Scan. Detect. Fix.
Verify.

The only cloud cost tool that fixes problems and proves the savings.

Continuously finds cloud waste across GCP and AWS, fixes it via PR, and proves the savings were real. Closed-loop automation from detection to verified billing reduction.

Start Your Free Cloud ScanSee How It Works

What is Cloud Guardian?

Cloud Guardian is a multi-cloud FinOps automation platform for Google Cloud Platform and Amazon Web Services. It continuously scans your cloud projects for cost waste, security misconfigurations, and idle resources — then automatically generates fixes as Terraform changes delivered through GitHub Pull Requests.

Unlike traditional cloud cost management tools that only report problems, Cloud Guardian implements a closed-loop remediation cycle: scan infrastructure, detect violations, apply fixes, and verify the savings were real. Every 6 hours, it scans 14 resource types across both clouds — from GCP Cloud Run and Compute Engine to AWS Lambda, EC2, and RDS — finding idle scaling, stale images, unused secrets, over-provisioned instances, and cost anomalies.

Whether you're managing a single project or dozens, Cloud Guardian eliminates cloud waste detection guesswork with automated infrastructure optimization that your team can review and approve before any changes are applied to production.

Google Cloud PlatformAmazon Web ServicesCloud RunLambdaEC2TerraformGitHub Actions

Infrastructure cost protection, automated

Cloud Guardian watches your GCP and AWS projects 24/7, catching waste before it compounds.

Closed-Loop Cloud Remediation

Scan, detect, fix, and verify in a single automated cycle. Cloud Guardian identifies idle Cloud Run services, over-provisioned EC2 instances, unused Lambda functions, stale Artifact Registry images, and more across GCP and AWS — then resolves them and confirms the savings on the next scan cycle.

GitHub PR Infrastructure Fixes

Infrastructure changes are proposed via GitHub Pull Requests with full Terraform diffs. Cloud Guardian generates precise changes — like setting cpu_idle = true or min_instance_count = 0 — so your team reviews and approves before anything touches production.

Automated Cost Verification

After remediation, Cloud Guardian re-scans the affected project within minutes to verify the fix took effect. It tracks CPU, memory, and request metrics alongside cost data to confirm that projected savings actually materialize — no more hoping your optimization worked.

Developer Tools

Built for developers

Command-line tools, AI integration, and code quality automation for engineering teams.

CloudGuardian CLI

Manage your entire cloud infrastructure from the terminal. Trigger scans, view costs, execute remediations, and track code quality — all without leaving your development environment.

Install CLI

MCP Server

Built-in Model Context Protocol server for AI assistants. Connect Claude Code, Cursor, or any MCP client to query costs, trigger scans, and get optimization recommendations using natural language.

Learn More

Quality Gates

Integrated code quality scanning for TypeScript, Go, and Python. Track test coverage, lint violations, and code complexity with cloudguard quality scan — publish reports directly to your dashboard.

View Docs

Self-Updating

The CLI updates itself automatically. Run cloudguard update to check for and install the latest version — no package manager required. Built-in version verification ensures integrity.

How It Works

Install the CLI in seconds

curl -fsSL https://cloudguard.dev/install.sh | bash

Works on macOS, Linux, and Windows (WSL). View all install options →

32projects monitored
$234/moverified savings
192automated remediations

Compare cloud costs instantly

See how your server costs compare across 7 cloud providers. Adjust specs to find your cheapest option.

4
183264
8 GB
1GB16GB128GB256GB
100GB
25GB200GB1TB2TB
HetznerHetzner
CX32
$9.44/mo
2
VultrVultr
vc2-4c-8gb
$40.00/mo
3
LinodeLinode
Linode 8GB
$48.00/mo
4
DigitalOceanDigitalOcean
CPU 4vCPU/8GB
$89.00/mo
5
Google CloudGoogle Cloud
e2-standard-4
$114.83/mo
6
AWSAWS
t3.xlarge
$129.47/mo
7
Microsoft AzureAzure
B4ms
$130.16/mo

Choosing Hetzner over Azure saves $1,448.62/yr

Full Calculator

How it works

Four steps to optimized infrastructure

01

Scan

Connect your GCP or AWS account with a service account or IAM credentials. Cloud Guardian scans 14 resource types including Cloud Run, Lambda, EC2, RDS, Compute Engine, and more.

02

Detect

Configurable checks identify idle services, over-provisioned resources, stale images, unused secrets, and cost anomalies.

03

Fix

Remediation actions are planned with estimated savings. Apply directly via GCP API or as a Terraform PR through your GitHub repo.

04

Verify

After execution, Cloud Guardian re-scans the project to confirm the fix took effect and the savings are real.

Frequently Asked Questions

What cloud services does Cloud Guardian monitor?

Cloud Guardian monitors 14 resource types across GCP and AWS. On GCP: Cloud Run, Compute Engine, Cloud SQL, Cloud Storage, Cloud Functions, GKE, BigQuery, Secret Manager, and Artifact Registry. On AWS: Lambda, EC2, RDS, ECS, and S3. It detects idle services, over-provisioning, excessive storage, stale images, and cost anomalies using native cloud metrics.

How does automated remediation work?

When Cloud Guardian detects a violation — like a Cloud Run service with cpu_idle=false — it generates a fix and either applies it directly via GCP APIs or creates a GitHub Pull Request with the Terraform changes. Your team reviews and merges the PR, and Cloud Guardian verifies the savings on the next scan cycle.

Is Cloud Guardian free?

Yes, Cloud Guardian is free to get started. Connect your GCP or AWS account, run your first scan, and start seeing optimization recommendations immediately. There are no upfront costs or commitments required.

How are infrastructure fixes applied?

Cloud Guardian supports two modes: direct API execution for immediate fixes (like scaling down idle services) and PR-based remediation for Terraform-managed infrastructure. PR mode generates precise Terraform diffs — for example, setting cpu_idle = true or min_instance_count = 0 — that your team can review before merging.

How does cost verification work?

After a remediation is applied, Cloud Guardian re-scans the affected project within minutes to confirm the change took effect. It then tracks cost metrics over subsequent scan cycles to verify that projected savings materialize. This closed-loop verification ensures you never have to guess whether an optimization actually worked.

What IAM permissions does Cloud Guardian need?

For GCP, Cloud Guardian requires read-only access via roles/viewer, roles/run.viewer, and roles/secretmanager.viewer through a dedicated service account. For AWS, it uses IAM credentials with read-only access to the services being scanned. For automated remediation, additional write permissions are needed on the specific services being optimized.

0
Resource types scanned
0
Cloud providers
0
Built-in cost checks
$0
To start

Stop overpaying for cloud

Connect your GCP or AWS account in under 5 minutes. Start seeing savings on the first scan.

Get Started Free