How to
Zombie Resources
Find and eliminate idle, orphaned, and abandoned cloud resources that drain budget without providing value.
Back to How To GuidesWhat Are Zombie Resources?
Zombie resources are cloud infrastructure that is actively incurring charges but delivering little or no value. They appear in four main patterns:
- Resources that were provisioned for a project and forgotten after the project ended.
- Resources that are technically "running" but serve no workload (idle databases, empty volumes, unused IPs).
- Snapshots and AMIs created for backups that are now stale (no associated instances, very old).
- Services that were replaced by something else but never decommissioned.
Zombie resources are one of the highest-ROI cleanup activities in cloud cost management. Because they provide no value, eliminating them has zero operational risk when done correctly.
How Detection Works
TurboFinOps detects zombie resources through two mechanisms:
Detection-based findings
Six FinOps detections generate findings for specific zombie patterns. These appear in the Findings queue with severity ratings and estimated monthly savings.
Ghost cleanup detection
Resources with age -0- 90 days or last-pull age -0- 90 days (snapshots, AMIs, images) are surfaced as ghost cleanup candidates -- a separate table from rule-based findings.
Resource Categories
| Category | What it detects |
|---|---|
| Unattached Storage | EBS volumes, Azure Managed Disks, GCP Persistent Disks not attached to any running instance |
| Idle Database | RDS, Azure SQL, Cloud SQL instances with very low or zero connection activity |
| Unused Public IP | Elastic IPs (AWS), Azure Public IPs, GCP External IPs not associated with a running resource |
| Idle Load Balancer | ALB/NLB/ELB, Azure LBs, GCP Load Balancers with near-zero traffic |
| Stale Snapshot | EBS snapshots, Azure snapshots older than the configured retention policy |
| Low-Execution Serverless | Lambda, Azure Functions, Cloud Functions with zero or minimal invocations over the scan period |
Cleaning Up
For each zombie finding:
- 1Open the finding in Dashboard - Findings or Dashboard - Zombie Resources.
- 2Review the resource details: name, region, age, estimated monthly cost.
- 3Verify the resource is truly unused -- check with the owner tag (if present) or your team.
- 4Click "Create Action" to initiate a remediation workflow.
- 5The action goes through conflict detection -- if the resource has an IaC ownership tag (e.g. managed-by: terraform), the conflict guard will flag it. Do not delete IaC-managed resources through TurboFinOps -- modify the IaC instead.
- 6For resources without IaC protection, approve and execute the action.
- 7The action produces an audit log entry confirming who deleted what and when.
Before deleting: the safety checklist
- -a-Does the resource have an owner tag? Contact the owner before deleting.
- -a-Is it tagged managed-by: terraform or similar? Delete via IaC, not TurboFinOps.
- -a-Is there data that might be needed? Create a final snapshot before deletion.
- -a-Is it in a production account? Extra caution applies -- prefer suggest mode and manual review.
Ghost Cleanup (Snapshots & Images)
The Ghost Cleanup section on the Zombie Resources dashboard specifically targets snapshots and machine images (AMIs, Azure Images, GCP Snapshots) that are old and disconnected from any active resource.
A resource is classified as a ghost cleanup candidate if:
- The resource age is -0- 90 days, OR
- The last-pull/last-used date is -0- 90 days ago
These resources incur storage costs but have likely outlived their usefulness. Review the table, confirm with resource owners, and clean up via the action engine or directly in your cloud provider console.
TurboFinOps
Start with one cloud scope. Prove savings fast.
Connect AWS, Azure, or GCP and get actionable findings, score trends, and auditable remediation paths in minutes.