Documentation

FeckBills finds wasted cloud spend — orphaned, idle, and over-provisioned resources — and tells you the fix in £/mo. Read-only, open-source CLI. Here's how to use it.

Quickstart

Authenticate read-only with GCP, then scan a project. Results print as a ranked, plain-English report with £ savings.

$ gcloud auth application-default login
$ feckbills scan --project YOUR_PROJECT_ID

No cloud access handy? Try canned data: feckbills scan --fixture.

The CLI

The scanner is read-only and uses Application Default Credentials, so it works non-interactively with a service-account key too (GOOGLE_APPLICATION_CREDENTIALS).

  • --project <id> — scan one project
  • --window <days> — usage look-back (default 14)
  • --out report.md — write the markdown report
  • --json — emit raw findings JSON
  • --fixture — canned data, no cloud calls

API keys

To send findings to the hosted console, create an account-level API key in Console → API keys. One key works across every project; pushing a scan auto-creates the project.

$ feckbills scan --project YOUR_PROJECT \
    --push https://app.feckbills.com/api/ingest \
    --token $FECKBILLS_API_KEY

Scan everything

With --all-projects, the CLI enumerates every project the credential can see and scans them all — no need to add projects by hand.

$ feckbills scan --all-projects \
    --push https://app.feckbills.com/api/ingest \
    --token $FECKBILLS_API_KEY

Deploy into your own cloud

Don't want to run the CLI by hand, but also don't want to hand anyone your cloud credentials? Deploy the agent inside your own project — one click via Console → Deploy. It runs as a scheduled Cloud Run job under a read-only service account you control, scans everything it can see, and pushes only findings back via your API key. We never see or store your credentials.

GKE CronJob, AWS CloudFormation, and a keyless cross-account option are coming.

What we detect

GCP today (AWS & Azure next):

  • • GKE over-provisioned pod requests
  • • Unattached persistent disks
  • • Reserved-but-idle static IPs
  • • Orphaned & stale snapshots
  • • Disks on stopped VMs
  • • Idle Compute Engine VMs

Every finding is priced in £/mo and ranked by impact. The hosted console adds an AI brief across your whole estate.

Security

Read-only by design: least-privilege role or service account, no write scopes, no secrets. Only findings — resource IDs, metrics, savings figures — ever leave your account; never raw resource data. The agent is open source so you can audit exactly what it reads.

Ready to find your leak?

Run the CLI, or connect read-only and let the console watch the waste.

Open the console