Annotated Bibliography

Resources organized by theme that supported the research, design, and development of Cloud Cost Autopilot.

AWS IAM & Security

Understanding IAM roles, trust relationships, and temporary credentials was essential for the secure AWS connection at the core of this project. These resources helped me implement AssumeRole correctly and debug permission errors.

AWS IAM Documentation — Roles and Temporary Credentials

Amazon Web Services. (2024). AWS Identity and Access Management User Guide. https://docs.aws.amazon.com/IAM/latest/UserGuide/

The primary reference for understanding how IAM roles, trust policies, and AssumeRole work. Used extensively to debug "Access Denied" errors and correctly configure the trust relationship JSON that allows the application's IAM user to assume the CloudCostAutopilot role.

AWS STS AssumeRole API Reference

Amazon Web Services. (2024). AWS Security Token Service API Reference. https://docs.aws.amazon.com/STS/latest/APIReference/

Referenced to understand the AssumeRole request parameters, credential expiration, and how to pass temporary credentials to other AWS SDK clients. Helped implement the one-hour session duration and credential refresh logic.

AWS SDK & EC2 Integration

These resources supported the implementation of EC2 instance discovery and the AWS SDK v3 client configuration used throughout the backend.

AWS SDK for JavaScript v3 — Developer Guide

Amazon Web Services. (2024). AWS SDK for JavaScript v3 Developer Guide. https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/

Used to learn the modular SDK v3 architecture, which differs significantly from v2. The guide helped set up client configuration with temporary credentials and understand the command pattern used for all AWS API calls in this project.

Amazon EC2 API — DescribeInstances

Amazon Web Services. (2024). Amazon EC2 API Reference. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/

Referenced to understand the structure of the DescribeInstances response and how to extract instance ID, type, state, and launch time from the nested Reservations array.

CloudWatch Metrics

CloudWatch is the data source for all CPU utilization metrics in the project. These resources helped implement the metrics query and understand the statistical aggregation options.

Amazon CloudWatch — GetMetricStatistics

Amazon Web Services. (2024). Amazon CloudWatch API Reference. https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/

Primary reference for implementing the CPU utilization query. Used to understand the Period, Statistics, Namespace, and Dimensions parameters needed to pull daily average CPU data for a specific EC2 instance over a 7-day window.

Node.js & Express Backend

These resources supported the design and implementation of the REST API backend that connects the React frontend to the AWS services and PostgreSQL database.

Express.js Documentation

OpenJS Foundation. (2024). Express.js Guide. https://expressjs.com/en/guide/

Used to structure the backend routes, middleware, and error handling. The guide informed the controller/route/service architecture pattern used throughout the project.

node-postgres (pg) Documentation

Brianc. (2024). node-postgres documentation. https://node-postgres.com/

Referenced to set up the PostgreSQL connection pool and write parameterized queries. Parameterized queries were used throughout to prevent SQL injection vulnerabilities.

React Frontend

These resources supported the development of the React dashboard, including component architecture, state management, and API integration.

React Documentation — Hooks and State Management

Meta Platforms. (2024). React Documentation. https://react.dev/

Used to implement useState and useEffect hooks for managing recommendation data, scan status, and loading states in the dashboard component. The docs were particularly helpful for understanding async data fetching patterns in functional components.

Cloud Cost Optimization

Background research on cloud cost management practices informed the product design and the choice to use 7-day average CPU as the primary idle detection metric.

AWS Cost Optimization Pillar — Well-Architected Framework

Amazon Web Services. (2024). AWS Well-Architected Framework: Cost Optimization Pillar. https://docs.aws.amazon.com/wellarchitected/latest/cost-optimization-pillar/

This AWS whitepaper provided the conceptual foundation for the project. It defines right-sizing and idle resource detection as core cost optimization strategies, validating the approach of using CloudWatch CPU metrics to identify waste. The 5% CPU threshold used in the recommendation engine aligns with recommendations in this document.

AWS EC2 On-Demand Pricing — US East (Ohio)

Amazon Web Services. (2024). Amazon EC2 On-Demand Pricing. https://aws.amazon.com/ec2/pricing/on-demand/

Used to build the EC2_PRICING lookup table in the recommendation service. The hourly rates for each instance type in us-east-2 are pulled directly from this page and used to calculate estimated monthly savings (hourly rate × 730 hours).