rdsspectre — Managed database waste and security auditor for RDS and Cloud SQL. Part of SpectreHub.
- Scans AWS RDS and GCP Cloud SQL for idle, oversized, and misconfigured instances
- Detects unencrypted databases, public accessibility, and missing backups
- Estimates monthly waste in USD per finding
- Generates IAM policy and config file via init command
- Outputs text, JSON, SARIF, and SpectreHub formats
- Not a database query tool or performance profiler
- Not a migration or modification tool — strictly read-only
- Not a replacement for Trusted Advisor or GCP Recommender
brew tap ppiankov/tap
brew install rdsspectregit clone https://github.com/ppiankov/rdsspectre.git
cd rdsspectre
make buildrdsspectre aws --region us-east-1 --format json| Command | Description |
|---|---|
rdsspectre aws |
Scan AWS RDS instances |
rdsspectre gcp |
Scan GCP Cloud SQL instances |
rdsspectre init |
Generate IAM policy and config file |
rdsspectre version |
Print version |
rdsspectre feeds managed database waste findings into SpectreHub for unified visibility across your infrastructure.
spectrehub collect --tool rdsspectrerdsspectre operates in read-only mode. It inspects and reports — never modifies, deletes, or alters your databases.
MIT — see LICENSE.
Built by Obsta Labs