FinOps Settings

Configure FinOps for your cloud connections, including cost allocation tags and sync schedules.

Accessing Settings

Navigate to Settings > FinOps in the sidebar, or visit /settings/finops.

Prerequisites

Before configuring FinOps:

1. Cloud Connections: At least one AWS or Azure connection must be configured
2. Ultimate License: FinOps requires the Ultimate license tier
3. Admin Role: Only admins can configure FinOps settings

Cloud Connection Configuration

Viewing Connections

The settings page displays all cloud connections with their FinOps status:

Enabling FinOps

To enable FinOps on a cloud connection:

1. Find the connection in the list
2. Toggle Enable FinOps to ON
3. Wait for the configuration dialog to appear
4. Configure tag keys and options
5. Click Save

Disabling FinOps

To disable FinOps:

1. Toggle Enable FinOps to OFF
2. Confirm the action

Note: Disabling FinOps will stop data collection but preserve existing data.

Cost Allocation Tags

Why Tags Matter

Tags enable cost allocation for:

• Showback: Show costs to teams without charging
• Chargeback: Bill costs to departments/projects
• Analysis: Break down costs by dimension

Configuring Tag Keys

When enabling FinOps, specify which AWS/Azure tags to track:

Recommended Tags:
- Environment (dev, staging, prod)
- Project
- Team or Owner
- CostCenter
- Application

Tag Key Configuration

In the configuration dialog:

1. Enter tag key names (case-sensitive)
2. Add multiple tags using the "+" button
3. Remove tags using the "x" button
4. Order determines priority in reports

Provider-Specific Notes

AWS Tags:

• Must match Cost Allocation Tags enabled in AWS Billing Console
• User-defined tags require "user:" prefix in some contexts
• System tags (aws:*) are automatically available

Azure Tags:

• Tags must exist on resources
• Tag names are case-insensitive in Azure
• Subscription-level tags available automatically

AWS Configuration

Required IAM Permissions

The AWS IAM role/user needs these permissions for FinOps:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ce:GetCostAndUsage",
        "ce:GetCostForecast",
        "ce:GetAnomalies",
        "ce:GetAnomalyMonitors",
        "ce:GetDimensionValues",
        "ce:GetTags"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeVolumes",
        "rds:DescribeDBInstances",
        "s3:ListAllMyBuckets"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics"
      ],
      "Resource": "*"
    }
  ]
}

Cost Explorer Prerequisites

Ensure in AWS Billing Console:

1. Cost Explorer is activated
2. Cost Allocation Tags are enabled for desired tags
3. Hourly granularity is enabled (optional, for detailed analysis)

Azure Configuration

Required API Permissions

The Azure service principal needs:

Microsoft.CostManagement/query/action
Microsoft.CostManagement/dimensions/read
Microsoft.Compute/virtualMachines/read
Microsoft.Compute/disks/read
Microsoft.Insights/metrics/read

Cost Management Prerequisites

1. Cost Management must be enabled on the subscription
2. The service principal must have "Cost Management Reader" role
3. Export schedules (if using) must be configured

Sync Configuration

Sync Schedule

Configure how often cost data is synced:

Manual Sync

Trigger an immediate sync:

1. Click Sync Now on the connection
2. Or use the Sync Now button on the Overview page
3. Monitor progress in the sync progress indicator

Sync Data Range

Initial sync fetches up to 6 months of historical data:

• First sync may take 5-15 minutes
• Subsequent syncs only fetch new data
• Re-sync available if data issues occur

Data Management

Data Retention

FinOps data is retained according to these policies:

Data Cleanup

To remove FinOps data for a connection:

1. Disable FinOps on the connection
2. Contact support for complete data deletion

Troubleshooting

Connection Not Showing

1. Verify cloud connection is in "Connected" status
2. Check that you have admin role
3. Refresh the page

Sync Failures

1. Check cloud connection credentials are valid
2. Verify IAM permissions include Cost Explorer access
3. Check AWS/Azure service health
4. Review error message in sync history

No Tag Data

1. Verify tag keys are correctly spelled (case-sensitive)
2. Check tags are enabled in AWS Cost Allocation Tags
3. Wait for next sync to pick up changes
4. Verify resources have the expected tags

Permission Errors

1. Review IAM policy has all required permissions
2. Check for SCP (Service Control Policies) blocking access
3. Verify account/subscription is not in sandbox mode

API Access

# Get cloud connections with FinOps status
curl -X GET https://realm9.app/api/terraform/cloud-connections \
  -H "Authorization: Bearer $TOKEN"

# Enable FinOps on a connection
curl -X PATCH https://realm9.app/api/terraform/cloud-connections/{id} \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "finopsEnabled": true,
    "finopsConfig": {
      "costTagKeys": ["Environment", "Project", "Team"]
    }
  }'

# Trigger manual sync
curl -X POST https://realm9.app/api/finops/sync \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "cloudConnectionId": "connection-id"
  }'

Best Practices

Initial Setup

1. Start with your production AWS/Azure accounts
2. Configure the most important cost allocation tags
3. Run initial sync and verify data
4. Add additional accounts gradually

Tag Strategy

1. Use consistent tag names across all accounts
2. Keep tag key list to 5-10 important dimensions
3. Document tag values and owners
4. Enforce tagging via AWS Tag Policies or Azure Policy

Performance

1. Use daily sync for most use cases
2. Limit tag keys to reduce data volume
3. Use filters in Cost Explorer to improve query speed

Related Documentation

• FinOps Overview
• Cloud Connections
• Cost Explorer