finops-patterns
FinOps and cloud cost engineering — visibility and attribution (tagging taxonomy), Infracost in CI/CD, OpenCost for Kubernetes, rightsizing recommendations, storage/network cost optimization, anomaly detection, and FinOps maturity model.
Best use case
finops-patterns is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
FinOps and cloud cost engineering — visibility and attribution (tagging taxonomy), Infracost in CI/CD, OpenCost for Kubernetes, rightsizing recommendations, storage/network cost optimization, anomaly detection, and FinOps maturity model.
Teams using finops-patterns should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/finops-patterns/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How finops-patterns Compares
| Feature / Agent | finops-patterns | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
FinOps and cloud cost engineering — visibility and attribution (tagging taxonomy), Infracost in CI/CD, OpenCost for Kubernetes, rightsizing recommendations, storage/network cost optimization, anomaly detection, and FinOps maturity model.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# FinOps & Cloud Cost Engineering
FinOps is the practice of bringing financial accountability to cloud spending. Engineering, Finance, and Business collaborate to understand and optimize cloud costs without sacrificing performance or speed.
## When to Activate
- Cloud costs are growing faster than engineering output
- No visibility into which team/service/feature drives cost
- Setting up Infracost in CI/CD pipelines for Terraform cost diffs
- Configuring OpenCost for Kubernetes cost attribution
- Designing a tagging taxonomy for cost allocation
- Rightsizing over-provisioned compute or storage
- Identifying and eliminating cloud waste (idle resources, orphaned disks)
- Preparing a FinOps audit or cost review presentation
---
## FinOps Framework (FinOps Foundation)
### Three Phases
```
Inform → Optimize → Operate
Inform: Visibility — who spends what, where, why
Optimize: Rightsizing, reservations, waste elimination
Operate: Continuous governance, anomaly detection, forecasting
```
### Shared Responsibility Model
| Role | Responsibility |
|------|---------------|
| Engineering | Architecting cost-efficient solutions, tagging resources, rightsizing |
| Finance | Budgeting, forecasting, chargeback to business units |
| Leadership | Setting targets, approving commitments (Reserved Instances, Savings Plans) |
| Platform/FinOps | Tooling, visibility dashboards, anomaly alerts |
### Unit Economics Metrics
```
Cost per Customer = Total Cloud Cost / Active Customers
Cost per Transaction = Total Cloud Cost / Monthly Transactions
Cost per Feature = Cloud Cost allocated to feature / Feature users
Track these in your observability dashboards alongside latency and error rate.
```
---
## Visibility & Attribution
### Tagging Taxonomy (Mandatory)
Define a consistent tagging standard before creating any new resource:
```hcl
# Terraform — enforce via locals + variable validation
locals {
required_tags = {
project = var.project # e.g., "payments-service"
team = var.team # e.g., "platform-eng"
environment = var.environment # dev | staging | production
service = var.service # e.g., "api-gateway"
owner = var.owner # e.g., "jane.doe@company.com"
cost-center = var.cost_center # e.g., "CC-12345"
}
}
resource "aws_instance" "app" {
ami = var.ami_id
instance_type = var.instance_type
tags = merge(local.required_tags, var.extra_tags)
}
```
### Tag Enforcement
```hcl
# AWS Config Rule — enforce required tags
resource "aws_config_config_rule" "required_tags" {
name = "required-tags"
source {
owner = "AWS"
source_identifier = "REQUIRED_TAGS"
}
input_parameters = jsonencode({
tag1Key = "project"
tag2Key = "team"
tag3Key = "environment"
tag4Key = "owner"
})
}
```
```yaml
# GCP Organization Policy — enforce labels
name: projects/my-project/policies/gcp.resourceLocations
spec:
rules:
- condition:
expression: "resource.matchedTagValue('team') == ''"
deny: {}
```
### Showback vs. Chargeback
| Model | Description | When to Use |
|-------|-------------|-------------|
| **Showback** | Show teams their costs informally | Early stage, build awareness |
| **Chargeback** | Allocate costs to team P&L | Mature FinOps, cost accountability needed |
---
## Infracost in CI/CD
Infracost estimates the monthly cost of Terraform changes and posts a diff to PRs.
### Setup
```bash
# Install Infracost
brew install infracost
infracost auth login
# Estimate cost for current Terraform config
infracost breakdown --path=.
# Generate diff against baseline (e.g., main branch)
infracost diff --path=. --compare-to=/tmp/infracost-base.json
```
### GitHub Actions Integration
```yaml
# .github/workflows/infracost.yml
name: Infracost
on:
pull_request:
paths:
- '**/*.tf'
- '**/*.tfvars'
jobs:
infracost:
name: Cost Estimate
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v4
- name: Setup Infracost
uses: infracost/actions/setup@v3
with:
api-key: ${{ secrets.INFRACOST_API_KEY }}
- name: Generate base cost (main branch)
run: |
git fetch origin main
git stash
git checkout origin/main
infracost breakdown --path=. \
--format=json \
--out-file=/tmp/infracost-base.json
git checkout -
- name: Generate PR cost diff
run: |
infracost diff \
--path=. \
--format=json \
--compare-to=/tmp/infracost-base.json \
--out-file=/tmp/infracost-diff.json
- name: Post comment to PR
run: |
infracost comment github \
--path=/tmp/infracost-diff.json \
--repo=$GITHUB_REPOSITORY \
--github-token=${{ secrets.GITHUB_TOKEN }} \
--pull-request=${{ github.event.pull_request.number }} \
--behavior=update
- name: Fail if cost increase > 20%
run: |
PERCENT=$(infracost output \
--path=/tmp/infracost-diff.json \
--format=json | \
jq '.diffTotalMonthlyCost / .pastTotalMonthlyCost * 100')
if (( $(echo "$PERCENT > 20" | bc -l) )); then
echo "Cost increase of $PERCENT% exceeds threshold!"
exit 1
fi
```
### Reading Infracost Output
```
Monthly cost estimate:
aws_db_instance.main $146.00/month (+$73.00 vs main)
aws_instance.app[0] $72.00/month (no change)
aws_elasticache_cluster.redis $24.00/month (+$24.00 new resource)
Total $242.00/month (+$97.00, +67%)
```
---
## OpenCost — Kubernetes Cost Attribution
### Installation
```bash
helm install opencost opencost/opencost \
--namespace opencost \
--create-namespace \
--set opencost.prometheus.internal.enabled=true
```
### Pod-Level Cost API
```bash
# Cost per namespace over last 24h
curl "http://localhost:9003/allocation?window=24h&aggregate=namespace" | jq
# Cost per deployment label
curl "http://localhost:9003/allocation?window=7d&aggregate=label:app" | jq
# Cost breakdown: CPU + Memory + Storage
curl "http://localhost:9003/allocation?window=30d&aggregate=controller" | jq '
.data[] | {
name: .name,
cpuCost: .cpuCost,
ramCost: .ramCost,
pvCost: .pvCost,
totalCost: .totalCost
}
'
```
### Grafana Dashboard
```yaml
# Import dashboard ID 12465 from grafana.com for OpenCost
# Or build custom panels:
# Panel: Top 10 most expensive namespaces
# PromQL:
sum by (namespace) (
label_replace(opencost_allocation_namespace_cost_total, "namespace", "$1", "namespace", "(.*)")
) / 30
# Shows daily average cost per namespace over last 30 days
```
### Kubecost vs. OpenCost
| Feature | OpenCost (OSS) | Kubecost (Commercial) |
|---------|---------------|----------------------|
| Cost attribution | Yes | Yes |
| Multi-cluster | Manual | Built-in |
| Savings recommendations | No | Yes |
| Alerts | No | Yes |
| Price: | Free | $0–$699+/cluster/month |
---
## Rightsizing
### Detect Over-Provisioning
```bash
# AWS Compute Optimizer recommendations (CLI)
aws compute-optimizer get-ec2-instance-recommendations \
--filters name=Finding,values=OVER_PROVISIONED \
--output table
# Kubernetes — find pods with high slack (request >> actual usage)
kubectl top pods -A | awk '{
if ($3+0 < $2*0.2) print $0, "OVER_PROVISIONED"
}'
```
### VPA (Vertical Pod Autoscaler) for Kubernetes
```yaml
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: my-app-vpa
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: my-app
updatePolicy:
updateMode: "Off" # "Off" = recommendations only, no auto-apply
resourcePolicy:
containerPolicies:
- containerName: my-app
minAllowed:
cpu: 100m
memory: 128Mi
maxAllowed:
cpu: 4
memory: 4Gi
```
```bash
# View VPA recommendations
kubectl describe vpa my-app-vpa | grep -A 20 "Recommendation"
```
### Reserved Instances / Savings Plans
```
Rule of thumb:
- Baseline steady-state workload (always running) → Reserved Instances (1yr) = ~40% savings
- Variable but predictable → Compute Savings Plans = ~30% savings
- Batch / fault-tolerant → Spot / Preemptible = ~60-90% savings
Analysis:
- AWS: Cost Explorer → Savings Plans → Recommendations
- GCP: Committed Use Discounts (CUD) Analyzer
- Azure: Azure Advisor → Cost recommendations
```
---
## Storage & Network Cost Optimization
### S3 Storage Classes
```python
# Lifecycle policy — move to cheaper tiers automatically
import boto3
s3 = boto3.client('s3')
s3.put_bucket_lifecycle_configuration(
Bucket='my-bucket',
LifecycleConfiguration={
'Rules': [{
'ID': 'cost-optimization',
'Status': 'Enabled',
'Transitions': [
{'Days': 30, 'StorageClass': 'STANDARD_IA'}, # -40% cost
{'Days': 90, 'StorageClass': 'GLACIER_IR'}, # -68% cost
{'Days': 365, 'StorageClass': 'DEEP_ARCHIVE'}, # -95% cost
],
'NoncurrentVersionExpiration': {'NoncurrentDays': 90},
}],
}
)
```
### Egress Cost Minimization
```
Key rules:
1. Keep compute in the same AZ/region as the data it processes
2. Use VPC endpoints (PrivateLink) for AWS services — eliminates NAT Gateway egress
3. CDN for static assets — S3 → CloudFront reduces origin egress by 60-90%
4. Compress API responses (gzip/brotli) — reduces data transfer volume
5. Same-region replicas preferred over cross-region for frequently accessed data
```
---
## Cost Anomaly Detection
### AWS Cost Anomaly Detection
```hcl
resource "aws_ce_anomaly_monitor" "service_monitor" {
name = "service-anomaly-monitor"
monitor_type = "DIMENSIONAL"
monitor_dimension = "SERVICE"
}
resource "aws_ce_anomaly_subscription" "alert" {
name = "cost-anomaly-alert"
threshold = 10 # Alert if anomaly > $10
frequency = "DAILY"
monitor_arn_list = [aws_ce_anomaly_monitor.service_monitor.arn]
subscriber {
type = "SNS"
address = aws_sns_topic.cost_alerts.arn
}
}
```
### GCP Budget Alerts
```hcl
resource "google_billing_budget" "monthly_budget" {
billing_account = var.billing_account_id
display_name = "Monthly Budget Alert"
amount {
specified_amount {
currency_code = "USD"
units = "10000" # $10,000 budget
}
}
threshold_rules {
threshold_percent = 0.5 # Alert at 50%
spend_basis = "CURRENT_SPEND"
}
threshold_rules {
threshold_percent = 0.8 # Alert at 80%
}
threshold_rules {
threshold_percent = 1.0 # Alert at 100%
spend_basis = "FORECASTED_SPEND"
}
all_updates_rule {
pubsub_topic = google_pubsub_topic.budget_alerts.id
}
}
```
---
## FinOps Maturity Model
| Level | Characteristics |
|-------|----------------|
| **Crawl** | Basic cost visibility, some tagging, monthly reviews |
| **Walk** | Infracost in CI, cost per team, anomaly alerts, rightsizing recommendations |
| **Run** | Unit economics, automated rightsizing, showback/chargeback, savings plan governance |
---
## Quick Wins Checklist
- [ ] Enable AWS Cost Explorer / GCP Cost Reports / Azure Cost Analysis
- [ ] Tag all resources with `project`, `team`, `environment`, `owner`
- [ ] Set up budget alerts (50%, 80%, 100% thresholds)
- [ ] Delete unattached EBS volumes, orphaned IPs, unused load balancers
- [ ] Enable S3 Intelligent-Tiering on buckets > 100GB
- [ ] Review Reserved Instance coverage — target > 70% for steady-state workloads
- [ ] Add Infracost to all Terraform CI pipelines
- [ ] Deploy OpenCost or Kubecost in Kubernetes clustersRelated Skills
zero-trust-patterns
Zero-Trust security patterns — mTLS between microservices (Istio/SPIFFE), SPIRE workload identity, OPA/Envoy authorization, NetworkPolicy default-deny-all, short-lived credentials, service mesh security, and Kubernetes RBAC hardening.
webrtc-patterns
WebRTC patterns — peer connection setup, ICE/STUN/TURN configuration, signaling server design, SFU vs mesh topology, screen sharing, media track management, and reconnect/ICE restart handling.
webhook-patterns
Webhook patterns for receiving, verifying (HMAC), and idempotently processing third-party events. Covers Stripe, GitHub, and generic webhook patterns, delivery guarantees, retry handling, and testing.
wasm-patterns
WebAssembly patterns: wasm-pack, wasm-bindgen (JS↔Wasm interop), WASI, Component Model, wasm-opt, Rust-to-WASM compilation, JS integration (web workers, streaming instantiation), and production deployment (CDN, Content-Type headers).
ux-micro-patterns
UX micro-patterns for every product state: Empty States, Loading States (skeleton screens, spinners, optimistic UI), Error States, Success States, Confirmation Dialogs, Onboarding Flows, and Progressive Disclosure. These patterns apply to every feature — done wrong, they're the biggest source of user confusion.
typescript-patterns
TypeScript patterns — type system best practices, strict mode, utility types, generics, discriminated unions, error handling with Result types, and module organization. Core patterns for production TypeScript.
typescript-patterns-advanced
Advanced TypeScript — mapped types, template literal types, conditional types, infer, type guards, decorators, async patterns, testing with Vitest/Jest, and performance. Extends typescript-patterns.
typescript-monorepo-patterns
TypeScript monorepo patterns with Turborepo + pnpm workspaces. Covers package structure, shared configs, task pipeline caching, build orchestration, and publishing strategy.
terraform-patterns
Infrastructure as Code with Terraform — project structure, remote state, modules, workspace strategy, AWS/GCP patterns, CI/CD integration, and security hardening. The standard for managing production infrastructure.
swiftui-patterns
SwiftUI architecture patterns, state management with @Observable, view composition, navigation, performance optimization, and modern iOS/macOS UI best practices.
swift-patterns
Core Swift patterns — value vs reference types, protocols, generics, optionals, Result, error handling, Codable, and module organization. Foundation for all Swift development.
swift-patterns-advanced
Advanced Swift patterns — property wrappers, result builders, Combine basics, opaque & existential types, macro system, advanced generics, and performance optimization. Extends swift-patterns.