Rules are automated checks that evaluate your AWS resources against cost optimization best practices. Each rule targets a specific waste pattern — idle resources, outdated configurations, missing policies — and tells you exactly what to fix and why it costs you money.
Rule ID Format
Every rule follows the pattern CLDBRN-{PROVIDER}-{SERVICE}-{N}:
CLDBRN— CloudBurn namespacePROVIDER— Cloud provider (currentlyAWS)SERVICE— AWS service short name (e.g.,EC2,S3,RDS)N— Sequential rule number within the service
Example: CLDBRN-AWS-EC2-3 is the third EC2 rule.
Scan Types
CloudBurn rules operate in three modes depending on where they look for waste:
| Scan Type | Rules | How It Works |
|---|---|---|
| Discovery | 39 | Scans live AWS resources via Resource Explorer and service APIs |
| IaC | 10 | Scans Terraform (.tf) and CloudFormation (.json/.yaml) templates statically |
| Both | 26 | Rules that work in either discovery or IaC mode |
| Total | 75 |
Rule Evaluation Flow
Rules by Service
| Service | Rules | Scan Types | Reference |
|---|---|---|---|
| API Gateway | 1 | Discovery, IaC | API Gateway Rules |
| CloudFront | 2 | Discovery, IaC | CloudFront Rules |
| CloudTrail | 2 | Discovery | CloudTrail Rules |
| CloudWatch | 3 | Discovery, IaC | CloudWatch Rules |
| Cost Explorer | 1 | Discovery | Cost Explorer Rules |
| Cost Guardrails | 2 | Discovery | Cost Guardrails Rules |
| DynamoDB | 4 | Discovery, IaC | DynamoDB Rules |
| EBS | 9 | Discovery, IaC | EBS Rules |
| EC2 | 11 | Discovery, IaC | EC2 Rules |
| ECR | 3 | Discovery, IaC | ECR Rules |
| ECS | 3 | Discovery, IaC | ECS Rules |
| EKS | 1 | Discovery, IaC | EKS Rules |
| ElastiCache | 2 | Discovery | ElastiCache Rules |
| ELB | 5 | Discovery | ELB Rules |
| EMR | 2 | Discovery, IaC | EMR Rules |
| Lambda | 5 | Discovery, IaC | Lambda Rules |
| RDS | 8 | Discovery, IaC | RDS Rules |
| Redshift | 3 | Discovery, IaC | Redshift Rules |
| Route 53 | 2 | Discovery, IaC | Route 53 Rules |
| S3 | 4 | Discovery, IaC | S3 Rules |
| SageMaker | 1 | Discovery | SageMaker Rules |
| Secrets Manager | 1 | Discovery | Secrets Manager Rules |
What's Next
- Understanding Rules — learn how rules work, how to configure them, and how to read findings
- CLI scan command — run IaC scans from the command line
- CLI discover command — scan live AWS resources from the command line
- SDK Reference — integrate rules into your own tooling