Show HN: CleanCloud – Cloud cleanup that can't delete anything(getcleancloud.com)
10 pointsby sureshcsdpa month ago3 comments
  • sureshcsdpa month ago
    Author here. Built CleanCloud after seeing AWS Nuke delete a staging database.

    CleanCloud is read-only by design - it cannot delete anything, even by accident. Scans AWS/Azure for orphaned resources and gives you evidence-based recommendations.

    Key differences from other tools: - No Delete permissions required (read-only IAM policy) - No automated cleanup (you decide what to delete) - Conservative confidence scoring (HIGH: 90%+, MEDIUM: 70-90%) - Open source (MIT), runs locally

    1,800+ downloads in 6 weeks. Interesting signal: 21% manually download to audit code (vs 2% typical).

    Technical details: - Python CLI, uses standard AWS SDK (boto3) - Finds: Unattached EBS, old snapshots, infinite CloudWatch retention - CI/CD ready: JSON output, exit codes - No external API calls (runs entirely locally)

    Would love feedback on what resources to check next!

    GitHub: https://github.com/cleancloud-io/cleancloud Website: https://getcleancloud.com

    • electroly21 days ago
      My feedback: it seems like this tool isn't really like aws-nuke, but the copy keeps comparing it to aws-nuke, extending further into this HN post. aws-nuke doesn't need delete permissions (you just can't do the "delete" step, obviously), aws-nuke makes you decide what to delete, aws-nuke doesn't need confidence scoring since it shows you everything in the account, and aws-nuke is open source. From your list of key differences, the only one that aws-nuke doesn't already do is the one that doesn't make sense for aws-nuke. This is, IMO, a problem with your list and not with the app: there are differentiating things CleanCloud does that you can focus on instead.

      IMO, don't mention aws-nuke at all. This isn't the same kind of product as aws-nuke, which is explicitly the "One-click cleanup workflows" category in your "Not designed for" box. Your tool is for accounts that I'm not trying to nuke. So why invite the comparison? These tools are not intended for the same use case.

      Spitballing here, I'd think you would want to lean into the cost savings aspect of deleting orphaned resources. aws-nuke is about cleaning out disposable AWS accounts. CleanCloud is about cloud cost optimization on real production/staging accounts.

      A final note: it seems like the name CleanCloud is already used by a laundry service provider. You still have time to pick a different name for which you can take the top Google spot.

      • sureshcsdp19 days ago
        This is fair feedback — thanks for calling it out.

        You’re right that CleanCloud is not the same category as aws-nuke, and comparing them directly is misleading. aws-nuke is great for disposable accounts; CleanCloud is explicitly for long-lived production and regulated environments where destructive access isn’t acceptable.

        The intent with CleanCloud is read-only hygiene evaluation: identifying cost waste and risky misconfigurations with evidence and confidence, so teams can act safely through their normal change processes.

        I’ll update the copy to remove the aws-nuke comparison and make that distinction clearer.

        Many Thanks Suresh

  • bigstrat200321 days ago
    This is really cool. Thanks for sharing! I'm definitely going to check this out in the coming weeks at work.