💰 FinOps Cost Analysis¶

Monthly cost validation is the FinOps equivalent of monthly close — cross-validate spend against budget, detect anomalies, identify savings via orphan resources, and validate accuracy to ≥99.5% before CFO sign-off.

For CxO — what FinOps cost analysis tells you in 60 seconds

Cost analysis is your monthly financial close process for cloud. It defines whether your cloud spend matches budget, whether untagged resources are creating blind spots, and whether anomaly detection is catching cost spikes before they hit the invoice. These 4 discovery commands extract that data into CSV files that feed your financial reporting and FinOps optimization roadmap.

Why it matters to you: (1) Regulatory compliance — APRA CPS 230 §35 requires traceable cost allocation and anomaly response protocols documented before month-end. (2) Financial accuracy — untagged spend and orphan resources inflate budget variance; these commands are your monthly audit controls. (3) Optimization velocity — anomaly-to-fix latency determines whether you respond to cost spikes ($50K overruns) or absorb them (quarterly forecast misses). Running this analysis monthly ensures your cost model reflects reality and your remediation pipeline is active.

📊 Governance Posture Snapshot¶

Board-meeting screenshot — 4 KPIs at a glance

Cost KPI	Verdict trigger	Evidence file
Monthly spend vs budget variance	🟢 ≤5% variance · 🟡 5-10% (review drivers) · 🔴 >10% (financial risk — investigate)	`tenants/b2b-energy/raw/finops/cost-analysis-${DATE}.csv`
Untagged spend % of total	🟢 ≤5% untagged · 🟡 5-15% (tagging campaign needed) · 🔴 >15% (blind spot audit finding)	`tenants/b2b-energy/raw/finops/untagged-spend-${DATE}.csv`
Cost anomalies detected (last 7d)	🟢 0 anomalies (stable) · 🟡 1-3 (investigate, may be planned spikes) · 🔴 >3 (cost governance failure — escalate)	`tenants/b2b-energy/raw/finops/cost-anomalies-${DATE}.csv`
Orphan savings YTD	🟢 ≥$50K identified · 🟡 $10-50K (remediation in flight) · 🔴 $0 or unknown (discovery blind spot)	`tenants/b2b-energy/raw/finops/orphan-resources-${DATE}.csv`

Why This Matters¶

Financial Close Equivalent: Your CFO closes the P&L monthly against actuals. You must close cloud cost against budget using the same rigor. Without dated, verified cost exports, you have no audit proof for reconciliation. These 4 CSVs are your cost ledger.

Optimization Signal: Cost anomalies are your most actionable FinOps signal — a 20% spend spike on EC2 last Tuesday is worth $500-$2000/month if investigated and fixed. These commands surface anomalies within hours of occurrence, not weeks later in a bill review.

🛠️ Operational Paths — Generate the Evidence¶

Path 1 — runbooks CLI (recommended)Path 2 — Claude command (agentic)Path 3 — AWS CLI (raw / fallback)

Category	Profile	Commands	Total Duration	Output
Cost analysis + anomaly detection	`$AWS_BILLING_PROFILE`	4 list-* calls (loop below)	~60s	4 dated CSVs in `tenants/b2b-energy/raw/finops/`

# Run All — refresh all 4 cost analysis datasets
DATE=$(date +%Y-%m-%d)
OUT=tenants/b2b-energy/raw/finops
mkdir -p "$OUT"
for CMD in \
    "dashboard --format csv" \
    "cost-drops --format csv" \
    "detect-orphans --format csv" \
    "validate-with-mcp --format csv"; do
  NAME=$(echo "$CMD" | awk '{print $1}' | tr - _)
  uv run runbooks finops $CMD \
    --profile $AWS_BILLING_PROFILE \
    --output "$OUT/${NAME}-${DATE}.csv"
done

Run individual commands instead (for debugging one dataset)

# From project root
cd /Volumes/Working/projects/command-center

uv run runbooks finops dashboard \
  --profile $AWS_BILLING_PROFILE \
  --format csv \
  --output tenants/b2b-energy/raw/finops/dashboard-$(date +%Y-%m-%d).csv

uv run runbooks finops cost-drops \
  --profile $AWS_BILLING_PROFILE \
  --format csv \
  --output tenants/b2b-energy/raw/finops/cost-drops-$(date +%Y-%m-%d).csv

uv run runbooks finops detect-orphans \
  --profile $AWS_BILLING_PROFILE \
  --format csv \
  --output tenants/b2b-energy/raw/finops/detect-orphans-$(date +%Y-%m-%d).csv

uv run runbooks finops validate-with-mcp \
  --profile $AWS_BILLING_PROFILE \
  --format csv \
  --output tenants/b2b-energy/raw/finops/validate-with-mcp-$(date +%Y-%m-%d).csv

Use the Claude FinOps orchestrators for autonomous cost analysis with ADLC governance:

/finops:report
/finops:analyze

Then in Claude session with $AWS_BILLING_PROFILE configured:

Each command handles pagination, retry logic, confidence scoring, and audit trail in tmp/command-center/coordination-logs/.

Why use Claude commands: Automatic pagination across accounts, retry on transient failures, MCP cross-validation results, APRA CPS 230 audit trail capture.

For direct API validation or when runbooks CLI is unavailable, these sample commands verify core cost analysis:

# Monthly cost breakdown by service
aws ce get-cost-and-usage \
  --time-period Start=$(date -d '1 month ago' +%Y-%m-01),End=$(date +%Y-%m-%d) \
  --granularity MONTHLY \
  --metrics "UnblendedCost" "AmortizedCost" \
  --group-by Type=DIMENSION,Key=SERVICE \
  --profile $AWS_BILLING_PROFILE \
  --output json

# Cost anomalies (last 7 days)
aws ce get-anomalies \
  --time-period Start=$(date -d '7 days ago' +%Y-%m-%d),End=$(date +%Y-%m-%d) \
  --profile $AWS_BILLING_PROFILE \
  --output json

# Savings Plans coverage
aws ce get-savings-plans-utilization-details \
  --time-period Start=$(date -d '1 month ago' +%Y-%m-01),End=$(date +%Y-%m-%d) \
  --profile $AWS_BILLING_PROFILE \
  --output json

Reference: For all 4 commands, uv run runbooks finops <cmd> --help displays the underlying boto3 call and parameter documentation.

Expected Output — 4 CSV Files

Output location: tenants/b2b-energy/raw/finops/ · Date suffix: $(date +%Y-%m-%d)

Why these 4 datasets map to the CMDB: Every cost center in your ServiceNow service map must trace back to a dated source-of-truth export — the CMDB/CSDM mapping column in each tab below shows which Cost Center or Business Capability each AWS service field lands in.

DashboardCost AnomaliesOrphan ResourcesMCP Validation

Source: runbooks finops dashboard --format csv · File: dashboard-*.csv

Field	Description	Example	CMDB/CSDM CI Mapping
`service`	AWS service name	`Amazon Elastic Compute Cloud - Compute`	`cmdb_ci_cost_center.name` (service grouping)
`current_month_cost`	Current month total	`12345.67`	`cmdb_cost_entry.total_unblended_cost`
`previous_month_cost`	Previous month total	`11234.56`	`cmdb_cost_entry.previous_month_cost`
`change_amount`	Month-over-month absolute	`1111.11`	`cmdb_cost_entry.cost_variance`
`change_percent`	Month-over-month %	`9.9%`	`cmdb_cost_entry.variance_percent`
`account_id`	AWS account	`${AWS_ACCOUNT_ID}`	`cmdb_ci_cloud_service_account.account_id`

Source: runbooks finops cost-drops --format csv · File: cost-drops-*.csv

Field	Description	Example	CMDB/CSDM CI Mapping
`anomaly_date`	Date anomaly detected	`2026-05-20`	`cmdb_cost_entry.anomaly_detected_date`
`service`	Service with cost spike	`Amazon RDS Service`	`cmdb_ci_cost_center.name`
`baseline_cost`	Expected daily cost	`500.00`	`cmdb_cost_entry.baseline_unblended_cost`
`actual_cost`	Actual daily cost	`750.00`	`cmdb_cost_entry.actual_unblended_cost`
`variance_percent`	% above baseline	`50%`	`cmdb_cost_entry.anomaly_variance_percent`
`severity`	Impact level	`MEDIUM`	`cmdb_cost_entry.anomaly_severity`
`account_id`	AWS account	`${AWS_ACCOUNT_ID}`	`cmdb_ci_cloud_service_account.account_id`

Source: runbooks finops detect-orphans --format csv · File: detect-orphans-*.csv

Field	Description	Example	CMDB/CSDM CI Mapping
`resource_id`	AWS resource identifier	`i-0a1b2c3d4e5f6g7h8`	`cmdb_ci_cloud_instance.resource_id`
`resource_type`	AWS resource class	`EC2-Instance`	`cmdb_ci_cloud_instance.type`
`state`	Instance state	`stopped`	`cmdb_ci_cloud_instance.operational_status`
`last_activity`	Last API call date	`2025-09-15`	`cmdb_ci_cloud_instance.last_activity_date`
`monthly_cost`	Monthly cost if running	`45.50`	`cmdb_ci_cloud_instance.monthly_cost_estimate`
`annual_savings_if_terminated`	Decommission savings	`546.00`	`cmdb_ci_cloud_instance.u_annual_savings_potential`
`account_id`	AWS account	`${AWS_ACCOUNT_ID}`	`cmdb_ci_cloud_service_account.account_id`

Source: runbooks finops validate-with-mcp --format csv · File: validate-with-mcp-*.csv

Field	Description	Example	CMDB/CSDM CI Mapping
`validation_date`	Cross-validation run date	`2026-05-20`	`cmdb_cost_entry.validated_date`
`source_dataset`	Dataset being validated	`cost-drops`	`cmdb_cost_entry.u_source_dataset`
`mcp_accuracy_percent`	≥99.5% target accuracy	`99.7%`	`cmdb_cost_entry.u_mcp_accuracy_percent`
`aws_ce_total`	AWS Cost Explorer ground truth	`12345.67`	`cmdb_cost_entry.aws_ce_total`
`runbooks_total`	runbooks calculated total	`12346.12`	`cmdb_cost_entry.u_runbooks_total`
`discrepancy_amount`	Absolute difference	`0.45`	`cmdb_cost_entry.u_discrepancy_amount`
`discrepancy_percent`	% difference	`0.004%`	`cmdb_cost_entry.u_discrepancy_percent`
`verdict`	PASS / FAIL / INVESTIGATE	`PASS`	`cmdb_cost_entry.u_validation_verdict`

🧭 How This Data Becomes the CMDB¶

Downstream flow — raw cost data → CSDM cost center hierarchy → ServiceNow CMDB

This page's CSV exports are the first step in a 4-stage pipeline that lands in your cost-tracking CMDB:

flowchart LR
  A["raw/finops/*.csv<br/>(4 CSV files)"] -->|V1 ingest| B["tenants/b2b-energy/inputs/<br/>cost_hierarchy.csv"]
  B -->|V4 transform| C["_base/transforms/snow/<br/>cmdb_cost_entry.j2"]
  C -->|CSDM publish| D["(ServiceNow CMDB<br/>cmdb_cost_entry table)"]

The flow explained: - V1 (ingest): Raw CSVs are validated and deduplicated into unified cost hierarchy. - V4 (transform): The Jinja2 template transforms cost data into ServiceNow CMDB cost records (who paid what, when, under which business capability). - CSDM publish: Reconciliation script imports cost records into your ServiceNow instance for financial reporting + chargeback.

Data lineage authority: CC-ADR-014 (4-way cross-validation; V4 native-API is ground truth). Regulatory requirement: APRA CPS 230 §35 mandates monthly cost export before month-end close; these CSVs ARE that evidence.

🔧 SRE Detail¶

Prerequisites & Environment Variables

Before running the discovery commands, ensure your SSO session is active and you have Cost Explorer access configured:

aws sts get-caller-identity --profile $AWS_BILLING_PROFILE

# Expected output: Account ID, UserId, ARN of billing account

Required environment variables:

Variable	Value	Purpose
`AWS_BILLING_PROFILE`	Your AWS billing profile (required)	All Cost Explorer API calls must run against the billing account
`AWS_DEFAULT_REGION`	AWS region (e.g., `us-east-1`)	Region for cost analysis queries (Cost Explorer is region-agnostic, but convention is us-east-1)
`TENANT`	`b2b-energy` (default for output directory routing)	Output CSV files route to `tenants/b2b-energy/raw/finops/`

Important notes: - Cost Explorer API access is restricted to the billing account — no cross-account substitution. - Monthly cost data is finalized 3 days after month-end; prior months are locked for audit. - Pagination: Cost Explorer returns up to 100 items per page; runbooks CLI handles pagination automatically. - This is a READONLY operation; no account changes occur.

Common Issues & Troubleshooting

AccessDenied on Cost Explorer API - Verify profile is scoped to AWS billing account — this API is only available in the billing/management account - Check: aws sts get-caller-identity --profile $AWS_BILLING_PROFILE — Account ID should be your billing account - Grant user Cost Explorer read-only permissions (AWSBillingReadOnlyAccess IAM policy) - If you see "User is not authorized to call Cost Explorer", your IAM user role is missing the policy

Empty CSV (0 rows) - No cost for that service (OK — valid state; some accounts may not use S3 or RDS) - Anomaly detection: no spikes detected in period (OK — means spend is stable) - Orphan resources: all instances are active or recent (OK — no decommission candidates)

Cost variance >10% - Review cost-drops anomalies first (sudden spikes are usually single-service events) - Check for new instances/services launched (planned growth) - Verify tagging compliance — untagged resources may be billing to default cost center

Related commands (advanced FinOps scenarios)

For cost optimization beyond monthly analysis, these commands extend the toolkit:

# Savings Plans optimization (SP utilization + recommendation)
uv run runbooks finops optimize-savings-plans \
  --profile $AWS_BILLING_PROFILE

# Interactive FinOps dashboard (Vizro visualization service)
uv run runbooks finops vizro --port 8050
# Then open http://localhost:8050 for visual drill-down

These commands are optional for the monthly close process but highly recommended for roadmap planning (Savings Plans can save 20-30% on compute).

Last Updated: 2026-05-21 | Scope: READONLY AWS Cost Explorer API only — no mutations | Companion: finops/optimization.md for rightsizing runbooks.

For questions on cost allocation, anomaly response procedures, or CMDB integration, see CC-ADR-014 and the Command-Center FinOps documentation.