"Free cloud audit" is the most abused phrase in cloud consulting. Sometimes it means a senior engineer reads your Cost & Usage Report line by line; sometimes it means a sales tool screenshots your Cost Explorer. This page describes what a serious audit examines, what the deliverable should contain, and the access it does (and does not) need, so you can hold any vendor to it, including us.
The access model: read-only, or walk away
An audit needs to see, not touch. The standard inputs: billing exports (AWS CUR, Azure Cost Management, GCP Billing Export), a read-only role for utilisation metrics, and, if you want architecture-level findings, read access to your Terraform or infrastructure repos. Nothing is installed, nothing changes in production, and the access is scoped and revocable. At InfraZen, week one of any engagement is read-only by policy, audit or otherwise.
The 12 line items a serious audit examines
- Commitment coverage. What share of steady-state compute runs on Savings Plans, Reserved Instances or Committed Use Discounts, and whether the terms match workload confidence. The single biggest lever on most bills.
- Rightsizing. Instances and databases provisioned for a peak that never comes. Utilisation data against instance families, not gut feel.
- Zombie resources. Unattached volumes, idle load balancers, forgotten dev environments, elastic IPs billing quietly since 2023.
- Storage tiering. Data on hot tiers that nothing has read in months; lifecycle policies that don't exist; snapshots multiplying without expiry.
- Network and NAT. Cross-AZ chatter, NAT gateway processing fees, egress patterns that a routing change would halve. The least-read lines on the bill.
- Kubernetes bin-packing. Requests vs actual usage, node headroom, spot adoption for fault-tolerant workloads, autoscaler behaviour.
- GPU and AI spend. Utilisation of the most expensive compute on the bill, batching, and whether inference runs on hardware sized for training. (Our GPU cost teardown covers the levers.)
- Observability spend. Log ingestion, retention and cardinality. Monitoring bills that rival the compute they monitor are common and fixable.
- DR and environment duplication. Disaster-recovery copies running hot when they could be pilot-light; staging environments sized like production.
- Tagging and allocation hygiene. What percentage of spend can be attributed to a team or product. Untagged spend is unmanageable spend.
- Anomaly posture. Whether a surprise 3x spike would be caught by an alert or by next month's invoice.
- Unit economics readiness. Whether cost-per-customer or cost-per-request is derivable today, because "the bill went up" means nothing without a denominator.
The deliverable: a document, not a demo
The output of an audit is written. Ours lands within 48 hours of access and contains three parts:
- The gap map: every finding from the 12 areas above, with the evidence line-referenced to your bill.
- Quantified waste: a conservative-to-average savings range per finding, stated with its assumptions, never a single flattering number.
- The ROI ordering: fixes ranked by savings against effort, split into "your team can do this Tuesday" and "this is a project".
Judge any vendor's audit, including ours, by one test: could your team act on the report without hiring the vendor? If the answer is no, it was a sales document with a spreadsheet attached.
What happens after
Three honest outcomes. Your team takes the report and executes it alone (a success; we say so on the report). The findings justify a 90-day optimization engagement that ships the structural savings: commitments purchased, rightsizing done, FinOps rituals stood up. Or the audit shows your bill is already tight, in which case you've spent a week confirming it and we've earned the right to be remembered. Estimate which outcome you're heading for with the cloud waste calculator, then replace the estimate with your actual numbers.
Related: Cloud Billing & FinOps engagement · Cloud waste calculator · What is FinOps? · DevOps consulting rates 2026