aws-cost-ops
AWS Cost Operations
MCP Server
- Command:
uvx awslabs.cost-explorer-mcp-server@latest(stdio transport) - Requires:
AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AWS_REGION(orAWS_PROFILE) - Note: Cost Explorer API charges $0.01 per request — be mindful of query volume
Key Capabilities
- Cost breakdown: Spending by service, account, region, or tag
- Time series: Daily, monthly, or custom date range cost trends
- Forecasts: Predicted spend based on historical patterns
- Anomaly detection: Unusual spending spikes
- Filtering: Narrow by service (EC2, VPC, TGW, NAT GW, VPN, etc.)
Workflow: Network Cost Analysis
When a user asks "how much is our AWS network costing?":
- Total network spend: Cost breakdown for VPC, Transit Gateway, NAT Gateway, VPN, ELB, Direct Connect
- Trend: Monthly trend for network services over last 6 months
- Top services: Rank network services by spend (NAT GW data processing is often #1)
- Per-region: Break down network costs by region
- Forecast: Projected network spend for next month
- Report: Network cost dashboard with optimization recommendations
Workflow: Cost Anomaly Investigation
When investigating unexpected charges:
- Daily breakdown: Get daily costs for the spike period
- Service drill-down: Which service caused the spike?
- Region check: Was the spike in a specific region?
- Correlate: Cross-reference with CloudTrail for resource creation events
- Report: Root cause and recommended action
Workflow: Monthly Cost Review
For regular FinOps review:
- Month-over-month: Compare current vs previous month spending
- Service breakdown: Top 10 services by cost
- Network focus: VPC, TGW, NAT GW, VPN, ELB, Direct Connect costs
- Growth rate: Percentage change per service
- Forecast: Next month projection
- Report: Executive cost summary with trends
Common AWS Network Cost Drivers
| Service | Cost Component | Typical Driver |
|---|---|---|
| NAT Gateway | Data processing | $0.045/GB — largest network cost for most |
| NAT Gateway | Hourly charge | $0.045/hr per NAT GW |
| Transit Gateway | Data processing | $0.02/GB per attachment |
| Transit Gateway | Hourly charge | $0.05/hr per attachment |
| VPN | Hourly charge | $0.05/hr per VPN connection |
| VPN | Data transfer | $0.09/GB outbound |
| ELB (ALB) | Hourly + LCU | $0.0225/hr + LCU charges |
| ELB (NLB) | Hourly + NLCU | $0.0225/hr + NLCU charges |
| Direct Connect | Port hours | $0.03-$0.30/hr depending on speed |
| Data Transfer | Cross-AZ | $0.01/GB each direction |
| Data Transfer | Cross-Region | $0.02/GB |
| Data Transfer | Internet out | $0.09/GB (first 10TB) |
Cost Optimization Tips
| Finding | Recommendation |
|---|---|
| High NAT GW data processing | Use VPC endpoints for S3/DynamoDB (free) |
| Multiple NAT GWs per AZ | Consolidate if traffic allows |
| Idle VPN connections | Delete unused VPN tunnels |
| Cross-AZ traffic | Co-locate resources in same AZ where possible |
| Oversized ELB | Right-size based on actual LCU/NLCU usage |
| Unused EIPs | Release unattached Elastic IPs ($0.005/hr) |
Important Rules
- Cost Explorer API charges $0.01 per request — batch queries, avoid excessive polling
- Data lag — Cost data can be delayed up to 24 hours
- Unblended vs amortized — clarify which cost type the user wants
- Record in GAIT — log cost investigations for audit trail
Environment Variables
AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AWS_REGION(orAWS_PROFILE)
More from automateyournetwork/netclaw
pyats-topology
Network topology discovery via CDP/LLDP neighbors, ARP tables, routing peers, and interface mapping to build complete network maps. Use when mapping the network, building a diagram, discovering what is connected to what, or documenting device neighbors and links.
20drawio-diagram
Generate draw.io network diagrams — native .drawio files with CLI export (PNG/SVG/PDF), plus browser-based Mermaid/XML/CSV via MCP server. Use when creating network topology diagrams, generating architecture visuals, exporting diagrams to PNG or PDF, or building draw.io files from discovery data.
19aws-architecture-diagram
AWS architecture diagrams — generate visual network topology diagrams from live AWS infrastructure. Use when drawing AWS network diagrams, visualizing VPCs, mapping Transit Gateway topology, or generating architecture documentation.
19grafana-observability
Grafana observability platform — dashboards, Prometheus PromQL, Loki LogQL, alerting, incidents, OnCall schedules, annotations, datasource queries, panel rendering (75+ tools). Use when querying Grafana dashboards, running PromQL for interface metrics, searching Loki logs for syslog events, investigating firing alerts, or checking who is on call.
18pyats-health-check
Comprehensive network device health monitoring - CPU, memory, interfaces, hardware, NTP, logging, environment, and uptime analysis. Use when running a device health check, monitoring CPU or memory usage, checking interface errors, or validating NTP sync.
17aws-security-audit
AWS security auditing — IAM users/roles/policies, CloudTrail API events, security posture analysis. Use when auditing IAM permissions, investigating security incidents, checking MFA compliance, or tracing API activity in CloudTrail.
16