Skip to main content
Open Source Free MIT License

FinOps Guardian

Cloud bills keep climbing, but finding what's actually wasted across AWS and GCP accounts is like searching for needles in a multi-region haystack.

View on GitHub Get Production Help

Multi-cloud cost optimization that finds waste before your CFO does

FinOps Guardian is a free, open-source cost governance toolkit for AWS and GCP. It automatically detects idle resources, provides cost-saving recommendations, and cleans up unused infrastructure. Deployed with Terraform, it runs serverlessly on Lambda and Cloud Functions. Available on GitHub at github.com/cloudon-one/FinOps-Guardian.

Core Features

AWS Resource Cleanup

Automated Lambda-based tool that identifies and removes unused AWS infrastructure across multiple regions.

  • Scans EC2, EBS, EIPs, ALBs, RDS, EKS, Kinesis, MSK, OpenSearch
  • Operates across 7+ configurable AWS regions
  • Dry-run mode for safe evaluation before deletion
  • Scheduled nightly via CloudWatch Events

GCP FinOps Recommender

Serverless Cloud Functions solution that leverages GCP's Recommender API for cost optimization.

  • Detects 10 recommender types: idle VMs, disks, IPs, SQL
  • Right-sizing for VM instances and Managed Instance Groups
  • Organization-level and project-level scanning
  • Cost impact metrics with configurable thresholds

Real-Time Notifications

Stay informed with automated alerts delivered to your team's preferred channels.

  • Slack integration with cost impact details
  • Email reports via AWS SES
  • Configurable alert thresholds
  • Comprehensive audit trails

How It Works

01

Deploy with Terraform

Use the provided Terraform modules to deploy FinOps Guardian in your AWS and GCP environments.

02

Automated Scanning

Serverless functions run on schedule, scanning your cloud accounts for idle and underutilized resources.

03

Review Recommendations

Receive Slack notifications and email reports with cost-saving opportunities and their estimated impact.

04

Act on Insights

Use dry-run mode to preview cleanup actions, then enable automated resource removal when ready.

Why Choose FinOps Guardian?

Immediate Cost Savings

Identify and eliminate cloud waste automatically across both AWS and GCP, reducing your monthly spend.

Zero-Touch Operations

Serverless architecture means no infrastructure to manage. Scheduled scans run automatically without manual intervention.

Cross-Cloud Visibility

Unified approach to cost optimization across AWS and GCP, eliminating the need for multiple tools.

Safe by Default

Dry-run mode, tag-based resource preservation, and spot instance protection ensure critical resources are never touched.

Tech Stack

Python 3.12 Terraform AWS Lambda GCP Cloud Functions Slack API AWS SES CloudWatch Cloud Scheduler

Frequently Asked Questions

What cloud providers does FinOps Guardian support?
FinOps Guardian supports both Amazon Web Services (AWS) and Google Cloud Platform (GCP), providing unified cost optimization across both environments.
Is FinOps Guardian free to use?
Yes, FinOps Guardian is fully open source under the MIT license. You deploy it in your own cloud accounts, and the serverless functions have negligible execution costs.
How does FinOps Guardian detect idle resources?
On AWS, it scans for resources with low utilization or no attached workloads using AWS APIs. On GCP, it leverages Google's built-in Recommender API to identify idle VMs, disks, IPs, and databases.
Can I try it without deleting anything?
Absolutely. The AWS resource cleanup includes a dry-run mode that reports what would be removed without taking any action. You can review the report before enabling automated cleanup.
What programming language is FinOps Guardian written in?
FinOps Guardian is written in Python 3.12. The GCP module has 92% test coverage with pytest.

From the Blog

Cut GCP Costs on Autopilot: Meet the CloudOn GCP FinOps Guardian

A serverless solution that harnesses Google Cloud's Recommender API to pinpoint cost savings and optimization opportunities across your entire GCP organization.

GCP FinOps Cost Optimization Cloud Functions
Read article

Slash Your AWS Costs with CloudOn AWS FinOps Guardian: The Ultimate Guide

The ultimate guide to using CloudOn's AWS FinOps Guardian for automated resource cleanup, idle resource detection, and cloud cost optimization across AWS regions.

AWS FinOps Cost Optimization Lambda
Read article

Other CloudOn Tools

Multi-Cloud Runway

Multi-Cloud Runway is a free, open-source infrastructure template providing security-hardened landing zones for AWS and GCP. It sets up multi-account environments with networking, IAM, security monitoring, and compliance via Terraform/Terragrunt. Available on GitHub at github.com/cloudon-one/multi-cloud-runway.

Learn more

KubeLaunch

KubeLaunch Essentials is a free, open-source Kubernetes platform with integrated security, observability, and service mesh. It deploys a security-hardened EKS cluster via Terraform/Terragrunt with ArgoCD, Kyverno, Falco, Istio, and Kubecost pre-configured. Available on GitHub at github.com/cloudon-one/kubelaunch-essentials.

Learn more

SecureOps

SecureOps is a free, open-source GitHub Action that performs automated security scanning on repositories. It detects secrets, vulnerabilities, and misconfigurations using Gitleaks, Trivy, and OSV-Scanner. Generates multi-format reports and integrates with GitHub Security tab. Available on GitHub at github.com/cloudon-one/git-security-scanner-public.

Learn more

Run FinOps Guardian in your environment.

Clone the repo and deploy with Terraform — or book an engineering call for hands-on help adapting it to your stack.

View on GitHub Book an Engineering Call