Cloud Cost Optimization Pack

We built this so you don't have to manually audit every EC2 instance at 2 AM. You're an engineer. You want to ship code, not play accountant. But your cloud bill is growing faster than your revenue, and the current tools are giving you spreadsheets instead of solutions. This pack turns cost optimization into a CI/CD pipeline, not a quarterly meeting. We provide the policies, scripts, and validation logic to enforce optimization at the code level, so your team can reduce spend without risking SLOs.

Your Cloud Bill is a Black Box You Can't Audit Manually

Most teams treat cloud costs as a finance problem. That's a mistake. Costs are a code problem. You deploy a container, it spins up a load balancer, and suddenly you're paying for egress you didn't budget for. The problem isn't just spending too much; it's the lack of visibility into where the waste lives. You've tried the dashboards. You've tried the alerts. But dashboards show you the past. Alerts tell you you're over budget after the damage is done.

Real optimization requires understanding the lifecycle of resources. As the FinOps Foundation outlines, effective optimization requires planning, provisioning, and using resources with cost in mind from the start ^[1]. Without that, you're just reacting. You're also fighting the "Zoo of Metrics". CPU utilization lies. A Java app might spike to 90% CPU during a GC pause, then sit idle. If you rightsize based on the spike, you crash production. If you base it on the average, you overpay. You need sustained usage analysis, unit economics, and context.

Tools like the AWS Cost Optimization Playbook Pack help with tagging governance, but they don't solve the automation gap. You need policies that enforce governance at the schema level, not just in the console. If you're building custom optimizers, this pack provides the foundational patterns for rightsizing and cost allocation that you can extend. You need a workflow that validates policies before they run, catches schema violations, and ensures every resource carries the metadata required for accurate chargeback.

The Hidden Tax of Unchecked Cloud Spend

Ignoring this costs more than just dollars. It costs engineering velocity. Every month, your team spends hours in "FinOps theater"—meetings where finance blames engineering for waste, and engineering blames product for feature creep. No one fixes anything. The financial bleed is real. Research shows the biggest savings come from usage and contract optimization, including rightsizing and aligning tools with actual usage ^[2]. But manual rightsizing is slow. You're likely leaving 20-30% of your budget on the table. If you're spending $100k/month, that's $20k to $30k vanishing into zombie resources, orphaned snapshots, and over-provisioned instances.

Worse, the risk compounds. When you cut costs reactively, you cut the wrong things. You kill a Lambda function right before a marketing campaign. You resize a database node and kill your P99 latency. Or worse, you leave security gaps open because you're too busy fighting the bill. Automation is the only way to scale optimization without scaling headcount. Automated cost optimization cuts down on manual toil and ensures routine activities like rightsizing and cleanup happen safely ^[3]. Without automation, you're relying on human memory, and humans forget.

You also face the "Cost Avoidance" trap. FinOps distinguishes between cost avoidance (usage) and cost optimization (rate) ^[6]. Most teams only chase rate reductions (Savings Plans) while ignoring usage waste. You need to optimize both. If you're running multi-cloud, the complexity doubles. You need a Multi-Cloud Cost Comparison Framework Pack to normalize data, but even then, you need the execution layer to actually enforce the rules. Every hour your engineers spend manually correlating billing data with resource tags is an hour they aren't shipping features.

A Platform Team's Three-Week Rightsizing Nightmare

Imagine a platform team managing a hybrid Kubernetes cluster with 500 nodes and a sprawling serverless backend. Their bill hit $180k last month. Their CTO gave them two weeks to cut 20%.

The team started with a spreadsheet. They exported AWS Cost Explorer data, manually correlated it with Kubernetes namespaces, and tried to guess which pods were idle. They flagged a group of r5.2xlarge instances running at 12% CPU. They resized them to r5.large. Within an hour, their CI/CD pipeline stalled because the build agents couldn't handle the parallelism. They had to revert. Then they tried to clean up "waste". They found 400 unassociated EBS volumes. They deleted them. Two days later, a junior engineer cried because one of those volumes held the staging database dump they forgot to back up. They were guessing.

This is why we built the Cloud Cost Optimization Pack. The team installed the pack and ran the automated workflow. First, they ran scripts/validate_policies.sh against their proposed changes. The script caught a schema violation in a Custodian policy that would have allowed deletion of production resources. The --strict flag saved them from a disaster.

Next, they deployed templates/custodian-rightsizing.yaml. The policy used metric filters to identify VMs with sustained CPU < 50% over 14 days. It didn't just resize; it recommended VM.Standard.E3.Flex shapes based on Context7 patterns, ensuring the new shape matched the memory profile. It also applied CloudTrail event-driven auto-tagging with ARN exclusion regex, so the policy never touched resources tagged env=prod or team=platform-critical.

They ran scripts/cost_optimizer.py against their billing CSV. The script calculated unit economics and flagged that their AI inference tokens were costing $0.04 per request, while the industry benchmark was $0.01. It output a prioritized list: "Rightsize 40 instances for $8k/mo savings" and "Refactor AI pipeline for $12k/mo savings." The team executed the rightsizing. No incidents. They saved 22% in the first week. They implemented the FinOps report schema, and now every sprint review includes a cost-per-feature metric. They stopped the bleeding and started engineering-led optimization.

What Changes When Cost Optimization is Code, Not Meetings

Once this skill is installed, cost optimization shifts from a monthly audit to a continuous control loop. You embed cost governance directly into the development lifecycle, preventing waste before infrastructure is deployed ^[7]. Engineers see cost implications in their PRs. When you add a resource, validators/finops-report.schema.json ensures the metadata is complete. If you try to merge a resource without a cost-center tag, the build fails. This is Shift-Left FinOps in action.

The automation handles the heavy lifting. templates/custodian-cost-allocation.yaml enforces naming conventions and applies mark-for-deletion tags to resources that haven't been accessed in 90 days. It manages IAM bindings for Spanner/Entra ID resources, ensuring billing accountability across complex environments. You get visibility into unit economics. The cost_optimizer.py script tracks AI inference token costs and SaaS usage, giving you the data to negotiate contracts or refactor code.

You can pair this with Cloud Waste Detection and Cleanup Pack for deeper resource correlation, or use Serverless Cost Modeling Pack to model Lambda cold starts against memory allocation. For Kubernetes teams, the pack integrates with Kubernetes Cost Governance Pack to enforce namespace constraints. You're not just cutting costs; you're building a culture of accountability. The references/finops-principles.md file gives your team the canonical knowledge to make decisions, not just follow rules. You reduce spend while increasing value, ensuring every dollar of cloud spend drives user outcomes.

What's in the Cloud Cost Optimization Pack

This is a multi-file deliverable. Every file is production-grade, tested, and ready to drop into your repo.

• skill.md — Orchestrator skill that defines the 360° cloud cost optimization workflow. Explicitly references all other files by relative path to guide the AI agent through rightsizing, FinOps reporting, policy validation, and automation execution.
• templates/custodian-rightsizing.yaml — Production-grade Cloud Custodian policy for automated compute rightsizing. Grounded in Context7 OCI/AWS patterns: uses metric filters (CPU < 50%), conditional shape updates (VM.Standard.E3.Flex), and CloudTrail event-driven auto-tagging with ARN exclusion regex.
• templates/custodian-cost-allocation.yaml — Production-grade Cloud Custodian policy for cost allocation and chargeback enforcement. Grounded in Context7: enforces naming conventions, applies 'mark-for-deletion' tags, and manages IAM bindings for Spanner/Entra ID resources to ensure billing accountability.
• scripts/validate_policies.sh — Executable shell script that runs Cloud Custodian validation against policy directories. Uses custodian validate --strict and --no-deps flags per Context7 docs. Exits non-zero on schema violations or deprecated keys.
• scripts/cost_optimizer.py — Executable Python script that ingests cloud billing CSV/JSON exports, calculates unit economics, and outputs prioritized rightsizing recommendations. Implements FinOps ROI frameworks and AI inference token cost tracking.
• validators/finops-report.schema.json — JSON Schema validator for FinOps chargeback and optimization reports. Enforces required fields for cost centers, resource tags, savings projections, and AI feature unit economics. Exits non-zero on validation failure.
• references/finops-principles.md — Canonical reference embedding the 6 FinOps principles, AI cost governance patterns, token economics, and ROI frameworks. Curated authoritative knowledge for engineering-led cost optimization decisions.
• references/custodian-patterns.md — Canonical reference documenting event-driven automation patterns from Context7: CloudTrail ARN exclusion, Security Hub finding remediation, partial statement matching for EFS, and multi-cloud credential configuration.
• examples/workflow-automation.yaml — Worked example demonstrating a complete optimization pipeline: policy validation -> rightsizing execution -> cost allocation tagging -> FinOps report generation. Integrates templates and scripts into a reproducible workflow.
• tests/c7n-validation.test.sh — Automated test script that provisions a temporary policy file, runs custodian validate, and asserts exit code 0 for valid schemas and exit code 1 for invalid ones. Ensures policy files never break CI/CD pipelines.

Stop Guessing, Start Saving

You don't need another dashboard. You need a workflow that enforces optimization at the code level. Upgrade to Pro to install the Cloud Cost Optimization Pack. Stop bleeding cloud spend on manual audits and zombie resources. Start engineering-led cost control that scales with your infrastructure.

Install the pack, validate your policies, and run the optimizer. Your bill will drop, and your team will sleep better.

Upgrade to Pro and Install

---