Find cloud waste & risk in minutes

Graymole is a read-only scanner that surfaces cost savings and security risks across AWS, GCP, and Azure — with every finding priced in real dollars and traced back to the raw API response.

Start free — no card See how it works

Free plan: 1 account · 1 scan / month · read-only

graymole — scan results

Annual savings

$48,210

Findings

137

Regions

high Unattached EBS volume · vol-0a1b2c

$182/mo

medium Idle RDS instance · db-prod-legacy

$340/mo

low VM stopped, not deallocated · vm-legacy-01 (Azure)

$96/mo

473

Read-only checks

Clouds: AWS, GCP & Azure

Cost & risk categories

Write permissions needed

Everything you need to cut your bill

One read-only scan covers cost and security across every region.

473 detectors

Unattached disks, idle databases, oversized instances, public buckets, open firewalls — cost and security in one pass, across AWS, GCP, and Azure.

Read-only by design

Connect via a cross-account role (AWS), a Viewer service account (GCP), or a Reader service principal (Azure). Graymole only ever reads — no agents, no write permissions.

Dollar-quantified findings

Every finding carries an estimated monthly and annual saving, a confidence score, and a copy-paste fix command.

Results in minutes

Parallel collectors sweep every region. A typical account finishes in a few minutes with a self-contained report.

Full traceability

Every finding links back to the raw cloud API response it came from. No black boxes — verify anything.

Multi-account, multi-cloud

Connect accounts across AWS, GCP, and Azure, scan on a schedule, and track savings over time as your footprint grows.

Live in three steps

From signup to savings in under five minutes.

Connect your account

AWS: a read-only role from our one-click template, or keys. GCP: a Viewer service account. Azure: a Reader service principal. Connection is verified instantly.

Run a scan

Pick regions and checks (or accept the defaults). Watch live progress as collectors sweep every region.

Act on savings

Sort findings by dollar impact, copy the fix command, and export to CSV. Re-scan any time to track progress.

What you'll see in your first scan

Real findings, each priced in dollars, with the fix and a confidence score — not a wall of undifferentiated alerts.

high Unattached EBS volume EBS_UNATTACHED · vol-0a1b2c3d4e · us-east-1

$182/mo

Delete or snapshot this volume — it's been 'available' for 31 days.

aws ec2 delete-volume --volume-id vol-0a1b2c3d4e confidence 95%

medium Idle Cloud SQL instance CLOUDSQL_IDLE · analytics-replica · us-central1 (GCP)

$340/mo

Near-zero connections for 14 days — stop or downsize this instance.

gcloud sql instances patch analytics-replica --activation-policy NEVER confidence 88%

high NSG SSH open to the world NSG_SSH_OPEN · nsg-app-prod · westeurope (Azure)

Security risk

Port 22 is reachable from 0.0.0.0/0 — restrict it to known IPs.

az network nsg rule update -g prod-rg --nsg-name nsg-app-prod … confidence 99%

Every finding links back to the raw cloud API response it came from.

Why Graymole

Cloud cost tools aren't new. Ours works differently.

Plenty of tools list problems. Graymole prices them, proves them, and catches the security risk sitting right next to the waste — all in one read-only pass.

See how we compare →

Find waste OR risk → Both, in one read-only scan

List problems → Price every finding in real dollars

Black-box scores → Traceable to the raw API response

Agents + a sales call → One read-only role, five minutes

See your savings today

Connect a read-only role and run your first scan free. No credit card, no agents, no risk.

Start scanning free