Admin sign-in
OpnIMG cost-control console. Tier-2 admin Cognito only.
OpnIMG — Cost Control
Pause expensive AWS resources during prototyping. Master switch flips everything; per-service toggles are surgical. Reporter PWA & this admin console are never auto-paused.
—
Estimated $/hour right now
≈ $— per month
Master switch
Flips RDS, Rekognition endpoint, Redis, non-critical Lambdas, Macie, Inspector v2, VPC endpoints, web-app CloudFront, and S3 cross-region replication. Cold-start ~5–10 min after wake.
Compute & data
RDS — opnimg-postgis-dev
db.t3.medium · PostgreSQL 15 · PostGIS 3.4 · gp3
…
$0.068/h
≈$50/mo
≈$50/mo
Rekognition Custom Labels endpoint
Phase 4 inference · biggest hourly cost
…
$4.00/h
≈$96/mo @ 24/7
≈$96/mo @ 24/7
Lambda reserved concurrency (non-critical)
gamification, fraud, IPAWS, KEV, GIS inbound, etc.
…
$0/h
(prevents invocations)
(prevents invocations)
ElastiCache Redis
cache.t3.small · Multi-AZ · ~8 min cold start on wake
…
$0.038/h
≈$28/mo
≈$28/mo
Security & compliance scanners
Macie — PII discovery
Scans S3 evidence for sensitive data; auto-disabled = no scans
…
~$0.001/h
+scan costs
+scan costs
Inspector v2 — Lambda CVE scanning
Continuous CVE scan on all 17+ functions
…
$0.020/h
≈$15/mo
≈$15/mo
Networking
VPC interface endpoints (×3)
ssm + events + secretsmanager · ~$0.06/h combined
…
$0.060/h
≈$43/mo
≈$43/mo
Web apps
CloudFront — operator/status/account SPAs
3 distributions · admin & reporter excluded for safety
…
~$0.001/h
+egress on use
+egress on use
Disaster recovery
S3 cross-region replication (us-east-1 → us-west-2)
Evidence-store DR · disabling reduces compliance posture
…
data-driven
$0.02/GB
$0.02/GB
Always on (informational)
WAF — regional + CloudFront
3 managed rule groups · Common, KnownBadInputs, IpReputation
ON · always
$0.058/h
≈$42/mo
≈$42/mo
🔒 always
KMS — JWT signing key
ECC P-256 ES256 · alias/opnimg-jwt-signing
ON · always
$0.001/h
≈$1/mo
≈$1/mo
🔒 always
Secrets Manager — RDS / Redis / IPAWS / APNs
~3 secrets · rotation pending one-time SAR install
ON · always
$0.003/h
≈$2/mo
≈$2/mo
🔒 always
CloudTrail — multi-region trail
Mgmt events free · log-file validation enabled
ON · always
$0.003/h
≈$2/mo
≈$2/mo
🔒 always
S3 storage — images, evidence, work orders, CloudTrail logs
Lifecycle: hot 30d → IA 90d → Glacier · Object Lock 7yr on evidence
ON · always
data-driven
🔒 always
⚠ Cleanup candidates (manual)
- Duplicate Reporter CloudFront:
E23TWFTKMOXHDW(alongsideEDS3851UYIZMY) — disable + delete. - Legacy admin distribution:
E1OX17KPXHJ040atadmin.opnimg.net— pre-§J cutover, retire after 30-day rollback window.
Activity (this session)
no actions yet — toggles will appear here