Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


Table of Contents


AWSResco is a standalone SPA using the client side AWS JS SDK to get instance and reservation info for JIT comparison of running infrastructure. This comparison provides a "Differential" value to the user to see where they are over or under allotted on their reservations.

The latest version is at:

Screenshot Example



In my time with working with AWS, the question of "Am I utilizing my reservations correctly?" has come up many times. AWS doesn't provide an interface, tool, or output that I am aware of that can provide this information in an easily consumable way. The closest tool AWS has is Reservation Utilization Reports which works well in some cases, mostly smaller organizations, but lacks granularity for others.

How it works

AWS Reservation Comparison (AWSResco) takes a look at AWS reservations for a given account and compares them against running infrastructure. It combines multiple reservation purchases of the same Instance Type, Availability Zone, Platform (windows or linux), and VPC (EC2-Classic or VPC) into a single object, then looks at all running instances and matches them with any reservation based on the same values.

This information is then presented to the user as:

  • The number of reservations of a given type, zone, platform, and vpc: Reservation Count
  • The number of running instances of a given type, zone, platform, and vpc: Running Instances
  • A differential, the number of reservations minus the number of running instances: Differential
  • The hard data on each reservation & running instance sets: Type, Zone, Windows, VPC, Runnings Ids, and Running Names


While AWSResco itself doesn't use HTTPS from S3 to the client's browser, all communication from the client's browser to AWS is over HTTPS. This means that your access and secret keys are never sent from your browser over anything other than HTTPS. This is enabled via

If you are worried about what the tool does with your keys, please feel free to review the code for any malicious usage. If you find anything concering, feel free to open an issue or pull request.

AWS IAM Policy for access

The policy you use for AWSResco should follow the least privilege access rules. In the case of AWSResco, the only access needed is for the the describeInstances and the describeReservedInstances API calls. The following is an example of the policy to use:

  "Version": "2012-10-17",
  "Statement": [
      "Sid": "Stmt1452989493668",
      "Action": [
      "Effect": "Allow",
      "Resource": "*"

If you are using an IAM instance profile you need to use the (access key, secret key, token) tuple to authenticate. You can retrieve the values from the EC2 metadata API. First, find the name of your instance-profile:


Then, plug in the name at the end of the URL


The resulting JSON will have the necessary credentials to utilize the site.


Currently AWSResco does not take into account OfferingType, it assumes that only Heavy Utilization is being used as that was the original use case for the tool. There are plans to support all OfferingType variations - see Issue#3.


  • Run with: python -m SimpleHTTPServer (or your favorite web server)
  • Navigate to: localhost:8000/dev.html (or your favorite web server's configuration)


  • Manual process to test


  • Run bash which will uglify css and javascript


  • Manual process of pushing to S3

Build & Deploy Gaps

  • Changes to dev.html need to be copied to index.html at this time.
  • No publish scripts to get new version to S3.


A standalone SPA using the client side AWS JS SDK to get instance and reservation info for JIT comparison of running infrastructure







No packages published