We run multiple AWS accounts across several teams, and cloud resource is becoming a recurring operational problem and constant mess.

We regularly discover orphaned volumes and snapshots, unused Elastic IPs, forgotten vpcs/subnets, gateways in dev environments, and temporary infrastructure that never gets cleaned up.

Our DevOps team periodically audits and deletes unused resources, but this is reactive and manual.

Some vendors (like Crayon, CloudZero, etc.) offer governance and cost management platforms, sometimes as billing intermediaries or gain-share models that take a percentage of the AWS bill or savings. We prefer have a flat rate, not to route billing through a third party, and would like to stay on direct AWS relations.

I'm trying to understand what the current best practices are for continuous AWS cost governance and automated cleanup in multiacount environments (AWS Organizations, Control Tower, etc.), middleman partners.

So far we've looked at tools like cost explorer and budgets that may detect issues with infrastructure.

Here's a recent example - during a migration, one of our devops created a temporary backup storage volume (around 8 TB) and forgot to delete it. It ran for about three months before we noticed, which resulted in a significant and completely avoidable bill. This is one of types of issue we want to systematically prevent.

My questions:

- What is the recommended architecture for automated resource hygiene at scale?
- How do large organisations enforce cleanup policies (for example tagging policies, SCPs, automation)?
- Are there common opensource tools or frameworks for detecting and cleaning unused AWS resources?
- In practice, how much do teams rely on AWS-native tooling vs external FinOps platforms?

Thanks