Back to Tools

Multi-Cloud Stopped VM Detective

Comprehensive scripts to detect stopped VMs across AWS, Azure, GCP, and OCI — hunt down zombie storage costs and optimize your multi-cloud spending.

Table of Contents

Introduction

The Multi-Cloud Stopped VM Detective is your complete arsenal for hunting down idle resources across all major cloud providers 🕵️‍♂️💰 This collection of four specialized scripts detects VMs that have been stopped for extended periods, helping you identify ongoing storage costs that continue to drain your budget even when compute resources aren't running.

Perfect for FinOps teams managing multi-cloud environments, these scripts provide comprehensive visibility into resource lifecycle management. No more surprise storage bills from forgotten dev instances or abandoned project VMs. Each script is tailored to its cloud provider's specific APIs and services, ensuring accurate detection and detailed reporting. 🚀📊

4 Cloud Providers Covered

AWS EC2, Azure VMs, GCP Compute Engine, and OCI Instances with provider-specific optimizations.

Comprehensive Storage Analysis

Detailed analysis of EBS volumes, managed disks, persistent disks, and block volumes.

Why Detect Stopped VMs

Stopped VMs are one of the most common sources of cloud waste, often accounting for 15-30% of unnecessary spending in organizations:

Hidden Storage Costs

Stopped VMs continue to incur storage charges for attached disks. A stopped m5.large with 100GB EBS costs ~$10/month in storage alone.

Resource Sprawl

Development and testing environments often leave VMs stopped indefinitely, creating resource sprawl that's difficult to track manually.

Compliance & Governance

Proper resource lifecycle management ensures compliance with organizational policies and reduces security risks from abandoned resources.

Real-World Impact

Organizations typically find 20-40% of their VMs have been stopped for over 30 days, representing immediate cost optimization opportunities of $50,000-$200,000 annually for mid-size cloud deployments.

Script Overview

Each script is purpose-built for its cloud provider, leveraging native APIs and services for maximum accuracy and performance:

🔍 AWS EC2 Detective (PowerShell)

Detect-StoppedEC2Instances.ps1

Key Features:
  • Multi-region support with auto-discovery
  • CloudTrail integration for accurate stop dates
  • Comprehensive EBS volume analysis
  • Tag-based owner identification
  • CSV and HTML report generation
Prerequisites:
  • AWS.Tools.EC2 PowerShell module
  • AWS.Tools.CloudTrail module
  • EC2 read permissions
  • CloudTrail read access
PowerShell Usage
# Basic usage - scan all regions for VMs stopped > 30 days
.\Detect-StoppedEC2Instances.ps1

# Custom threshold and specific regions
.\Detect-StoppedEC2Instances.ps1 -DaysThreshold 60 -Regions "us-east-1,us-west-2"

# Generate reports in specific directory
.\Detect-StoppedEC2Instances.ps1 -OutputPath "C:\Reports" -DaysThreshold 45

🔍 Azure VM Detective (PowerShell)

Detect-DeallocatedVMs.ps1

Key Features:
  • Azure Resource Graph integration
  • Activity Log analysis for deallocation dates
  • Managed disk analysis (OS + data disks)
  • Multi-subscription support
  • Tag-based metadata extraction
Prerequisites:
  • Az.Accounts PowerShell module
  • Az.ResourceGraph module
  • Az.Monitor module
  • Reader role on subscriptions
PowerShell Usage
# Basic usage - scan current subscription
.\Detect-DeallocatedVMs.ps1

# Custom threshold and output path
.\Detect-DeallocatedVMs.ps1 -DaysThreshold 45 -OutputPath "C:\AzureReports"

# Scan specific subscription
.\Detect-DeallocatedVMs.ps1 -SubscriptionId "12345678-1234-1234-1234-123456789012"

🔍 GCP Compute Detective (PowerShell)

Detect-StoppedGCEInstances.ps1

Key Features:
  • Multi-project and multi-zone support
  • Cloud Logging integration for stop dates
  • Persistent disk analysis (boot + additional)
  • gcloud CLI integration
  • Cross-platform compatibility
Prerequisites:
  • Google Cloud SDK (gcloud)
  • Authenticated gcloud session
  • Compute Engine viewer role
  • Cloud Logging viewer role
PowerShell Usage
# Basic usage - scan current project
.\Detect-StoppedGCEInstances.ps1

# Multiple projects and custom threshold
.\Detect-StoppedGCEInstances.ps1 -Projects "project-1,project-2" -DaysThreshold 60

# Specific zones and output directory
.\Detect-StoppedGCEInstances.ps1 -Zones "us-central1-a,us-east1-b" -OutputPath "/reports"

🔍 OCI Instance Detective (Python)

detect_stopped_oci_instances.py

Key Features:
  • Multi-compartment recursive scanning
  • Audit log integration for stop dates
  • Block volume and boot volume analysis
  • JSON and CSV report generation
  • Comprehensive error handling
Prerequisites:
  • OCI Python SDK (pip install oci)
  • OCI CLI configuration
  • Compute read permissions
  • Audit read permissions
Python Usage
# Basic usage - scan all compartments
python detect_stopped_oci_instances.py

# Custom threshold and specific compartment
python detect_stopped_oci_instances.py --days-threshold 60 --compartment-id ocid1.compartment...

# Generate reports in specific directory
python detect_stopped_oci_instances.py --output-dir /reports --days-threshold 45

Prerequisites & Setup

Each script has specific prerequisites based on its cloud provider. Here's the complete setup guide:

Cloud ProviderLanguageRequired Modules/SDKsPermissions Needed
AWSPowerShellAWS.Tools.EC2, AWS.Tools.CloudTrailEC2:Describe*, CloudTrail:LookupEvents
AzurePowerShellAz.Accounts, Az.ResourceGraph, Az.MonitorReader role, Resource Graph access
GCPPowerShellGoogle Cloud SDK (gcloud)Compute Engine Viewer, Cloud Logging Viewer
OCIPythonOCI Python SDK (pip install oci)Compute read, Audit read, Block Storage read

🔧 PowerShell Setup (AWS, Azure, GCP)

PowerShell
# Install required modules
Install-Module AWS.Tools.EC2, AWS.Tools.CloudTrail -Force
Install-Module Az.Accounts, Az.ResourceGraph, Az.Monitor -Force

# Configure credentials
Set-AWSCredential -AccessKey "YOUR_KEY" -SecretKey "YOUR_SECRET"
Connect-AzAccount
gcloud auth login

🐍 Python Setup (OCI)

Bash
# Install OCI SDK
pip install oci

# Configure OCI CLI
oci setup config

# Verify configuration
oci iam user get --user-id <your-user-ocid>
Security Best Practices
  • Use least privilege: Grant only the minimum permissions required for each script
  • Rotate credentials: Regularly rotate access keys and service principal credentials
  • Use managed identities: Leverage cloud-native authentication where possible
  • Audit access: Monitor script execution and API calls through cloud audit logs

Usage Examples

Here are practical examples for common scenarios across all cloud providers:

Weekly Cleanup Scan

Identify VMs stopped for more than 7 days for immediate cleanup:

Multi-Cloud Commands
# AWS
.\Detect-StoppedEC2Instances.ps1 -DaysThreshold 7

# Azure  
.\Detect-DeallocatedVMs.ps1 -DaysThreshold 7

# GCP
.\Detect-StoppedGCEInstances.ps1 -DaysThreshold 7

# OCI
python detect_stopped_oci_instances.py --days-threshold 7

Monthly Governance Review

Comprehensive scan for VMs stopped over 30 days:

Multi-Cloud Commands
# AWS - All regions
.\Detect-StoppedEC2Instances.ps1 -DaysThreshold 30 -OutputPath "C:\Reports"

# Azure - All subscriptions
.\Detect-DeallocatedVMs.ps1 -DaysThreshold 30

# GCP - All projects
.\Detect-StoppedGCEInstances.ps1 -DaysThreshold 30

# OCI - All compartments
python detect_stopped_oci_instances.py --days-threshold 30

🎯 Advanced Multi-Cloud Automation

Combine all scripts for comprehensive multi-cloud scanning:

PowerShell Automation
# Multi-cloud scanning script
$timestamp = Get-Date -Format "yyyyMMdd_HHmmss"
$reportDir = "C:\MultiCloudReports\$timestamp"
New-Item -ItemType Directory -Path $reportDir -Force

# AWS Scan
.\Detect-StoppedEC2Instances.ps1 -DaysThreshold 30 -OutputPath $reportDir

# Azure Scan  
.\Detect-DeallocatedVMs.ps1 -DaysThreshold 30 -OutputPath $reportDir

# GCP Scan
.\Detect-StoppedGCEInstances.ps1 -DaysThreshold 30 -OutputPath $reportDir

# OCI Scan
python detect_stopped_oci_instances.py --days-threshold 30 --output-dir $reportDir

Write-Host "✅ Multi-cloud scan complete. Reports saved to: $reportDir"
Automation Integration

These scripts are designed for automation. Schedule them via cron (Linux/Mac), Task Scheduler (Windows), or cloud-native scheduling services like AWS EventBridge, Azure Logic Apps, or GCP Cloud Scheduler.

Report Outputs

Each script generates comprehensive reports with detailed analysis and actionable insights:

📊 CSV Data Export

  • Instance Details: ID, name, type, region/zone
  • Timing Information: Stop date, aging days, launch time
  • Storage Analysis: Disk sizes, types, total storage costs
  • Metadata: Tags, owner information, environment
  • Network Info: VPC, subnet, security groups

📈 HTML Visual Reports

  • Executive Summary: Total instances, storage costs
  • Aging Analysis: Color-coded aging indicators
  • Storage Breakdown: Volume types and sizes
  • Owner Distribution: Tag-based ownership analysis
  • Regional Analysis: Geographic distribution
Report TypeAWSAzureGCPOCI
CSV Export✅ Comprehensive✅ Comprehensive✅ Comprehensive✅ Comprehensive
HTML Report✅ Executive-ready❌ CSV only✅ Executive-ready✅ Executive-ready
JSON Output✅ Available
Storage Analysis✅ EBS volumes✅ Managed disks✅ Persistent disks✅ Block volumes
Owner Tracking✅ Tag-based✅ Tag-based✅ Label-based✅ Tag-based
Report Integration

CSV outputs are designed for easy integration with BI tools, spreadsheets, and automation systems. Use the data for trend analysis, cost forecasting, and automated cleanup workflows.

Optimization Impact

Understanding the potential cost savings from stopped VM detection and cleanup:

60-80%
Storage Cost Reduction

Immediate savings from deleting unused storage attached to long-stopped VMs. Typical savings: $5-50 per VM per month.

20-40%
VMs Affected

Percentage of VMs typically found stopped for over 30 days in most organizations. Higher in dev/test environments.

$50K-200K
Annual Savings

Typical annual savings for mid-size organizations (500-2000 VMs) from implementing regular stopped VM cleanup.

Implementation PhaseTimelineExpected SavingsEffort Level
Initial Scan & CleanupWeek 140-60% of identified wasteLow - Run scripts and review
Process ImplementationWeek 2-3Additional 20-30% through automationMedium - Setup scheduling
Governance IntegrationMonth 2Sustained 80%+ waste preventionMedium - Policy enforcement
Advanced AutomationMonth 3+Proactive prevention, 90%+ efficiencyHigh - Custom workflows
Implementation Considerations
  • Data backup: Ensure critical data is backed up before deleting stopped VMs
  • Owner notification: Implement approval workflows for resource cleanup
  • Grace periods: Allow reasonable time for owners to respond to cleanup notifications
  • Exception handling: Maintain lists of protected resources that should not be cleaned up

Best Practices

Maximize the effectiveness of your stopped VM detection with these proven practices:

📅 Execution Schedule

  • Weekly scans: 7-day threshold for immediate cleanup
  • Monthly reviews: 30-day threshold for governance
  • Quarterly audits: 90-day threshold for compliance
  • Off-hours execution: Minimize impact on production

👥 Team Collaboration

  • Owner notifications: Automated alerts before cleanup
  • Approval workflows: Require confirmation for deletions
  • Exception lists: Protect critical development resources
  • Shared reporting: Distribute findings to stakeholders

🔧 Technical Optimization

  • Parallel execution: Run multiple cloud scans simultaneously
  • Regional filtering: Focus on high-cost regions first
  • Batch processing: Handle large environments efficiently
  • Error handling: Implement robust retry mechanisms

📊 Metrics & Monitoring

  • Trend tracking: Monitor stopped VM patterns over time
  • Cost attribution: Track savings by team/project
  • Compliance metrics: Measure policy adherence
  • Performance monitoring: Track script execution times
Integration with FinOps Processes

These scripts work best as part of a comprehensive FinOps practice. Integrate findings with cost allocation, budget monitoring, and resource governance processes for maximum organizational impact.

Download

🍳 Get Your Multi-Cloud VM Detective Scripts

Ready to hunt down zombie storage costs across your entire multi-cloud environment? Download the complete script collection and start identifying optimization opportunities in under 15 minutes.

Complete Script Package

All four scripts with documentation and usage examples

Download All Scripts

Version 1.0 | 4 Scripts | Size: ~150KB

AWS
PowerShell
Azure
PowerShell
GCP
PowerShell
OCI
Python

Individual Script Downloads

System Requirements
PowerShell Scripts (AWS, Azure, GCP):
  • PowerShell 5.1+ or PowerShell Core 7+
  • Windows, macOS, or Linux
  • Cloud provider CLI tools and modules
  • Appropriate cloud permissions
Python Script (OCI):
  • Python 3.6+ with pip
  • OCI Python SDK (pip install oci)
  • OCI CLI configuration
  • OCI IAM permissions

Ready to Hunt Down Zombie Storage Costs?

The Multi-Cloud Stopped VM Detective gives you comprehensive visibility into idle resources across AWS, Azure, GCP, and OCI. With automated detection, detailed reporting, and actionable insights, you'll quickly identify and eliminate 60-80% of zombie storage costs.

Join hundreds of FinOps teams who've saved thousands of dollars monthly by implementing regular stopped VM detection and cleanup processes. Download the complete script collection and start optimizing today!

Explore More ToolsFinOps Learning Resources