CloudBurn Rules
Rules are automated checks that evaluate your AWS resources against cost optimization best practices. Each rule targets a specific waste pattern — idle resources, outdated configurations, missing policies — and tells you exactly what to fix and why it costs you money.
Rule ID Format
Every rule follows the pattern CLDBRN-{PROVIDER}-{SERVICE}-{N}:
CLDBRN— CloudBurn namespacePROVIDER— Cloud provider (currentlyAWS)SERVICE— AWS service short name (e.g.,EC2,S3,RDS)N— Sequential rule number within the service
Example: CLDBRN-AWS-EC2-3 is the third EC2 rule.
Scan Types
CloudBurn rules operate in three modes depending on where they look for waste:
| Scan Type | Rules | How It Works |
|---|---|---|
| Discovery | 27 | Scans live AWS resources via Resource Explorer and service APIs |
| IaC | 1 | Scans Terraform (.tf) and CloudFormation (.json/.yaml) templates statically |
| Both | 7 | Rules that work in either discovery or IaC mode |
| Total | 35 |
Rule Evaluation Flow
Rules by Service
| Service | Rules | Scan Types | Reference |
|---|---|---|---|
| CloudTrail | 2 | Discovery | CloudTrail Rules |
| CloudWatch | 2 | Discovery | CloudWatch Rules |
| EBS | 3 | Discovery, IaC | EBS Rules |
| EC2 | 9 | Discovery, IaC | EC2 Rules |
| ECR | 1 | Discovery, IaC | ECR Rules |
| ECS | 3 | Discovery | ECS Rules |
| EKS | 1 | Discovery | EKS Rules |
| ElastiCache | 1 | Discovery | ElastiCache Rules |
| ELB | 3 | Discovery | ELB Rules |
| EMR | 2 | Discovery | EMR Rules |
| Lambda | 1 | Discovery, IaC | Lambda Rules |
| RDS | 2 | Discovery, IaC | RDS Rules |
| Redshift | 3 | Discovery | Redshift Rules |
| S3 | 2 | Discovery, IaC | S3 Rules |
What's Next
- Understanding Rules — learn how rules work, how to configure them, and how to read findings
- CLI scan command — run IaC scans from the command line
- CLI discover command — scan live AWS resources from the command line
- SDK Reference — integrate rules into your own tooling