PHASE 03 // IMPLEMENT

Implement

Operational artefacts for putting FinOps into practice — the runbooks you follow, the demo apps you can run, and the field notes behind them.

recfo@implement:~/governance
view:
recfo@implement:~/governance $ cat workflows/*.md
→ 9 governance workflows · roles · RACI · centralisation · tech stack · I/O artefacts
G-01 · workflow

Onboard New Cloud Account

A new application team requests an isolated environment. The account is provisioned, tagged, baseline-secured, and handed back ready to deploy into.

runbooks → S1-01 Define a Tagging StrategyS1-02 Tagging Enforcement via Policy
activity type: centralised
CCoE owns the factory; teams consume.
swimlanes by responsible role 3 actors · see matrix view for full RACI
Engineering / App Team
01 Raise account request Jira · Service Portal
05 Hand over & deploy Backstage · SSO
FinOps / CCoE
02 Validate & approve request Jira · Confluence
04 Provision account from blueprint Terraform · AWS CT · OPA
Architect
03 Review landing-zone fit Miro · Confluence
inputs · outputs · tech
#
INPUT
ACTION
TECH
OUTPUT
01
▸ Project intake form
Raise account request
Jira, Service Portal
→ Ticket FIN-####
02
▸ Ticket FIN-####
Validate & approve request
Jira, Confluence
→ Approved request
03
▸ Approved request
Review landing-zone fit
Miro, Confluence
→ Architecture sign-off
04
▸ Architecture sign-off
Provision account from blueprint
Terraform, AWS CT, OPA
→ Account ID + baseline
05
▸ Account ID + baseline
Hand over & deploy
Backstage, SSO
→ Working environment
G-02 · workflow

Define & Enforce Tagging

Apply a five-tag schema across all resources. CCoE owns the schema; application teams apply tags; policy-as-code denies untagged plans.

runbooks → S1-01 Define a Tagging StrategyS1-02 Tagging Enforcement via PolicyS1-03 Tag Compliance Reporting
activity type: hybrid
Schema central, application decentral.
swimlanes by responsible role 3 actors · see matrix view for full RACI
FinOps / CCoE
01 Define mandatory tag schema Confluence · GitHub
03 Encode policy & publish module OPA · Terraform · GitHub
05 Monitor compliance, surface gaps Backstage · Grafana
Finance
02 Review for finance alignment Confluence
Engineering / App Team
04 Apply tags in IaC Terraform · GitHub Actions
inputs · outputs · tech
#
INPUT
ACTION
TECH
OUTPUT
01
▸ Cost-centre list
Define mandatory tag schema
Confluence, GitHub
→ tagging-schema.yaml
02
▸ tagging-schema.yaml
Review for finance alignment
Confluence
→ Approved schema
03
▸ Approved schema
Encode policy & publish module
OPA, Terraform, GitHub
→ tag-policy v1.0
04
▸ tag-policy v1.0
Apply tags in IaC
Terraform, GitHub Actions
→ Tagged resources
05
▸ Tagged resources
Monitor compliance, surface gaps
Backstage, Grafana
→ Compliance score
G-03 · workflow

Cost Anomaly Response

A spike trips the detection threshold. Triage to the responsible app team; if structural, route to architecture review.

runbooks → S4-05 Automated Anomaly Detection
activity type: decentralised
App team owns root cause & fix.
swimlanes by responsible role 3 actors · see matrix view for full RACI
Platform
01 Detect anomaly (>3σ) Anomaly Det. · PagerDuty
FinOps / CCoE
02 Triage & assign Jira · Slack
05 Confirm closure Jira · Backstage
Engineering / App Team
03 Investigate root cause CloudWatch · Grafana
04 Apply fix or escalate Terraform · GitHub
inputs · outputs · tech
#
INPUT
ACTION
TECH
OUTPUT
01
▸ Daily cost stream
Detect anomaly (>3σ)
Anomaly Det., PagerDuty
→ Alert + attribution
02
▸ Alert + attribution
Triage & assign
Jira, Slack
→ Owner + SLA
03
▸ Owner + SLA
Investigate root cause
CloudWatch, Grafana
→ RCA notes
04
▸ RCA notes
Apply fix or escalate
Terraform, GitHub
→ Resolution PR
05
▸ Resolution PR
Confirm closure
Jira, Backstage
→ Closed ticket
G-04 · workflow

Commitment Purchase Decision

Buy RIs / Savings Plans / CUDs against a forecast. CCoE proposes; finance approves; procurement executes.

runbooks → S4-04 Commitment Portfolio Strategy
activity type: centralised
Single portfolio, central treasury.
swimlanes by responsible role 3 actors · see matrix view for full RACI
FinOps / CCoE
01 Model coverage scenarios Python · Looker
05 Inform consuming teams & track utilisation Backstage · Looker
Finance
02 Validate financial assumptions Excel · Anaplan
Procurement
03 Negotiate vendor terms Vendor Portal · Confluence
04 Execute purchase AWS Console · Terraform
inputs · outputs · tech
#
INPUT
ACTION
TECH
OUTPUT
01
▸ 12-month forecast
Model coverage scenarios
Python, Looker
→ Coverage proposal
02
▸ Coverage proposal
Validate financial assumptions
Excel, Anaplan
→ Approved budget
03
▸ Approved budget
Negotiate vendor terms
Vendor Portal, Confluence
→ Negotiated terms
04
▸ Negotiated terms
Execute purchase
AWS Console, Terraform
→ Active commitments
05
▸ Active commitments
Inform consuming teams & track utilisation
Backstage, Looker
→ Coverage report
G-05 · workflow

Showback / Chargeback Cycle

Monthly close — cost is allocated by tag, posted to business units, disputes resolved within a fixed window.

runbooks → S2-01 Showback to Business UnitsS2-02 Chargeback Implementation
activity type: hybrid
CCoE allocates, BUs review.
swimlanes by responsible role 3 actors · see matrix view for full RACI
FinOps / CCoE
01 Allocate by tag & shared logic dbt · Snowflake · FOCUS
02 Publish showback dashboards Looker · Backstage
Engineering / App Team
03 Review & dispute Jira · Slack
Finance
04 Reconcile & re-issue Excel · Snowflake
05 Post to GL SAP · NetSuite
inputs · outputs · tech
#
INPUT
ACTION
TECH
OUTPUT
01
▸ FOCUS billing data
Allocate by tag & shared logic
dbt, Snowflake, FOCUS
→ Allocated ledger
02
▸ Allocated ledger
Publish showback dashboards
Looker, Backstage
→ BU statements
03
▸ BU statements
Review & dispute
Jira, Slack
→ Dispute tickets
04
▸ Dispute tickets
Reconcile & re-issue
Excel, Snowflake
→ Final invoice
05
▸ Final invoice
Post to GL
SAP, NetSuite
→ GL entry
G-06 · workflow

Rightsizing Recommendation

CCoE surfaces underutilised resources from telemetry; the application team validates and applies the change in IaC.

runbooks → S4-01 Rightsize ComputeS4-02 Storage Lifecycle Policies
activity type: decentralised
App team owns the workload change.
swimlanes by responsible role 2 actors · see matrix view for full RACI
FinOps / CCoE
01 Generate rightsize candidates Compute Optimizer · dbt
02 Triage by impact Backstage · Jira
05 Verify savings realised Looker · FOCUS
Engineering / App Team
03 Validate against SLOs Grafana · PromQL
04 Apply change in IaC Terraform · GitHub
inputs · outputs · tech
#
INPUT
ACTION
TECH
OUTPUT
01
▸ Utilisation telemetry
Generate rightsize candidates
Compute Optimizer, dbt
→ Candidate list
02
▸ Candidate list
Triage by impact
Backstage, Jira
→ Prioritised tickets
03
▸ Prioritised tickets
Validate against SLOs
Grafana, PromQL
→ Go / no-go
04
▸ Go / no-go
Apply change in IaC
Terraform, GitHub
→ Resized resource
05
▸ Resized resource
Verify savings realised
Looker, FOCUS
→ Savings record
G-07 · workflow

Forecast & Budget Cycle

Quarterly driver-based forecast. Finance owns the model; CCoE feeds drivers; app teams confirm assumptions.

runbooks → S2-03 Budget Forecasting — Driver-BasedS2-04 Unit Cost KPIs by Product
activity type: centralised
Finance-owned cycle.
swimlanes by responsible role 4 actors · see matrix view for full RACI
FinOps / CCoE
01 Build cost drivers dbt · Python
05 Track variance Looker · Slack
Finance
02 Forecast model run Anaplan · Python
Engineering / App Team
03 Validate assumptions Looker · Confluence
Executive / Leadership
04 Approve budget Anaplan
inputs · outputs · tech
#
INPUT
ACTION
TECH
OUTPUT
01
▸ Historical FOCUS data
Build cost drivers
dbt, Python
→ Driver dataset
02
▸ Driver dataset
Forecast model run
Anaplan, Python
→ Draft forecast
03
▸ Draft forecast
Validate assumptions
Looker, Confluence
→ Adjusted forecast
04
▸ Adjusted forecast
Approve budget
Anaplan
→ Approved budget
05
▸ Approved budget
Track variance
Looker, Slack
→ Variance report
G-08 · workflow

Policy-as-Code Guardrail

A new guardrail (e.g. block GPU instances in dev) is proposed, reviewed, encoded and enforced at plan time.

runbooks → S1-02 Tagging Enforcement via Policy
activity type: hybrid
CCoE encodes; teams remediate.
swimlanes by responsible role 5 actors · see matrix view for full RACI
FinOps / CCoE
01 Propose guardrail Confluence · GitHub
Security
02 Security review Confluence
Architect
03 Approve & merge GitHub
Platform
04 Enforce at plan time OPA · Terraform Cloud
Engineering / App Team
05 Remediate violations Terraform · GitHub
inputs · outputs · tech
#
INPUT
ACTION
TECH
OUTPUT
01
▸ Risk / cost concern
Propose guardrail
Confluence, GitHub
→ Policy RFC
02
▸ Policy RFC
Security review
Confluence
→ Security sign-off
03
▸ Security sign-off
Approve & merge
GitHub
→ Merged policy
04
▸ Merged policy
Enforce at plan time
OPA, Terraform Cloud
→ Plan-time deny
05
▸ Plan-time deny
Remediate violations
Terraform, GitHub
→ Compliant infra
G-09 · workflow

Decommission Workload

A workload reaches end-of-life. Owner declares; CCoE schedules; resources are torn down and final invoice closed.

runbooks → S4-01 Rightsize Compute
activity type: decentralised
App team initiates & owns.
swimlanes by responsible role 4 actors · see matrix view for full RACI
Engineering / App Team
01 Declare decommission Jira · Backstage
04 Tear down via IaC Terraform · GitHub
FinOps / CCoE
02 Schedule & freeze Jira · Slack
Architect
03 Architecture impact check Confluence
Finance
05 Close billing & archive SAP · S3 Glacier
inputs · outputs · tech
#
INPUT
ACTION
TECH
OUTPUT
01
▸ EOL announcement
Declare decommission
Jira, Backstage
→ Decommission ticket
02
▸ Decommission ticket
Schedule & freeze
Jira, Slack
→ Freeze date
03
▸ Freeze date
Architecture impact check
Confluence
→ Dependency map
04
▸ Dependency map
Tear down via IaC
Terraform, GitHub
→ Resources removed
05
▸ Resources removed
Close billing & archive
SAP, S3 Glacier
→ Closed cost-centre
recfo@implement:~/governance $
recfo@implement:~/governance $