What FinOps Actually Is
FinOps (Cloud Financial Operations) is a cultural and operational framework — not a tool. The FinOps Foundation defines it as "an evolving cloud financial management discipline and cultural practice that enables organizations to get maximum business value by helping engineering, finance, and business teams to collaborate on data-driven spending decisions."
In practice: FinOps bridges the gap between the engineering team that spins up resources and the finance team that pays for them. Without FinOps, engineers optimize for velocity and reliability (ignoring cost). Finance teams get surprised monthly bills and respond with blunt cost cuts that break things. FinOps creates shared accountability with shared visibility.
The FinOps Maturity Model
Crawl (0-6 months): Visibility
- Enable Cost Explorer and tagging
- Build a baseline cost report by team/product
- Identify top 10 cost drivers
- Set up anomaly detection alerts
- Create a Slack channel for cost awareness
Walk (6-18 months): Optimization
- Implement chargeback/showback to teams
- Right-size instances with Compute Optimizer
- Purchase first Savings Plans/Reserved Instances
- Kill idle/unused resources
- Cost reviews in quarterly planning
Run (18+ months): Culture
- Unit economics tracking (cost per API call, cost per user)
- Engineers make cost-aware architecture decisions
- Cost efficiency as an engineering KPI
- Automated cost policy enforcement
- Continuous optimization as BAU (business as usual)Tagging Strategy: The Foundation of Everything
# Tags are mandatory before any cost allocation is possible
# Define your taxonomy first, then enforce it with AWS Config or Azure Policy
# Required tags (enforce with SCPs/Policy):
locals {
required_tags = {
"Environment" = "production" # production, staging, development
"Team" = "platform-eng" # Owning team (maps to Slack channel)
"Product" = "checkout-service" # Product/service name
"CostCenter" = "CC-1042" # Finance cost center code
"Owner" = "jane.smith" # Individual owner (for escalation)
"ManagedBy" = "terraform" # terraform, manual, cdk
}
}
# AWS Config Rule to enforce required tags
resource "aws_config_config_rule" "required_tags" {
name = "required-tags"
source {
owner = "AWS"
source_identifier = "REQUIRED_TAGS"
}
input_parameters = jsonencode({
tag1Key = "Team"
tag2Key = "Product"
tag3Key = "Environment"
tag4Key = "CostCenter"
})
}
# AWS Service Control Policy — prevent resource creation without tags
# (Attach to OU in AWS Organizations)
resource "aws_organizations_policy" "require_tags" {
name = "RequireResourceTags"
type = "SERVICE_CONTROL_POLICY"
content = jsonencode({
Version = "2012-10-17"
Statement = [{
Effect = "Deny"
Action = [
"ec2:RunInstances",
"rds:CreateDBInstance",
"elasticache:CreateReplicationGroup"
]
Resource = "*"
Condition = {
"Null" = {
"aws:RequestTag/Team" = "true"
"aws:RequestTag/Product" = "true"
"aws:RequestTag/CostCenter" = "true"
}
}
}]
})
}Chargeback vs Showback
Showback: Show teams their costs, no financial consequence
Pros: Easy to start, builds awareness
Cons: No incentive to change behavior
Best for: Early FinOps maturity, trust-building phase
Chargeback: Allocate costs to team budgets, financial consequence
Pros: Strong incentive to optimize
Cons: Requires accurate tagging, can cause friction
Best for: Mature organizations with reliable tagging
Hybrid approach (recommended):
1. Showback for 6 months (build trust, fix tagging gaps)
2. Soft chargeback: forecast vs actuals in team reviews
3. Hard chargeback: affect team budget allocations
Shared infrastructure allocation:
Some resources are truly shared (VPC, NAT Gateway, monitoring stack)
Common allocation methods:
- Proportional: allocate based on each team's % of total compute spend
- Fixed: divide equally by team count
- Usage-based: meter actual usage and charge accordingly
Best practice: create a "shared-infra" cost center, allocate
proportionally, and report separately to avoid disputes.Unit Economics: Cost Per Business Metric
# Unit economics transforms "we spent $50K last month" into
# "we spent $0.003 per API request" — a meaningful engineering metric
import boto3
from datetime import datetime, timedelta
def get_cost_per_unit():
ce = boto3.client('cost-explorer', region_name='us-east-1')
end = datetime.today().strftime('%Y-%m-%d')
start = (datetime.today() - timedelta(days=30)).strftime('%Y-%m-%d')
# Get total cloud cost for the period
response = ce.get_cost_and_usage(
TimePeriod={'Start': start, 'End': end},
Granularity='MONTHLY',
Filter={
'Tags': {
'Key': 'Product',
'Values': ['api-gateway']
}
},
Metrics=['UnblendedCost']
)
total_cost = float(response['ResultsByTime'][0]['Total']['UnblendedCost']['Amount'])
# Get business metrics from your analytics system
# (Replace with your actual metrics source)
api_requests = get_api_requests_from_datadog(start, end) # e.g., 500,000,000
active_users = get_mau_from_database() # e.g., 15,000
orders_processed = get_orders_from_database() # e.g., 250,000
metrics = {
'total_cloud_cost_usd': total_cost,
'cost_per_api_request': total_cost / api_requests,
'cost_per_mau': total_cost / active_users,
'cost_per_order': total_cost / orders_processed,
'period': f"{start} to {end}"
}
return metrics
# Target unit economics benchmarks (industry reference):
# SaaS: cloud cost should be 15-25% of revenue
# API business: $0.001-0.01 per API call
# E-commerce: $0.10-0.50 per order (cloud infra component only)
# Streaming: $0.001-0.005 per stream-minuteCost Showback Dashboard with Grafana
# Use AWS Cost Explorer API + Grafana for live dashboards
# Or use open-source tools: Infracost, OpenCost, Kubecost
# OpenCost for Kubernetes cost allocation (open source)
# Installs into your cluster, allocates costs to namespaces/deployments
# helm install
helm install opencost opencost/opencost --namespace opencost --create-namespace --set opencost.prometheus.external.enabled=true --set opencost.prometheus.external.url=http://prometheus:9090
# After install, Grafana dashboards show:
# - Cost by namespace
# - Cost by deployment
# - CPU/memory efficiency (% of requested resources actually used)
# - Cost trend over time
# - Idle resource costs
# Query cost by team in Grafana (using opencost metrics):
# sum(container_cpu_allocation * on(node) group_left() node_cpu_hourly_cost) by (label_team)
# + sum(container_memory_allocation_bytes * on(node) group_left() node_ram_hourly_cost) by (label_team)Automated Cost Policies
# Lambda function to auto-stop untagged resources
import boto3
import json
def lambda_handler(event, context):
ec2 = boto3.client('ec2')
# Find instances without required tags
response = ec2.describe_instances(
Filters=[
{'Name': 'instance-state-name', 'Values': ['running']}
]
)
untagged_instances = []
required_tag_keys = {'Team', 'Product', 'Environment'}
for reservation in response['Reservations']:
for instance in reservation['Instances']:
existing_tags = {tag['Key'] for tag in instance.get('Tags', [])}
missing_tags = required_tag_keys - existing_tags
if missing_tags:
untagged_instances.append({
'InstanceId': instance['InstanceId'],
'LaunchTime': instance['LaunchTime'].isoformat(),
'MissingTags': list(missing_tags)
})
if untagged_instances:
# First offense: send notification
# After 48 hours: stop the instance
# After 7 days: terminate
sns = boto3.client('sns')
sns.publish(
TopicArn='arn:aws:sns:us-east-1:123456789:cost-alerts',
Subject='Untagged EC2 Instances Detected',
Message=json.dumps(untagged_instances, indent=2)
)
return {'untagged_count': len(untagged_instances)}FinOps KPIs and Reporting Cadence
Weekly (engineering team):
- Anomaly alerts resolved
- Top 5 cost changes week-over-week
- Untagged resources count
- Idle resources (CPU < 5% for 7+ days)
Monthly (team leads):
- Cost by team vs budget
- Unit economics vs previous month
- Savings Plans coverage and utilization
- Top optimization opportunities identified
Quarterly (CTO/CFO):
- Total cloud spend vs revenue ratio
- Unit economics trend (cost per user/request/order)
- Commitment purchases and ROI
- Waste eliminated this quarter ($)
- Forecast vs actuals
Key FinOps KPIs:
- Savings Plans coverage: target 70-80% of eligible spend
- Spot instance usage: target 30-50% of compute
- Tagging compliance: target 98%+
- Cloud cost as % of revenue: depends on business model
- Cost per unit trend: should decrease as you optimizeGetting Engineering Buy-In
The hardest part of FinOps is not the technology — it is the culture.
What does NOT work:
- Finance team demanding cost cuts without context
- Punishing teams for cost overruns without explaining why
- Cost reviews only when bills are too high
- Treating cloud cost as purely a finance problem
What DOES work:
1. Make cost visible in development workflows
- Add cost estimates to pull requests (Infracost in CI/CD)
- Show cost in deployment dashboards
- Include cost in architecture review templates
2. Celebrate optimization wins
- Monthly "cost champion" recognition
- Track and publicize savings achieved by engineering teams
- Include cost efficiency in performance reviews
3. Connect cost to business outcomes
- "Our cloud cost per order went from $0.50 to $0.20 — that's
$750K/year that funds 6 new engineers or product development"
- Engineers respond to business context, not arbitrary budget limits
4. Automate the guardrails, not the punishment
- Prevent creation of expensive resources without approval
- Alert before overspending, not after
- Make cost-efficient defaults easy (e.g., Graviton as default in AMIs)Conclusion
FinOps is a journey, not a destination. Most organizations start with almost zero visibility into who is spending what and why, and within 12-18 months of a structured FinOps practice achieve 30-50% cost reduction while accelerating delivery. The returns compound: as teams develop cost-aware instincts, every architecture decision automatically considers efficiency alongside performance and reliability.
Start today with the simplest possible step: enable Cost Explorer, create a tagging policy, and share a monthly cost report with engineering leads. That one step creates the accountability loop that everything else builds on.
E
Emily Watson
Technical Writer and Developer Advocate who simplifies complex technology for everyday readers.