AWS FinOps Agent is now in public preview and it does something genuinely time-saving: it correlates cost anomalies with CloudTrail events automatically, so your ops team isn't spending three hours manually hunting through Cost Explorer to find out why the bill jumped $4,200 last Tuesday. For a D2C engineering team with no dedicated FinOps lead, that's a real workflow change.
But the first thing we'd tell any D2C team enabling it is this: write the organizational context files before you turn on automation prompts. Without them, the agent doesn't know which idle resources in your account are intentional — and on a D2C AWS setup, many of them are.
Building an AWS setup for a D2C brand with no FinOps lead? Book a 30-min audit — Dev joins every call, we bring the account-context questions, you leave with a written brief. No SDR layer.
What AWS FinOps Agent Does in Public Preview
The FinOps Agent draws from four AWS data sources: Cost Explorer, Cost Anomaly Detection, Cost Optimization Hub, and Compute Optimizer. It then does four things your team would otherwise do manually:
- Anomaly investigation: when a cost spike is detected, the agent correlates the timing and magnitude against CloudTrail events to find a likely cause. Instead of "ECS costs up 23%," you get "ECS costs up 23% following a deployment at 14:32 UTC on June 8 that scaled the task count from 4 to 12."
- Natural language cost inquiries: engineers can ask plain-English questions — "what drove the RDS cost increase last week?" — and get a structured answer sourced from Cost Explorer data.
- Scheduled reports: HTML, PDF, or PPT output on a cadence you define. Useful for a weekly FinOps standup or a monthly stakeholder brief.
- Optimization ticket creation: the agent aggregates recommendations from Cost Optimization Hub and Compute Optimizer — the same idle-resource signals we detailed in our post-peak Compute Optimizer audit — and creates actionable tickets directly in Jira or Slack, filtered by threshold and team.
It is available in US East (N. Virginia) during preview, free for the preview period with monthly usage limits, though the underlying AWS services (CloudTrail, Cost Explorer, Compute Optimizer) bill at standard rates.
Why the Organizational Context Files Are the Actual Work
The feature that makes FinOps Agent useful for a real D2C environment — rather than a clean demo account — is the organizational context file. It is where you tell the agent things AWS has no way to infer:
- Account purpose map: which AWS account is production, which is staging, which is the ML experiments sandbox your data team spun up during BFCM prep.
- Team-to-tag mapping: which
team:orproject:tag belongs to which squad — so optimization tickets route to the right Slack channel or Jira board, not a general queue nobody watches. - Tagging conventions and exceptions: the list of resources that look idle but aren't — a post-BFCM ElastiCache cluster running in standby for the next major campaign, a pre-provisioned RDS read replica that isn't serving traffic until a migration completes.
AWS documents these context files, but the docs are written for an enterprise with a FinOps team who manages the context file as a living artifact. Most D2C brands don't have that. What they have is a 3-account AWS setup — prod, staging, data — tagged inconsistently, with no written record of which idle resources are intentional.
What Happens When the Context File Is Empty
A $7M beauty brand on three AWS accounts came to us after their first week with FinOps Agent enabled. The agent had generated 14 optimization recommendations. Their ops lead reviewed all 14 and actioned exactly 3.
The other 11 were either:
- Resources in their staging environment flagged as underutilized — intentionally low traffic, not abandoned
- A MemoryDB cluster the data team provisioned for a project that was on a two-week pause
- An ElastiCache node running in standby for a promotion campaign three weeks out
- A SageMaker endpoint their ML engineer had deliberately left warm during active model iteration
None of those were waste. But to the FinOps Agent without a context file, they all read as idle. The ops lead's response was to stop reading the ticket queue — not because the agent was broken, but because the signal-to-noise ratio was low enough that checking it stopped being worth the time.
After we spent roughly two hours with them building out a context file — account purpose map, team-tag mappings, 9 explicit exception entries — the next week's recommendations were 3 tickets. All 3 were actioned within 5 business days. The cost of writing the context file was two hours. The cost of skipping it was a week of ignored recommendations and a team that had mentally filed FinOps Agent under "doesn't work."
This is the configuration gap the AWS documentation doesn't walk through. We've run this account-context audit across 20+ D2C AWS setups — if you want our template and the exception-list patterns that work for a multi-account D2C stack, grab 30 minutes. Written brief inside a week, no slide deck.
The Three-Part Context File for a D2C Multi-Account Setup
The organizational context file AWS FinOps Agent accepts is a plain-text document you upload through the agent configuration console. Here is the three-part structure that works for a typical D2C brand.
Part 1: Account purpose map
Account 123456789012 (prod): Live production. Includes RDS (orders, inventory),
ECS services (API, Shopify webhook handler), ElastiCache (session cache).
Resources here are not candidates for right-sizing without explicit review.
Account 987654321098 (staging): Staging and QA. EC2 instances intentionally
sized below prod. Periodic idle periods are expected — do not flag
underutilized EC2 as waste.
Account 111222333444 (data-ml): Data pipeline and ML experiments. SageMaker
endpoints may sit idle for days between training runs. Treat idle SageMaker
endpoints as pending-evaluation unless tagged project:abandoned.Part 2: Team-to-tag mapping
tag: team:backend -> Jira: ENG, Slack: #aws-infra
tag: team:data -> Jira: DATA, Slack: #data-platform
tag: team:devops -> Jira: OPS, Slack: #aws-ops
No team tag present -> route to #aws-ops by defaultThis determines whether the optimization ticket lands in front of someone who can action it or in a general channel nobody checks. On the D2C stacks we work on, routing gaps are the second-most common reason FinOps recommendations go ignored — right after noise volume.
Part 3: Exception list
Resource: elasticache-cluster-campaign-standby
Reason: Session cache kept warm for next campaign. Do not flag as idle.
Tag pattern: env:staging AND instance_type contains r5.large
Reason: Staging DB mirrors prod sizing for schema migration testing.
Expected to right-size post-migration.
Resource: sagemaker-endpoint-sku-classifier-v3
Reason: Kept warm during active model iteration. Review on project completion.Nine to fifteen exception entries is typical for a D2C brand in the $5–15M GMV range. More than that usually signals that the tagging strategy needs attention before the agent can operate reliably.
CloudTrail Coverage Is a Prerequisite
The anomaly-correlation feature — the one that links a cost spike to a specific CloudTrail event — only works if CloudTrail is logging in the account where the anomaly occurred. Many D2C brands have CloudTrail enabled only in their production account, because that's where the compliance requirement first appeared.
If your staging or data account has a cost spike, the FinOps Agent can detect it through Cost Anomaly Detection, but it can't correlate the cause — there's no CloudTrail trail to read. The investigation falls back to manual, which defeats the point of enabling the agent in the first place.
Before enabling the FinOps Agent across all three accounts, confirm CloudTrail is logging in each. The cost is minimal: S3 storage for log files, typically $3–8 per month per account at D2C traffic volumes. Our AWS consulting work includes CloudTrail configuration across all accounts as a baseline — it's one of the first checks in any account audit.
Setting the Automation Prompts for a D2C Post-Peak Environment
Once the context file is in place, the automation prompt configuration controls what actually triggers a ticket. For a D2C brand coming out of peak season, here's what we'd set:
- Anomaly threshold: trigger investigation only for anomalies 15% or more above the 4-week trailing average. The first two weeks post-BFCM are noisy as traffic normalizes; a 10% threshold fires constantly on legitimate traffic decline.
- Optimization ticket filter: surface recommendations only where projected monthly savings are $50 or more per resource. Below that, the ops overhead of reviewing the ticket exceeds the savings.
- Staging account suppression: disable optimization tickets for the staging account for 30 days post-peak while the team right-sizes intentionally and on their own schedule.
Jira and Slack routing can be event-triggered (anomaly detected means an immediate Slack message to #aws-ops) or scheduled (a daily digest to Jira with the prior day's recommendations). For most D2C teams without a dedicated on-call FinOps person, the scheduled digest is less disruptive than real-time pings for every anomaly.
The FinOps Agent sits one layer above the individual tools it draws from. If you've already been using Cost Explorer's Amazon Q integration — which we covered in detail in our billing-spike investigation post — FinOps Agent is the automation layer that runs those investigation flows on a trigger rather than on demand.
Frequently Asked Questions
How is AWS FinOps Agent different from Cost Anomaly Detection?
Cost Anomaly Detection finds the anomaly and sends an SNS alert. FinOps Agent takes that anomaly, correlates it with CloudTrail events, generates a likely-cause explanation, and routes an actionable ticket to the team that owns the resource. The detection is the same; the investigation step and the routing to Jira or Slack are what the agent adds. For a team already using Cost Anomaly Detection, enabling FinOps Agent doesn't replace the existing alerts — it adds a structured investigation and routing layer on top of them.
Can AWS FinOps Agent work across multiple AWS accounts?
Yes. FinOps Agent supports multi-account setups through AWS Organizations. The organizational context file applies across accounts, which is exactly why the account purpose map matters — without it, the agent treats all accounts as structurally equivalent and generates recommendations for staging environments at the same priority as production. Setting up the agent through your management account in AWS Organizations lets you scope it to member accounts selectively, so you can roll it out to production first, verify the context file is working, then extend to staging and data accounts.
What is the current region limitation for AWS FinOps Agent?
During public preview, FinOps Agent must be deployed in US East (N. Virginia). If your primary workloads run in us-west-2 or eu-west-1, the agent can still query Cost Explorer data across those regions — Cost Explorer is a global service — but the agent itself runs in us-east-1. The anomaly investigation and Jira or Slack routing work across regions; only the agent deployment location is currently restricted to us-east-1.
About the author
Founder & CEO, Braincuber Technologies
Founder and CEO of Braincuber. Has scoped and shipped 500+ Odoo, AI, and cloud projects for US mid-market and global brands. Takes every founder call personally — no SDR layer between buyers and the people building the system.