April 4, 2026 · Tim Fraser, Cloud Operations Lead
How to Get an AWS Health Check Without a DevOps Team
You know your company runs on AWS. You know it's important. But you don't have a dedicated DevOps or SRE team — your developers handle infrastructure alongside feature work, and nobody is doing regular health checks.
This is the norm for most small and mid-sized companies. Infrastructure health checks take time and expertise. Without a dedicated person, they don't happen.
Here's what a proper AWS health check covers, why it matters, and how to get one without hiring a specialist.
What a health check should cover
A good AWS health check looks at five areas:
1. Security posture
- Are any security groups open to the internet on sensitive ports (SSH, databases)?
- Is MFA enabled on the root account?
- Are there unused IAM users with active credentials?
- Are S3 buckets properly locked down?
2. Cost efficiency
- Are there idle or underutilised resources?
- Are development environments running production-grade hardware?
- Are there unattached volumes, unused Elastic IPs, or orphaned load balancers?
- Could reserved instances or savings plans reduce costs?
3. Reliability
- Are databases backed up? Are backups tested?
- Are critical services running in multiple availability zones?
- Is CloudTrail enabled for audit logging?
- Are there any single points of failure?
4. Operational hygiene
- Are resources properly tagged (team, environment, purpose)?
- Are there lifecycle policies on S3 buckets and log groups?
- Is monitoring in place for critical services?
- Are there any resources with no clear owner?
5. Compliance basics
- Is data encrypted at rest and in transit?
- Are access logs being retained?
- Is there a record of who can access what?
The traditional options
Hire a consultant: $200-400/hr, typically a 2-4 week engagement. You get a PDF report and a list of recommendations. Good quality, but expensive and one-off — the report is stale within a month. Assign it to a developer: They'll do a decent job if they have the time, but they probably don't. Infrastructure audits always lose to feature work in priority discussions. Use AWS Trusted Advisor: Free with Business Support ($100/mo+), but it's generic checklists, not contextual analysis. It tells you "you have unused Elastic IPs" but not "this is costing you $43/mo and here's who created them."The continuous alternative
What you actually need isn't a one-off health check. You need continuous visibility — a regular cadence of checks that catch problems before they become crises.
plainfra provides this. Connect your AWS account (read-only, one command, 3 minutes) and you get:
Weekly health reports — every Monday, a PDF lands in your inbox covering security, cost, reliability, and operational hygiene across all your connected AWS accounts. RED/AMBER/GREEN indicators make it easy to see what needs attention at a glance. On-demand questions — between reports, ask anything:> "Give me a security summary of this account"
"What's changed since last week?"
"Are our databases backed up?"Actionable findings — each finding comes with enough detail to create a ticket. "Security group sg-0a2f7e91 allows SSH from 0.0.0.0/0, 4 instances attached" is a ticket your developer can act on immediately.
The cost is a fraction of a consultant — $79/mo for the Core plan. That's less than 30 minutes of consultant time, and you get continuous monitoring instead of a one-off report.
If you don't have a dedicated DevOps hire, automated checks delivered in plain English — with a clear handoff to your team — are the most practical option.
Try plainfra free → 50K tokens, 7 days, no charge. Or see the interactive demo →.