finops-anomaly-intelligence
by appugouda ai
Turn AWS billing mysteries into 10-minute root cause reports by correlating cost spikes with engineering events.
- Identify the specific GitHub PR or Jira ticket that caused an AWS cost spike
- Quantify the annual financial impact of unoptimized cloud infrastructure
- Generate a weekly 'Cost Story' digest for engineering leadership
Free
One-time purchase · Own forever
Included in download
- Downloadable skill package
- Works with Claude Code
- 3 permissions declared
See it in action
HYPOTHESIS #1 [Confidence: HIGH | 87%] Root Cause: PR #4821 (@platform-team) removed S3 VPC Endpoint. Evidence: NatGatewayBytesOut +340% at 14:22 UTC matches PR merge time. Cost Delta: +$2,403 over 5 days. Monthly Projection: $18,240. Remediation: Re-add aws_vpc_endpoint.s3 to Terraform config.
finops-anomaly-intelligence
by appugouda ai
Turn AWS billing mysteries into 10-minute root cause reports by correlating cost spikes with engineering events.
Free
One-time purchase · Own forever
⚡ Also available via Agensi MCP — your AI agent can load this skill on demand via MCP. Learn more →
Included in download
- Downloadable skill package
- Works with Claude Code
- 3 permissions declared
- Instant install
See it in action
HYPOTHESIS #1 [Confidence: HIGH | 87%] Root Cause: PR #4821 (@platform-team) removed S3 VPC Endpoint. Evidence: NatGatewayBytesOut +340% at 14:22 UTC matches PR merge time. Cost Delta: +$2,403 over 5 days. Monthly Projection: $18,240. Remediation: Re-add aws_vpc_endpoint.s3 to Terraform config.
About This Skill
What it does
FinOps Anomaly Intelligence is a root-cause analysis engine designed to investigate and resolve AWS cost spikes. It moves beyond simple alerts by cross-correlating AWS billing data (CUR/Cost Explorer) with engineering activities across GitHub, Jira, CloudWatch, and PagerDuty. At a high level, it detects the anomaly window, identifies impacted services, ranks root-cause hypotheses with confidence scores, and quantifies the "cost of inaction."
Why use this skill
Standard AWS alerts tell you that you spent too much, but they don't tell you why. Manually tracing a $10k spike through CloudTrail logs and PR history can take hours. This skill reduces that to 10 minutes. It is better than simple prompting because it uses a structured sequence of data extraction and correlation scripts to provide proof-based answers, not just hallucinations. It ensures developers see the financial impact of their code changes in real-time.
Supported tools
- Cloud: AWS (Cost Explorer, CUR, CloudWatch)
- VCS/Task Management: GitHub Enterprise, Jira REST API
- Observability/Ops: PagerDuty, Slack API
- Frameworks: Boto3, Pandas, Python 3.10+
What the output looks like
The skill produces structured JSON data for workflows and human-readable Markdown reports. This includes a ranked Hypothesis Report linking specific PRs to dollar amounts, a Cost of Inaction table for executive reporting, and a pre-formatted Jira ticket ready for assignment to the responsible engineering team.
📖 Learn more: Best DevOps & Deployment Skills for Claude Code →
Use Cases
- Identify the specific GitHub PR or Jira ticket that caused an AWS cost spike
- Quantify the annual financial impact of unoptimized cloud infrastructure
- Generate a weekly 'Cost Story' digest for engineering leadership
- Automatically draft Jira remediation tickets assigned to responsible dev teams
- Correlate CloudWatch scaling events with unexpected billing anomalies
Known Limitations
- **AWS Cost Explorer granularity**: Cost Explorer data is available at daily granularity minimum. Sub-daily (hourly) anomaly detection requires direct CUR + Athena setup, which needs additional configuration per `references/aws-cur-guide.md`. - **Hypothesis accuracy depends on integration coverage**: Without GitHub and Jira credentials configured, hypotheses are generated from CloudWatch alone and will be marked LOW confidence. Manual validation is required. - **Tag attribution requires tagging discipline**: Resources without the required tags (team, env, service) cannot be team-attributed. The skill includes a tag coverage audit to surface gaps, but retroactive attribution is not possible. - **No real-time streaming**: The skill operates on batch data (pulled on-demand). It does not run as a persistent daemon or streaming pipeline. For continuous monitoring, pair with AWS Cost Anomaly Detection + SNS to trigger the skill on alerts. - **Multi-account requires payer access**: For AWS Organizations, credentials for the management (payer) account are needed to aggregate across linked accounts. Linked account-only credentials limit scope to a single account. - **Jira/GitHub rate limits**: High-volume repositories or dense Jira projects may hit API rate limits on large correlation windows (>90 days). Use smaller windows or paginate manually. - **Historical data window**: Cost Explorer API supports up to 12 months of historical data. CUR via Athena supports the full CUR retention period (configurable, typically 12–36 months). - **Not a billing replacement**: This skill does not replace AWS Cost Explorer, Kubecost, CloudHealth, or other dedicated FinOps platforms. It augments them with automated root-cause correlation.
How to Install
unzip finops-anomaly-intelligence.zip -d ~/.claude/skills/Reviews
No reviews yet — be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
No reviews yet — be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
Allowed Hosts
File Scopes
### AWS IAM Permissions Attach the FinOps read-only policy defined in `references/integration-patterns.md` to your AWS IAM user or role. Minimum required: `ce:GetCostAndUsage`, `cloudwatch:DescribeAlarmHistory`. ## Security Notes - Never log or emit AWS account IDs, IAM ARNs, or API keys in output files. - CUR S3 bucket access requires IAM role with `cur:DescribeReportDefinitions` and `s3:GetObject` on the CUR bucket — least-privilege only. - Jira/GitHub tokens: read via env vars (`JIRA_TOKEN`, `GITHUB_TOKEN`) — never hardcode. - Slack webhook URLs: store in AWS Secrets Manager or `.env` (gitignored).
Claude Code
Creator
Frequently Asked Questions
Learn More About AI Agent Skills
Similar Skills
git-commit-writer
Writes conventional commit messages by analyzing your staged git changes. Detects commit type, scope, and breaking changes automatically.
env-doctor
Diagnoses why your project will not start. Checks runtime versions, dependencies, environment variables, databases, ports, and build artifacts systematically.
code-reviewer
Reviews your code for bugs, security vulnerabilities, logic errors, performance issues, and style violations. Organizes findings by severity and suggests fixes with code examples.
readme-generator
Generates a complete, polished README.md by scanning your actual project structure, dependencies, and code.