CloudHero

Get a detailed cost optimization report for your AWS account. No access required, your data stays in your account.

How It Works

Submit Request

Enter your details. We verify your email with a one-time code.

Cloudflare Pages API Gateway

Run Scanner

A Docker container runs read-only APIs in your account. Describe*, List*, Get* only.

Docker Read-Only APIs

Encrypt & Upload

Data encrypted client-side with AES-256-GCM + RSA-OAEP. Plaintext never leaves your machine.

AES-256-GCM RSA-OAEP

Generate Report

Lambda decrypts with a private key from Secrets Manager, then runs cost analysis.

Lambda Secrets Manager

Receive Report

Cost optimization report emailed to you. Link valid 7 days. Data deleted after 90.

SES S3

Your data is encrypted before it leaves your machine

Encrypted payload

Resource inventory (EC2, RDS, S3, EBS, ElastiCache, EFS, CloudFront, LBs, NAT GWs)
CloudWatch metrics (CPU, network, cache hit rates — 30 day window)
Cost Explorer data (per-service costs, Savings Plans, RI utilization)

Built on

Cloudflare Pages WAF CDN Lambda API Gateway S3 DynamoDB SES Secrets Manager ACM