The ds aws commands help you manage the AWS resources behind DevStride. Over time, personal stages accumulate — developers create stages for features, forget to tear them down, and resources linger. These commands find and clean up that drift.
ds aws cleanup
Discovers and destroys orphaned personal stages. This is the primary tool for keeping your AWS account tidy.
Process:
pulumi destroy, removes stack)| Flag | Description |
|---|---|
--region <regions> | Comma-separated regions to scan (all regions if omitted) |
--stale-days <n> | Days since last deploy to flag as stale (default: 14) |
--dry-run | Preview without deleting |
--include-neon | Also delete associated Neon database branches |
--stages <list> | Target specific stages (comma-separated) |
--force | Skip interactive confirmation |
# Find stages not deployed in 30+ days
ds aws cleanup --stale-days 30
# Preview what would be cleaned up
ds aws cleanup --dry-run
# Clean up specific stages
ds aws cleanup --stages phil-old-feature,phil-test-branch
# Full cleanup including Neon branches
ds aws cleanup --include-neon
# Scan only us-east-1
ds aws cleanup --region us-east-1
dev and prod are always skipped, even with --force. These stages cannot be destroyed from the CLI.ds aws audit
Inventories all deployed AWS resources by stage and service. This gives you a comprehensive view of what's running in your account.
Services scanned (14+):
| Service | What's Checked |
|---|---|
| Lambda | Functions, layers, event source mappings |
| API Gateway | REST APIs, stages, custom domains |
| S3 | Buckets, objects |
| DynamoDB | Tables, indexes |
| Cognito | User pools, app clients |
| Step Functions | State machines |
| EventBridge | Event buses, rules |
| SQS | Queues (standard and FIFO) |
| SNS | Topics, subscriptions |
| CloudWatch | Log groups, alarms |
| Secrets Manager | Secrets |
| CloudFront | Distributions |
| IAM | Roles, policies |
| CloudFormation | Stacks (from CDK constructs) |
The default output groups resources by stage:
Stage: phil-local (personal, us-east-1)
Last activity: 2 days ago
Lambda: 8 functions
API Gateway: 1 API
S3: 2 buckets
DynamoDB: 4 tables
Cognito: 1 user pool
...
Stage: phil-feature-auth (personal, us-east-1)
Last activity: 21 days ago ⚠️ STALE
Lambda: 8 functions
...
Each stage is classified:
Stale stages (no activity in 14+ days) are flagged with a warning.
| Flag | Description |
|---|---|
--region <region> | Scan only a specific region |
--json | Machine-readable JSON output |
--verbose | List individual resource names (not just counts) |
# Full audit across all regions
ds aws audit
# Audit a specific region
ds aws audit --region us-east-1
# Machine-readable output for scripting
ds aws audit --json
# Show individual resource names
ds aws audit --verbose
Every deployed personal stage incurs costs:
| Resource | Cost Driver |
|---|---|
| Lambda | Minimal when idle (pay-per-invocation) |
| API Gateway | Minimal when idle |
| DynamoDB | On-demand billing — minimal when idle |
| CloudFront | Distribution exists but costs little without traffic |
| Cognito | Free tier covers most personal stages |
| S3 | Storage costs for frontend assets |
| Secrets Manager | Per-secret per-month fee |
Individual personal stages are cheap, but dozens of forgotten stages add up. Regular cleanup with ds aws cleanup keeps costs predictable.