Detect AWS Orphaned Resources & Send Cost Reports to Slack, Email, and Sheets

How it works

This workflow automatically scans AWS accounts for orphaned resources (unattached EBS volumes, old snapshots >90 days, unassociated Elastic IPs) that waste money. It calculates cost impact, validates compliance tags, and sends multi-channel alerts via Slack, Email, and Google Sheets audit logs.

Key Features: 🔍 Multi-region scanning with parallel execution 💰 Monthly/annual cost calculation with risk scoring 📊 Professional HTML reports with charts and tables 🏷️ Tag compliance validation (SOC2/ISO27001/HIPAA) ✅ Conditional alerting (only alerts when resources found) 📈 Google Sheets audit trail for trend analysis

What gets detected: Unattached EBS volumes ($0.10/GB/month waste) Snapshots older than 90 days ($0.05/GB/month) Unassociated Elastic IPs ($3.60/month each)

Typical savings: $50-10K/month depending on account size

Set up steps

Prerequisites

AWS Configuration: Create IAM user n8n-resource-scanner with these permissions: ec2:DescribeVolumes ec2:DescribeSnapshots ec2:DescribeAddresses ec2:DescribeInstances lambda:InvokeFunction Deploy Lambda function aws-orphaned-resource-scanner (Node.js 18+) Add EC2 read-only permissions to Lambda execution role Generate AWS Access Key + Secret Key

Lambda Function Code: See sticky notes in workflow for complete implementation using @aws-sdk/client-ec2

Credentials Required: AWS IAM (Access Key + Secret) Slack (OAuth2 or Webhook) Gmail (OAuth2) Google Sheets (OAuth2)

Configuration

Initialize Config Node: Update these settings: awsRegions: Your AWS regions (default: us-east-1) emailRecipients: FinOps team emails slackChannel: Alert channel (e.g., #cloud-ops) requiredTags: Compliance tags to validate snapshotAgeDays: Age threshold (default: 90)

Set Region Variables: Choose regions to scan

Lambda Function: Deploy function with provided code (see workflow sticky notes)

Google Sheet: Create spreadsheet with headers: Scan Date | Region | Resource Type | Resource ID | Monthly Cost | Compliance | etc.

Credentials: Connect all four credential types in n8n

Schedule: Enable "Weekly Scan Trigger" (default: Mondays 8 AM UTC)

Testing

Click "Execute Workflow" to run manual test Verify Lambda invokes successfully Check Slack alert appears Confirm email with HTML report received Validate Google Sheets logging works

Customization Options

Multi-region:** Add regions in "Initialize Config" Alert thresholds:** Modify cost/age thresholds Additional resource types:** Extend Lambda function Custom tags:** Update required tags list Schedule frequency:** Adjust cron trigger

Use Cases

FinOps Teams:** Automated cloud waste detection and cost reporting Cloud Operations:** Weekly compliance and governance audits DevOps:** Resource cleanup automation and alerting Security/Compliance:** Tag validation for SOC2/ISO27001/HIPAA Executive Reporting:** Monthly cost optimization metrics

Resources

AWS IAM Best Practices Lambda Function Code