We've all been there: You find an unused NAT Gateway costing $45/mo. You delete it in the AWS console to stop the billing immediately. But the next time you run terraform plan, it fails because of state drift. Now you have to manually run terraform state rm or import it back to fix the drift. It's tedious, so often we just leave the waste running. I built CloudSlash to automate the cleanup and the state surgery. It’s written in Go (using BubbleTea for the TUI) and solves two engineering problems: 1. Finding "hollow" resources (the graph). Most cost tools just check CloudWatch metrics (CPU < 5%). That creates too much noise. Instead, I build an in-memory graph of the infrastructure to find structural waste. Example: An "Active" ELB. It has healthy targets, so metrics look good. But if you traverse the graph (ELB -> Instance -> Subnet -> Route Table), you might see the Route Table has no path to an Internet Gateway. The ELB is functionally dead, even if AWS reports it as "healthy." 2. The state mapping. Deleting the resource in AWS is easy. The challenge is mapping a physical ID (e.g., nat-0a1b2c) back to its Terraform address (e.g., module.vpc.aws_nat_gateway.public[0]) so you can remove it from the state file programmatically. I wrote a parser that reads your local .tfstate, handles the complex JSON structure (including nested modules and for_each outputs), and generates a remediation script. It outputs a shell script (fix_terraform.sh) that runs the necessary terraform state rm commands for you. It never writes to your .tf files directly—it just hands you the script to review and run. The core logic, scanner, and TUI are open source (AGPLv3). I charge a one-time license for the feature that auto-generates the fix scripts for developers , but the forensic analysis/detection is free. Repo: https://github.com/DrSkyle/CloudSlash