All posts
September 15, 20251 min read

Quarterly AWS CLI Checklist to Prevent Cloud Drift and Cut Costs

Every three months, the gaps show. Scripts fail. Keys expire. Buckets bloat. What was clean in January looks broken in April. The AWS CLI does not forget, but teams often do. A quarterly check-in with AWS CLI is the reset. It’s more than upkeep. It’s the line between a cloud you control and a cloud that controls you. When schedules get tight, the small CLI commands are the first to skip. That’s how drift starts. Drift is expensive. Drift is dangerous. Start with access. Run aws iam list-users.

Free White Paper

AWS CloudTrail + End-to-End Encryption: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

Every three months, the gaps show. Scripts fail. Keys expire. Buckets bloat. What was clean in January looks broken in April. The AWS CLI does not forget, but teams often do.

A quarterly check-in with AWS CLI is the reset. It’s more than upkeep. It’s the line between a cloud you control and a cloud that controls you. When schedules get tight, the small CLI commands are the first to skip. That’s how drift starts. Drift is expensive. Drift is dangerous.

Start with access. Run aws iam list-users. Check which IAM users haven’t rotated access keys. Delete unused ones. Audit policies for least privilege. Run aws iam list-access-keys --user-name <username> and check the dates. Old keys are soft targets.

Move to storage. Use aws s3 ls --summarize --human-readable --recursive s3://<bucket> to spot buckets growing faster than expected. Cross-check for public access with aws s3api get-bucket-acl and aws s3api get-bucket-policy. Quarterly attention keeps you compliant and lean.

Continue reading? Get the full guide.

AWS CloudTrail + End-to-End Encryption: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Inspect compute. Run aws ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId,State.Name,LaunchTime,InstanceType]' --output table. Terminate idle instances. Check for outdated AMIs and patch levels. Savings and security both live here.

Check regions for strays. Forgotten resources spin cost in silence across unused regions. Use aws ec2 describe-regions and scan each for orphaned volumes, IPs, snapshots, or load balancers.

Review CloudTrail. aws cloudtrail lookup-events verifies activity logs and uncovers unusual patterns. Retention and encryption should match your policy. Every incident report starts with whether you had the right logs at the right time.

A good quarterly check ends with updated scripts in source control. Automation lowers risk, but only if the automation itself is audited. The AWS CLI is your direct, precise tool for this work—pure API by terminal.

Stop letting the quarter slip by without a reset. You can run these checks and see results live in minutes with Hoop.dev. Instead of theory, you’ll have evidence. Instead of drift, you’ll have control. Instead of surprises, you’ll have a cloud you actually know.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts