FinOps: How to Cut Your Cloud Bill (Without Hurting Performance)
A practical FinOps guide to cloud cost optimization: rightsizing, reserved instances vs savings plans, killing cloud waste, and cutting your AWS and GCP bill — without hurting reliability.
The cloud bill is one of the easiest expenses to lose control of — and one of the easiest to cut, if you know where to look. FinOps isn’t penny-pinching; it’s the engineering discipline that ensures you pay only for what you actually need, and that every dollar of cloud spend maps to real business value. Done well, cloud cost optimization isn’t a one-time cleanup. It’s a continuous practice that pays for itself many times over.
This guide is the playbook we use when a client asks us to reduce cloud costs without a re-architecture project, a hiring freeze, or a degraded customer experience. It works whether you’re on AWS, GCP, or both. We’ll move from the fastest, lowest-risk wins to the deeper structural changes — and along the way, give you concrete percentage ranges so you can prioritize by impact, not by guesswork.
If you take nothing else from this article, take this: most cloud bills have 20–40% of pure waste in them, and a disciplined team can capture a large slice of that in the first 30 days without touching a single line of application code.
Why your cloud bill balloons
Before you can cut your AWS bill or rein in GCP spend, it helps to understand why cloud costs drift upward over time. The pattern is remarkably consistent across companies of every size:
- Over-provisioned resources. Instances, databases, and clusters are sized “just to be safe” during a launch or a load test — and then nobody ever scales them back. The safety margin becomes permanent. This is the single largest category of cloud waste we find.
- Forgotten resources (zombies). Unattached disks, idle load balancers, orphaned snapshots, reserved-but-unused IP addresses, dev environments from a project that shipped six months ago. Each one is small; together they’re a recurring tax.
- Unplanned data transfer (egress). Cross-AZ chatter, cross-region replication, NAT gateway throughput, and data leaving the cloud entirely. Egress is invisible in architecture diagrams and brutally visible on the invoice.
- Zero tagging and no cost allocation. You can’t cut what you can’t attribute. Without tags, the bill is one giant undifferentiated number, and every optimization conversation stalls on “wait, who owns this?”
- Default-everything. On-demand pricing for workloads that run 24/7. Standard storage for data nobody has read in a year. The largest managed-service tier “because it was the example in the docs.” Defaults are convenient and almost never cost-optimal.
- Growth outpacing governance. Engineering velocity is (rightly) prioritized over cost in a startup’s early days. But the habits formed then — spin up freely, never clean up — compound into a frightening bill at scale.
None of these are failures of competence. They’re the natural entropy of a fast-moving engineering org. FinOps is simply the counter-force: a deliberate, lightweight practice that keeps cloud spend aligned with value.
Quick wins vs deep cuts: prioritize by effort and impact
Not every lever is equal. Some take an afternoon and carry almost no risk; others require commitment forecasting or architectural change. Start at the top of this table and work down — capture the cheap wins before you negotiate the hard ones.
| Lever | Effort | Risk | Typical savings | Time to value |
|---|---|---|---|---|
| Delete idle / zombie resources | Low | Very low | 5–15% | Days |
| Schedule non-prod (scale-to-zero off-hours) | Low | Low | 10–30% of non-prod | Days |
| Rightsizing compute & databases | Medium | Low | 20–40% | 1–2 weeks |
| Storage lifecycle & tiering | Low–Medium | Low | 30–70% of storage | 1–2 weeks |
| Savings Plans / Reserved Instances / CUDs | Medium | Low–Medium | up to 50–72% on covered usage | 2–4 weeks |
| Autoscaling (right floor & ceiling) | Medium | Medium | 15–35% | 2–4 weeks |
| Reduce data transfer / egress | Medium–High | Medium | 5–25% | weeks |
| Tagging & cost allocation | Medium | Very low | Enables everything above | ongoing |
| Spot / Preemptible for fault-tolerant work | High | Medium–High | 60–90% on eligible workloads | weeks |
The pattern is clear: the quick wins (deleting waste, scheduling, rightsizing, storage tiering) are where you start because they’re low-risk and fast. The deep cuts (commitments, egress re-architecture, spot adoption) deliver larger or more durable savings but demand more analysis and cross-team buy-in.
Rightsizing: the fastest high-impact win
If you do exactly one thing this quarter, do rightsizing. The premise is simple: most cloud resources are dramatically larger than the workload running on them. We routinely find production fleets where the average instance sits at single-digit CPU utilization, paying for capacity that is never used.
What to rightsize, and how:
- Compute (EC2 / Compute Engine). Pull 14–30 days of CPU, memory, and network utilization. Anything consistently below ~40% CPU and ~50% memory at peak is a candidate to drop a size — or move to a more efficient instance family. On AWS, AWS Compute Optimizer generates rightsizing recommendations for free; on GCP, Recommender does the same. Modern Graviton (AWS) and the latest Compute Engine families often deliver 10–20% better price-performance for a near-trivial migration.
- Managed databases (RDS / Cloud SQL). Databases are commonly the most over-provisioned line item because teams fear performance regressions. Look at CPU, connections, IOPS, and the buffer cache hit ratio. Many production databases can drop an instance class with zero user-visible impact. Also check storage type — gp3 on AWS is cheaper and more flexible than gp2 for most workloads.
- Kubernetes. This is where waste hides in plain sight. Set realistic CPU/memory requests based on actual usage (not the copy-pasted defaults), enable the Vertical Pod Autoscaler in recommendation mode to right-size requests, and use bin-packing so nodes run dense. On GKE, Autopilot removes node-level waste entirely by billing for pod requests.
- Serverless. Right-size Lambda memory (which also sets CPU) using AWS Lambda Power Tuning — the cheapest configuration is often not the lowest memory setting, because higher memory finishes faster.
Rightsizing typically returns 20–40% on the compute portion of the bill, and it’s reversible: if you cut too far, you scale back up in minutes. That low downside is exactly why it should come first.
Commitments: reserved instances vs savings plans vs CUDs
Once your workloads are rightsized and stable, commitment-based discounts are the single biggest lever for durable savings. The cloud providers will sell you capacity at a steep discount in exchange for a 1- or 3-year commitment. The trap to avoid: committing before you rightsize, which locks in your waste.
Here’s the reserved instances vs savings plans decision, plus the GCP equivalent, in plain terms:
| Option | Cloud | Flexibility | Max discount | Best for |
|---|---|---|---|---|
| Savings Plans (Compute) | AWS | High — any region, instance family, EC2/Fargate/Lambda | up to ~66% | Most teams; default choice |
| Savings Plans (EC2 Instance) | AWS | Medium — locked to a family/region | up to ~72% | Very stable, known EC2 fleets |
| Reserved Instances | AWS | Low–Medium — specific instance attributes | up to ~72% | Legacy use; RDS/ElastiCache/Redshift still need RIs |
| Committed Use Discounts (CUDs) | GCP | Spend-based or resource-based | up to ~57–70% | Stable GCP compute & many services |
Practical guidance we give clients:
- Default to Compute Savings Plans on AWS. They cover EC2, Fargate, and Lambda and automatically apply to whatever you’re running, so a future instance-family migration doesn’t strand your commitment. The slightly lower discount versus EC2 Instance Savings Plans is usually worth the flexibility.
- Use Reserved Instances where Savings Plans don’t reach — notably RDS, ElastiCache, Redshift, and OpenSearch. These services still price commitments as RIs.
- On GCP, prefer spend-based CUDs for flexibility, and resource-based CUDs for very predictable, long-lived VMs. GCP also applies automatic Sustained Use Discounts with zero commitment, which stack on top of CUDs.
- Start conservative — commit to your baseline, not your peak. A good rule of thumb is to cover the stable 60–80% of your usage with commitments and let the variable top layer run on-demand or on spot. You can always buy more; you can’t easily unwind an over-commitment.
- Ladder your terms. Mixing 1-year and 3-year commitments balances maximum discount against the flexibility to adapt as your architecture evolves.
Done right, commitments routinely take 30–50% off the covered portion of compute — and unlike a one-time cleanup, that discount keeps paying every single month.
Storage lifecycle and tiering
Storage feels cheap per gigabyte, which is exactly why it sprawls. The savings here come from matching the storage class to how often data is actually accessed, and from deleting what nobody needs.
- Object storage tiering (S3 / Cloud Storage). Set lifecycle policies to transition data from hot tiers to cold ones as it ages: S3 Standard → Infrequent Access → Glacier / Glacier Deep Archive; on GCP, Standard → Nearline → Coldline → Archive. If your access patterns are unpredictable, S3 Intelligent-Tiering (and GCP’s Autoclass) moves objects automatically and removes the guesswork. Cold tiers can be 70%+ cheaper than standard storage.
- Delete incomplete multipart uploads and old versions. A lifecycle rule to abort incomplete multipart uploads after 7 days and to expire non-current object versions reclaims storage that’s invisible in the console but very present on the bill.
- Snapshot hygiene. Automated daily snapshots with no expiry policy are a classic slow leak. Set retention windows and delete orphaned snapshots whose source volumes are long gone.
- Block storage type and size. On AWS, migrate gp2 volumes to gp3 (cheaper, with independently tunable IOPS/throughput). Shrink wildly over-provisioned volumes. On GCP, choose the disk type (standard vs balanced vs SSD) that matches actual IOPS needs.
- Logs and observability data. Telemetry retention is a stealth cost center. Tier old logs to cheap object storage, set realistic retention, and sample high-volume debug logs in production.
Storage optimization frequently cuts the storage line item by 30–70%, and it’s almost entirely automatable through lifecycle rules — set it once, save forever.
Idle and zombie resources: kill the dead
Every cloud account accumulates resources that do nothing but bill. Hunting them down is the highest-return-per-hour work in FinOps because the savings are immediate and the risk is near zero — these resources are, by definition, not serving traffic.
A practical zombie checklist for AWS and GCP:
- Unattached block volumes (EBS / persistent disks) not connected to any instance.
- Idle load balancers with no healthy targets or near-zero request counts.
- Unassociated static IPs — AWS charges for Elastic IPs that aren’t attached to a running instance; GCP charges for reserved-but-unused external IPs.
- Orphaned snapshots and old machine images (AMIs) no longer referenced.
- Stopped instances still paying for storage — a stopped VM stops compute charges but keeps billing for its attached disks.
- Over-provisioned NAT gateways and idle VPN/Direct Connect/Interconnect links.
- Empty or abandoned Kubernetes clusters, dev namespaces, and forgotten managed-service instances (a single idle managed database or cache can be hundreds of dollars a month).
- Old non-production environments that outlived the feature they were built for.
Run this as a monthly audit — most providers’ cost tools and recommenders will surface idle resources automatically, and infrastructure-as-code makes it safe to delete and recreate on demand. This one habit alone typically reclaims 5–15% of a neglected bill.
Data transfer and egress: the silent line item
Data transfer is the cost almost nobody budgets for and everybody is surprised by. Compute and storage are visible in design reviews; egress is not. Yet it can quietly become one of the largest lines on a mature bill.
Where the money goes, and what to do:
- Cross-AZ traffic. Chatty services spread across availability zones pay per-GB for inter-AZ transfer. Co-locate tightly-coupled components, and be aware that some managed services bill cross-AZ traffic you didn’t realize was crossing zones.
- Cross-region replication. Multi-region is sometimes a hard requirement — but often it’s reflexive. Confirm you actually need it before paying for continuous cross-region transfer.
- Internet egress. Data leaving the cloud is the most expensive transfer of all. Put a CDN (CloudFront / Cloud CDN) in front of high-volume content so you serve from cache at lower egress rates and offload origin traffic.
- NAT gateway throughput. NAT gateways charge both hourly and per-GB processed. Route traffic to AWS services through VPC/Gateway endpoints to bypass the NAT data-processing charge entirely — this is a frequent, easy win.
- Public vs private endpoints. Traffic to managed services over public IPs can incur egress that private connectivity avoids. Prefer private endpoints and VPC peering for internal service-to-service traffic.
Egress optimization is more architectural than the other levers, so it sits lower on the priority list — but for data-heavy or media-heavy workloads it can deliver 5–25%, and a CDN often pays for itself on day one.
Autoscaling and scheduling: pay for demand, not for the peak
Static capacity sized for your busiest hour means you’re overpaying for the other twenty-three. Autoscaling and scheduling align spend with actual demand.
- Horizontal autoscaling. Configure autoscaling groups, Kubernetes HPA, and managed instance groups with a realistic floor (don’t pin a high minimum “to be safe”) and a sane ceiling. The floor is where the savings live — most teams set it far too high.
- Scale non-production to zero. Dev, staging, QA, and demo environments rarely need to run nights and weekends. A simple scheduler that shuts them down outside working hours cuts non-prod compute by 60–70% — and non-prod is often a third of the total bill. This is one of the highest-ROI changes available and carries essentially no production risk.
- Cluster autoscaling and bin-packing. Let the cluster autoscaler add and remove nodes with demand, and pack pods densely so you’re not paying for half-empty nodes.
- Spot / Preemptible / Spot VMs for fault-tolerant work. Batch jobs, CI runners, data pipelines, and stateless workers can run on spare capacity at 60–90% off on-demand. The catch is interruption: design for graceful handling, mix spot with on-demand for a stable base, and keep stateful or latency-critical services off spot. Done carefully, this is the single deepest discount in the cloud.
Tagging and cost allocation: the foundation
Everything above depends on one boring prerequisite: you have to know where the money goes. Without consistent tagging, cost optimization is a guessing game and accountability is impossible.
- Define a minimal tagging standard and enforce it:
environment,team(or cost-center/owner),service/application, andproject. Four well-governed tags beat twenty inconsistent ones. - Enforce tags at creation, not after the fact. Use AWS tag policies / Service Control Policies, GCP organization policies, and infrastructure-as-code so untagged resources can’t be created in the first place.
- Use the native allocation tools. AWS Cost Categories and cost allocation tags, GCP labels and billing export — these turn one opaque number into a per-team, per-service breakdown.
- Allocate shared costs fairly (networking, shared clusters, observability) so each team sees the true cost of what they run. Visibility changes behavior faster than any mandate.
Tagging saves no money directly — but it’s the substrate that makes every other lever measurable, attributable, and durable. Skip it and your savings will quietly erode within two quarters.
Observability of spend: budgets, anomalies, and showback
The final piece is making cost visible and continuous rather than a quarterly fire drill.
- Set budgets and alerts. AWS Budgets and GCP Budgets & Alerts notify you when spend crosses thresholds — ideally before the month closes, not after. Alert on forecasted overspend, not just actual, so you have time to react.
- Turn on anomaly detection. AWS Cost Anomaly Detection and GCP’s anomaly insights catch a misconfigured job or a runaway service within hours instead of at invoice time. A single forgotten
while trueloop hitting a paid API can ruin a month. - Build a cost dashboard the whole team sees. AWS Cost Explorer, GCP’s billing dashboards, or a shared BI view fed by billing export. Trend by service and by team, and review it in a regular cadence.
- Practice showback (or chargeback). When each team sees the cost of what they ship, optimization becomes everyone’s job, not a central team’s chore. This cultural shift is what separates teams that stay optimized from teams that re-balloon six months after a cleanup.
FinOps is a culture, not a one-off project
Here’s the uncomfortable truth behind every cloud-cost success story: the real savings don’t come from a heroic one-time cleanup. They come from ongoing discipline. A team can cut 30% in a sprint and give it all back within two quarters if cost never re-enters the conversation.
The teams that keep their cloud spend under control treat cost as a first-class engineering concern: budgets and anomaly alerts are wired up, cost shows up in architecture reviews next to latency and reliability, commitments are reviewed quarterly against actual usage, and someone owns the number. When cost is a factor from day one of every design decision, the bill stops surprising you — and cloud cost optimization stops being a project and becomes simply how you operate.
This is the heart of FinOps: not cutting corners, but building the feedback loops that keep spend honest as you grow.
How much can you actually save?
It depends heavily on the starting point, but the ranges are consistent:
- A neglected, never-optimized environment commonly has 30–50% of recoverable savings.
- A reasonably managed environment that hasn’t done a focused pass usually still has 15–25% on the table.
- Even a well-run shop benefits from refreshing commitments and clearing newly-accumulated waste — often 5–10% annually.
The less managed the cloud, the bigger the upside — and crucially, none of this requires hurting performance or reliability. Rightsizing to real usage, deleting things that do nothing, and buying capacity you were going to use anyway at a discount improves operational hygiene while it cuts the bill.
How to start
Start with an assessment: a clear picture of where the money goes and what you can cut fast. The first 30 days should focus on the quick wins — kill the zombies, schedule non-prod, rightsize the obvious offenders, and set lifecycle policies. The next 60 should layer in commitments, autoscaling, and the tagging and observability foundation that keeps the savings from eroding.
In our cloud consulting practice we run exactly this: a focused FinOps audit across your AWS and GCP footprint, a prioritized list of savings ranked by effort and impact, and the guardrails — budgets, tagging, anomaly alerts — that build a lasting cloud cost optimization culture rather than a one-off cleanup. If you’re early-stage and want to bake good habits in before the bill balloons, our guide to DevOps for startups and our cloud migration guide are good companions to this one.
Want to know how much you could save? Book a free intro call — we’ll look at your bill together and tell you, honestly, where the biggest wins are.
Frequently asked questions
What is FinOps, in one sentence? FinOps is the practice of bringing financial accountability to the variable, on-demand spending model of the cloud — a continuous collaboration between engineering, finance, and product so that every dollar of cloud spend maps to business value. It’s about making informed trade-offs at speed, not just cutting costs.
How quickly can I reduce my cloud costs? The quick wins — deleting idle resources, scheduling non-production environments off-hours, and basic rightsizing — can land within days to two weeks and often recover 15–30% with very low risk. Deeper levers like commitments and egress re-architecture take a few weeks but deliver more durable savings. A focused 30-day push almost always pays for itself.
Reserved instances vs savings plans — which should I choose? For most AWS workloads, start with Compute Savings Plans: they apply across EC2, Fargate, and Lambda and survive instance-family changes, so they won’t strand your commitment. Use Reserved Instances where Savings Plans don’t reach — RDS, ElastiCache, Redshift, and OpenSearch still price commitments as RIs. On GCP, the equivalent is Committed Use Discounts, with spend-based CUDs offering the most flexibility.
Will cutting cloud costs hurt performance or reliability? Done correctly, no — and it often improves operational hygiene. Rightsizing targets capacity you’re not using, deleting zombies removes things that serve no traffic, and commitments simply discount usage you already have. The key is to be data-driven (rightsize from real utilization, not hunches) and to keep changes reversible. Spot instances and aggressive autoscaling floors are the only levers that carry real risk, and those apply only to fault-tolerant workloads.
How is GCP cost optimization different from cutting an AWS bill? The principles are identical — rightsizing, commitments, storage tiering, killing waste — but the mechanics differ. GCP adds automatic Sustained Use Discounts (no commitment required) and per-second billing, its commitments are CUDs rather than RIs/Savings Plans, and GKE Autopilot removes node-level waste by design. AWS gives you more granular commitment options and a deeper spot market. A solid cloud cost optimization practice covers both with the same discipline.
Do I need a dedicated FinOps team to do this? No. Early-stage and mid-size companies get most of the value from a lightweight practice: one owner of the number, budgets and anomaly alerts wired up, a tagging standard enforced in code, and cost on the agenda in architecture reviews. A dedicated team makes sense at scale, but the culture — cost as a shared engineering concern — matters far more than the headcount. If you’d rather not build it from scratch, that’s exactly the kind of thing we set up in a short engagement; let’s talk.