FinOps
Cost anomaly detection, idle resource identification, and savings modelling across AWS and Azure.
What it covers
| Skill | What it detects | Output |
|---|---|---|
| Cost anomaly detection | Unexpected cost spikes vs historical baseline, per service/account | Finding + cost anomaly report |
| Idle resource identification | Underutilized EC2, oversized RDS, unused Elastic IPs, orphaned EBS volumes | Finding |
| Reservation utilization | Reserved Instance and Savings Plan coverage gaps | Report |
| Cost spike attribution | Which accounts, services, and resources drove a cost increase | Triage summary |
| Azure cost analysis | Subscription-level cost breakdown, idle VMs, unattached disks | Finding + report |
Example prompts
What drove my AWS cost increase this month?
Which EC2 instances have had less than 5% CPU utilisation for the last 30 days?
How much am I spending on unattached EBS volumes across all accounts?
Show me my Reserved Instance coverage gaps
Which Azure subscriptions are over budget?Required permissions
AWS
json
"ce:GetCostAndUsage",
"ce:GetCostForecast",
"ce:GetDimensionValues",
"ce:GetReservationUtilization",
"ce:GetSavingsPlansCoverage",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeAddresses",
"rds:DescribeDBInstances",
"cloudwatch:GetMetricStatistics"INFO
Cost Explorer must be enabled in the AWS account (Billing → Cost Explorer → Enable). Data has a ~24h lag.
Azure
Assign the Cost Management Reader role on the target subscription (or management group for cross-subscription analysis):
bash
# Assign Cost Management Reader
az role assignment create \
--assignee YOUR_SP_APP_ID \
--role "Cost Management Reader" \
--scope /subscriptions/YOUR_SUBSCRIPTION_IDRequired permissions (included in Cost Management Reader):
Microsoft.CostManagement/query/action
Microsoft.CostManagement/exports/read
Microsoft.Consumption/usageDetails/read
Microsoft.Billing/billingPeriods/readOutput types
FinOps skills produce:
finding— for actionable idle/waste items (links directly to a remediation Playbook)report— for cost trend analysis and reservation coverage (informational, may spawn Findings)triage— for cost spike attribution queries (rapid prioritisation without Plan generation)
Next steps
- SecOps — Combine cost findings with security posture
- Skills Overview — How skills compose across verticals