AWS Cloud Financial Management

Starting your Cloud Financial Management journey: Cloud cost operations

Welcome to the fourth and final blog in our series which presents recommendations for how you can start and implement a successful CFM plan. We’ve already explored 3 of the CFM principles: See, Save, and Plan. Now we’re ready to jump into the fourth: Run. In this phase, you’ll look at how CFM fits into the structure of your business via processes, polices, and people that are key in your cloud journey.

Creating strong CFM governance

Building in the cloud provides a wide range of opportunities but we need to establish governance to keep ourselves safe from and prevent bill surprises, aka cost shock. Good governance also supports developing as efficiently as possible in the cloud. As they say, time is money. Here are a couple services that will help enable this:

1. AWS Control Tower – This is a service which simplifies your AWS experiences by orchestrating multiple AWS services on your behalf while maintaining the security and compliance needs of your organization. This is key as you can use it to implement preventive or detectable controls to monitor compliance across groups of AWS accounts. Examples that are relevant for CFM are… guardrails. These will give you an extra layer of protection from simple mistakes.

2. Infrastructure as code – Using this as your deployment method supports a code first environment in the cloud. This lowers the risk of idle resources in accounts that often come from manual creation. It allows you to reuse infrastructure in multiple environments which speeds up your deployment time. And it increases agility so you can more quickly optimize infrastructure by changing a variable rather than rebuilding, i.e., rightsizing an EC2 instance.

Establishing clear CFM policies

Polices allow you to set the rules in your account on what users can do; meaning, it’s an efficient way to stop users from doing stuff they’re not supposed to. However, this can stifle innovation if not used correctly. The key element surrounding policy is you need to provide a clear set of rules to follow them that’s also accompanied by a clear process to challenge them. This ensures developers have the access they need to do their job. Here are three types of policies we recommend you start with:

1. Tag policies –These ensure that the AWS users within your AWS Organization are tagging resources consistently and aligned to the strategy your organization has defined. You can define what resources need to be tagged and with what keys.

2. Service control policies– This is a type of organization policy that you can use to manage permissions in your organization. Having these in place can stop users from creating resources that do not fit with your organization’s guidelines. For example, creating them in a region you do not support, using an instance type that does not fit your RI/SP requirements, or lacking in tags required for tracking.

3. IAM policies – Define what your roles/users have access to. These are used in almost all accounts to control access. But for CFM, I wanted to highlight how they can be used for users in your finance teams who need access to billing information. You should restrict access to the management account as much as possible but a billing role, as seen here, will provide the access that is needed. This user will be able to see billing information, set up payments, and authorize payments. The user can monitor the costs accumulated for the entire AWS service. It’s important to note that we recently made some important changes to the AWS IAM permissions that govern access to the AWS Billing, Cost Management, and Account Consoles, so you can have a set of more fine-grained permissions for additional control.

Building a team with CFM in mind

As much as we automate and regulate accounts, people are the ones that will make building with CFM in mind a success.

Educate, educate, educate – It is key that everyone is speaking the same language with CFM. Investing in your people by educating them on cloud fundamentals, tooling, and best practices will ensure they are able to build and communicate with cloud costs in mine. By doing so, Finance and Technology teams can more closely collaborate on some of the root causes we mentioned earlier including pricing model decisions, mitigating unexpected cost variances, and looking forward at cloud budgeting and planning. There are a number of AWS educational resources such as classes for AWS Cloud for Finance Professionals, AWS Cloud Financial Management for Builders, and AWS Well-Architected Labs Cost Optimization Pillar.

Build partnerships – With everyone up-to-speed on CFM, it’ll be easy to bring together Finance, Developers, and Technology stakeholders. As part of this partnership, try to set organization-wide cost efficiency and goals to measure impact.

Establish cost culture – Normalize cost awareness in your development. With all the elements on this blog series complete, you will have inculcated cloud costs into your conversations. Bringing the topic of CFM into planning meetings, development cycles, and review sessions will ensure you are always keeping to your goals of being more cost focused.


Now that you’ve read through this 4-part series on starting you CFM Journey you should have the right knowledge and tools to being building a successful CFM practice. Setting these up will give you a solid foundation from which you can build upon, and eventually customize your practice within your organization.

Cloud Financial Management pillars: See, Save, Plan, Run

Figure 1. Cloud Financial Management pillars: See, Save, Plan, Run

To accelerate your getting started journey, join us for the Starting your Cloud Financial Management Journey CFM Talks webinar on Tues., Feb 7 at 10AM PT.  We’ll walk through each of the pillars with the ultimate goal of making sure the services in your account family are configured so you have a clear overview of your accounts and how to optimize them.

🎫Save your spot: Starting your Cloud Financial Management Journey CFM Talks webinar

Stephanie Gooch

Stephanie Gooch

Stephanie is a Commercial Architect in the AWS OPTICS team. She is a subject matter expert in guiding customers through ways to optimize their current and future AWS spend. Her team enable customers to organise and interpret billing and usage data, identify actionable insights from that data, and develop sustainable strategies to embed cost into their culture. In her previous career she managed the FinOps team for one of the Big four.