aws-cost-investigationlisted

# AWS Cost Investigation Operational skill for diagnosing AWS cost spikes and auditing for ongoing waste. The focus is on **diagnostic flow** (data-first, not guess-first) plus a **concrete trap inventory** with detection CLI for each. ## When to invoke **Symptoms:** - "The bill is up $X with no deploys" / "AWS bill spiked last month." - An anomaly notification from AWS Cost Anomaly Detection. - Cost Explorer dashboards show large `(no tag)` slices despite tagging policies. - NAT Gateway charges growing month over month. - Looking at a Savings Plan / Reserved Instance commitment decision. - A general account audit ("find the waste"). - Designing a cost-allocation tagging strategy. ## Cross-cutting rules 1. **Data first, guesses never.** When asked to diagnose a spike, the first action is to query Cost Explorer. Do NOT guess "probably S3" or "probably NAT" without numbers. Naming a likely culprit without data is anti-pattern #1. 2. **Compare windows of equal length.** A 7-day spike compares to the prior 7 days, not month-to-date. A monthly spike compares to the same days of the prior month, not the full prior month. 3. **Never quote a specific dollar amount as a pricing fact.** AWS prices change. State relative magnitudes (Gateway endpoints are free; Interface endpoints are cheaper than NAT for high egress) and link to the [AWS pricing page](https://aws.amazon.com/pricing/) for current numbers when a precise answer is needed. 4. **Activation is the silent gate for tag-ba