Chad M. Crowell

Detect AWS Orphaned Resources & Send Cost Reports to Slack, Email, and Sheets

How it works This workflow automatically scans AWS accounts for orphaned resources (unattached EBS volumes, old snapshots >90 days, unassociated Elastic IPs) that waste money. It calculates cost impact, validates compliance tags, and sends multi-channel alerts via Slack, Email, and Google Sheets audit logs. Key Features: 🔍 Multi-region scanning with parallel execution 💰 Monthly/annual cost calculation with risk scoring 📊 Professional HTML reports with charts and tables 🏷️ Tag compliance validation (SOC2/ISO27001/HIPAA) ✅ Conditional alerting (only alerts when resources found) 📈 Google Sheets audit trail for trend analysis What gets detected: Unattached EBS volumes ($0.10/GB/month waste) Snapshots older than 90 days ($0.05/GB/month) Unassociated Elastic IPs ($3.60/month each) Typical savings: $50-10K/month depending on account size Set up steps Prerequisites AWS Configuration: Create IAM user n8n-resource-scanner with these permissions: ec2:DescribeVolumes ec2:DescribeSnapshots ec2:DescribeAddresses ec2:DescribeInstances lambda:InvokeFunction Deploy Lambda function aws-orphaned-resource-scanner (Node.js 18+) Add EC2 read-only permissions to Lambda execution role Generate AWS Access Key + Secret Key Lambda Function Code: See sticky notes in workflow for complete implementation using @aws-sdk/client-ec2 Credentials Required: AWS IAM (Access Key + Secret) Slack (OAuth2 or Webhook) Gmail (OAuth2) Google Sheets (OAuth2) Configuration Initialize Config Node: Update these settings: awsRegions: Your AWS regions (default: us-east-1) emailRecipients: FinOps team emails slackChannel: Alert channel (e.g., cloud-ops) requiredTags: Compliance tags to validate snapshotAgeDays: Age threshold (default: 90) Set Region Variables: Choose regions to scan Lambda Function: Deploy function with provided code (see workflow sticky notes) Google Sheet: Create spreadsheet with headers: Scan Date | Region | Resource Type | Resource ID | Monthly Cost | Compliance | etc. Credentials: Connect all four credential types in n8n Schedule: Enable "Weekly Scan Trigger" (default: Mondays 8 AM UTC) Testing Click "Execute Workflow" to run manual test Verify Lambda invokes successfully Check Slack alert appears Confirm email with HTML report received Validate Google Sheets logging works Customization Options Multi-region: Add regions in "Initialize Config" Alert thresholds: Modify cost/age thresholds Additional resource types: Extend Lambda function Custom tags: Update required tags list Schedule frequency: Adjust cron trigger Use Cases FinOps Teams: Automated cloud waste detection and cost reporting Cloud Operations: Weekly compliance and governance audits DevOps: Resource cleanup automation and alerting Security/Compliance: Tag validation for SOC2/ISO27001/HIPAA Executive Reporting: Monthly cost optimization metrics Resources AWS IAM Best Practices Lambda Function Code

By Chad M. Crowell

94