app launch) and an update check against GitHub Releases — your AWS cost data, resource metadata, credentials, and analysis results never reach CloudPouch servers. If your security team needs details, point them to Desktop app vs SaaS, AWS read-only access, and AWS credentials and SSO profiles.