Skip to content

What is a Cost Insight?

A Cost Insight is a built-in CloudPouch check that answers one specific cost question about your AWS account — is this EKS cluster about to trigger Extended Support charges, which EBS volumes bill without doing any work, which team is behind this month’s Bedrock spend — and shows you what fixing it saves.

That single-question focus is deliberate. Generic cost dashboards tell you spend went up; a Cost Insight tells you which resources caused it and what to do about them. Each insight covers one AWS cost area: CloudPouch currently ships insights for EC2, EC2 Auto Scaling Groups, Lambda, EBS, EBS snapshots, S3, EFS, RDS, DynamoDB, DocumentDB, VPC, Elastic Load Balancing, Elastic IPs, EKS, ECR, Bedrock, Glue, and CloudWatch. The Cost Insights overview lists them all by category.

CloudPouch runs on your desktop and calls AWS read-only APIs directly with your own credentials — resource metadata, CloudWatch metrics, and cost data stay between your machine and AWS. It then presents the result as a table or breakdown you can act on: the affected resources, the reason they cost money, and the estimated saving.

You can run insights one service at a time, or run Bulk Cost Insights across every eligible service at once with Cmd/Ctrl + Enter or Analysis → Start Cost Insights Analysis. During a bulk run, each service shows a live badge — Queued, Done, or Failed — so you can watch the analysis progress across your account.

Bulk Cost Insights work for the Current Month and Previous Month timeframes. If an analysis is not available — an unsupported timeframe, an organization-level view, or a job already running — CloudPouch tells you why instead of failing silently.

”No findings” vs. “could not check”

Section titled “”No findings” vs. “could not check””

An empty result can mean two very different things: your account is clean, or CloudPouch was not allowed to look. CloudPouch keeps these separate. When an AWS API call fails with an error such as AccessDenied or OptInRequiredException, the result includes a permission issues panel listing the affected service, region, API operation, and AWS error code — so you can fix the IAM policy rather than assume there is nothing to optimize.