Automating FinOps Infrastructure with Terraform for T2S Services
Introduction
As cloud adoption scales, cost optimization becomes crucial for organizations to maintain financial efficiency while leveraging cloud resources effectively. FinOps (Financial Operations) provides a structured framework to optimize cloud spending while maintaining agility, performance, and security.
At T2S Services, we have automated FinOps infrastructure on AWS using Terraform, ensuring consistency across development (dev), staging (stage), and production (prod) environments.
Key Benefits of This Automation:
- Track and optimize AWS costs using AWS Budgets, Cost Anomaly Detection, and Cost Explorer.
- Automate cost alerts with Amazon SNS notifications.
- Enforce governance and best practices with Infrastructure as Code (IaC).
- Secure Terraform state files using an S3 backend with DynamoDB lock for team collaboration.
By implementing this modular Terraform approach, T2S Services ensures cost efficiency, scalability, and governance across all cloud environments.
Note: Let me know if you encounter any issues with the scripts.
Project Structure
To maintain modularity and scalability, we structured our Terraform project as follows:
t2s-finops/
│── modules/
│ ├── backend/
│ ├── sns_alerts/
│ ├── aws_budgets/
│ ├── cost_anomaly/
│ ├── cost_explorer/
│── environments/
│ ├── dev/
│ ├── stage/
│ ├── prod/
│── README.mdEach environment (dev, stage, prod) contains:
- backend.tf — Defines remote backend storage.
- providers.tf — Specifies AWS provider settings.
- versions.tf — Defines required Terraform versions.
- terraform.tfvars — Holds environment-specific variables.
Step 1: Setting Up the Terraform Backend (S3 & DynamoDB)
To ensure state consistency across teams, we store Terraform state files in an S3 bucket and enable state locking with DynamoDB. Create the following files with the appropriate scripts.
backend/main.tf
resource "aws_s3_bucket" "terraform_state" {
bucket = var.s3_bucket_name
acl = "private"
versioning {
enabled = true
}
lifecycle {
prevent_destroy = true
}
}
resource "aws_dynamodb_table" "terraform_locks" {
name = var.dynamodb_table_name
billing_mode = "PAY_PER_REQUEST"
hash_key = "LockID"
attribute {
name = "LockID"
type = "S"
}
}backend/variables.tf
variable "s3_bucket_name" { type = string }
variable "dynamodb_table_name" { type = string }backend/outputs.tf
s3_bucket_name = "t2s-finops-terraform-state"
dynamodb_table_name = "t2s-finops-terraform-locks"Step 2: Setting Up SNS Alerts for Cost Monitoring
AWS SNS is used to send email alerts when cost thresholds are exceeded. Create the following files with the appropriate scripts.
sns_alerts/main.tf
resource "aws_sns_topic" "billing_alerts" {
name = var.sns_topic_name
}
resource "aws_sns_topic_subscription" "email_subscription" {
topic_arn = aws_sns_topic.billing_alerts.arn
protocol = "email"
endpoint = var.alert_email
}sns_alerts/variables.tf
variable "sns_topic_name" { type = string }
variable "alert_email" { type = string }sns_alerts/outputs.tf
output "sns_topic_arn" { value = aws_sns_topic.billing_alerts.arn }sns_alerts/terraform.tfvars
sns_topic_name = "t2s-cost-alerts"
alert_email = "info@transformed2succeed.com"Step 3: Setting Up AWS Budgets for Cost Control
AWS Budgets enables real-time cost tracking and proactive cost control. Create the following files with the appropriate scripts.
aws_budgets/main.tf
resource "aws_budgets_budget" "t2s_budget" {
name = var.budget_name
budget_type = "COST"
limit_amount = var.budget_limit
limit_unit = "USD"
time_period_start = "2024-01-01_00:00"
time_period_end = "2024-12-31_23:59"
}aws_budgets/variables.tf
variable "budget_name" { type = string }
variable "budget_limit" { type = number }aws_budgets/outputs.tf
output "budget_id" { value = aws_budgets_budget.t2s_budget.id }Step 4: Configuring Cost Anomaly Detection
AWS Cost Anomaly Detection monitors unusual spending patterns. Create the following files with the appropriate scripts.
cost_anomaly/main.tf
resource "aws_ce_anomaly_detection" "cost_anomaly" {
name = var.anomaly_name
threshold = var.anomaly_threshold
}cost_anomaly/variables.tf
variable "anomaly_name" { type = string }
variable "anomaly_threshold" { type = number }cost_anomaly/outputs.tf
output "anomaly_id" { value = aws_ce_anomaly_detection.cost_anomaly.id }Step 5: Configuring AWS Cost Explorer
AWS Cost Explorer provides detailed cloud cost insights. Create the following files with the appropriate scripts.
cost_explorer/main.tf
resource "aws_cur_report_definition" "cost_report" {
report_name = var.report_name
}cost_explorer/variables.tf
variable "report_name" { type = string }cost_explorer/outputs.tf
output "cost_explorer_id" { value = aws_cur_report_definition.cost_report.id }Step 6: Configuring Environment-Specific Deployments
Each environment (dev, stage, prod) has its own Terraform configuration. Create the following files with the appropriate scripts.
environments/dev/backend.tf
terraform {
backend "s3" {
bucket = "t2s-finops-terraform-state"
key = "dev/terraform.tfstate"
region = "us-east-1"
dynamodb_table = "t2s-finops-terraform-locks"
}
}environments/dev/providers.tf
provider "aws" { region = "us-east-1" }environments/dev/terraform.tfvars
budget_name = "T2S-Dev-Budget"
budget_limit = 1000
anomaly_name = "T2S-Dev-Cost-Anomaly"
anomaly_threshold = 500
report_name = "T2S-Dev-Cost-Report"
sns_topic_name = "T2S-Dev-Billing-Alerts"
alert_email = "info@transformed2succeed.com"Cleanup Steps
To remove the infrastructure, execute:
cd environments/dev
terraform destroy -auto-approve
cd ../stage
terraform destroy -auto-approve
cd ../prod
terraform destroy -auto-approveTo delete backend resources:
cd modules/backend
terraform destroy -auto-approveTo clean up local files:
rm -rf .terraform terraform.tfstate*Conclusion
This Terraform-based FinOps automation empowers T2S Services to:
• Monitor and optimize AWS costs with budgets and anomaly detection.
• Receive real-time cost alerts via SNS.
• Enforce cost governance across environments.
• Secure Terraform state with an S3 backend and DynamoDB lock.
By leveraging AWS Budgets, Cost Explorer, SNS, and Terraform, T2S Services ensures real-time cost efficiency, governance, and automation in a scalable cloud environment.
