Welcome to the Finout documentation hub! Find everything you need to manage your cloud financial operations with ease. Our updated articles, clear guides, and step-by-step instructions help you make the most of the Finout platform. Whether you're just getting started or optimizing your workflows, we aim to empower you with the knowledge to take full control of your cloud costs.

Discover Finout

Configuration and Administration

Finout Demo

SSO Overview

Single Sign-On (SSO) setup simplifies user authentication and access management across multiple applications within an organization. It allows users to securely authenticate once and access various services without having to re-enter credentials. Integrating your SSO providers with Finout enhances security and streamlines administration by reducing the risk of credential-based attacks.

Connect Your ​​SSO Providers to Finout

Follow this procedure to integrate your SSO provers with Finout.

To connect SSO providers to Finout:

1. In Finout, navigate to the Admin Portal.
2. In the Admin Portal navigation bar, click SSO.
3. Click on Setup SSO connection. The Setup SSO connection appears.

1. Select the SSO provider with which you wish to connect with Finout.

   Note: It is recommended to choose the SAML integration.

2. Follow the onscreen instructions for the chosen SSO provider. You are redirected to the Self-service SAML configuration/SSO configuration.
3. Enter a Domain Name and click Proceed.

   Note: The domain must be claimed by copying the TXT record and applying it to your DNS provider.

   The Record Name and Record Value appear.
4. Copy this data and add it to a new TXT record in your DNS file, then click Proceed. You are brought to the Manage Authorization step.
5. Assign default roles to all SSO users by adding one or more account roles from your list of predefined roles.

6. You can optionally map your IdP groups to roles available in the application.

   Note: Ensure that your IdP passes the groups attribute that is sent in the SAML Assertion.
7. Click Done and save the connection.

8. Login into Finout using the SSO to ensure that it is enabled.

FAQs

If a user has the following groups:

• Group A in Active Directory: Connected to Group 1 in Finout.

• Group B in Active Directory: Connected to Group 2 in Finout.

What permissions will the user have if they are moved from Group A to Group B?

The user will have access to both Group 1 and Group 2 in Finout. To remove access to Group A, you must remove it from Group A in Finout.

What happens if a user is part of an Active Directory group and belongs to another group in Finout?

The user will have access to both groups in Finout. This access will be effective immediately upon the next login.

If a user belongs to multiple SAML groups with corresponding groups in Finout, will Finout assign the user to all these matching groups?

Yes, if a user belongs to multiple SAML groups with corresponding groups in Finout, Finout will assign the user to all of these matching groups.

Does Finout support re-evaluating user group memberships upon every SAML login?

No, group provisioning happens only when the user onboards Finout. Then, they need to manage the groups in the admin portal and Finout groups settings.

What is a Cost Type?

A cost type indicates how costs are calculated and presented for each cloud service based on the amount of resources used. The default cost setting in Finout is the net amortized cost. If you need to change this default setting, navigate to Settings > Advanced Settings to select a different cost type.

Cost Type Definitions

• Unblended Cost- This is the actual cost as detailed on your invoice, including charges for resources consumed and any upfront costs associated with Reserved Instances or pre-paid services. It reflects the direct expenses recorded and paid by your finance department, ensuring that the charges on the invoice match the actual payments made. Understanding Unblended Costs is essential for accurate financial accounting.

• Net Unblended Cost- The Net Unblended Cost reflects the costs after all applicable discounts have been directly applied to the service. Unlike the standard Unblended Cost, where discounts are usually itemized separately on different lines of the invoice, showing the "regular" costs of services, the Net Unblended Cost integrates these discounts directly into the service costs themselves.

• Amortized Cost- Amortized costs distribute the expenses of commitment payments across the duration of the Commitment Plan (SP, RI), matching costs with the actual service usage. This represents the usage costs of your Committed Plans. In contrast, Unblended Cost accounts for expenses as they occur.
• Net Amortized Cost- This cost type represents the total expenses after applying all relevant discounts to the amortized costs.

• Blended Cost- Blended rates average the costs of Reserved Instances and On-Demand Instances across all accounts. The total cost is calculated by dividing the total cost of services by the amount of data stored or the service usage, excluding monthly CSP/RI fees or upfront RI fees.

• Net FairShare Cost - The AWS refund is factored into the cost of each included service, with the FairShare formula applied afterward. Conversely, for FairShare costs, the refund (e.g., PrivateRateDiscount) is handled as a separate billing line and excluded from the formula. Contact Finout support at support@finout.io to enable this feature.

Cost Type Mapping Across Providers

Finout standardizes cost calculations across cloud providers and services, ensuring a consistent and accurate view of spending. The table below outlines how Finout's cost types align with different providers.

AWS References

Only users with admin privileges have the exclusive right to access the Finout admin portal, which encompasses role management and inviting new members to the platform.

Adding a New Finout User

1. Log into your Finout account with Admin role credentials.
2. Click on your username, then select Admin Portal.
3. Navigate to the Users section.

1. Choose Invite User. The Invite User popup appears.

1. Provide the new user’s Email.

3. Fill in the user’s Full Name.

4. Optionally enter the user’s Phone Number.

5. Optionally copy the invite link and forward it directly to the user.

6. Click Invite.

Following this, the new user’s status will display as Pending approval. Once the user activates their account, which can be done through the email link or the shared direct link (instructions provided below), and the setting up of a password, their joining date will be reflected in the Joined column.

Account Activation for New Users

As a new user of Finout, account activation is a necessary step before diving in. To activate your Finout account:

1. Access the Activate Your Account email.
2. Click on Activate my account.
3. Set a New password and Confirm new password.

4. Click Activate. Following this, you are all set to explore Finout.

Finout is a comprehensive cloud cost management solution that empowers FinOps, DevOps, and Finance teams to effectively manage and reduce cloud spend while improving profitability without requiring code changes or modifying existing tags.

Our comprehensive suite of features is strategically divided into three key phases of the FinOps lifecycle: Inform, Optimize, and Operate.

Inform

Optimize

Operate

Finout is revolutionizing cloud cost management with its innovative Enterprise Discount Program (EDP) feature, designed to empower users with maximum flexibility and accuracy. This feature allows businesses to seamlessly configure their discount agreements directly into Finout, providing a dynamic and self-service approach to monitoring cloud expenses.

Finout’s EDP feature supports two configuration options:

1. Discount Percentage- Represents the percentage of the discount.

2. Discount Rate- Represents a change in the actual rate itself.

Who Can Benefit from Finout's EDP Feature?

• Non-direct EDP users: Finout's EDP feature is especially useful for those who do not automatically receive Enterprise Discount Program (EDP) benefits in their Cloud Usage Report (CUR) from AWS. It enables these users to manually add and configure discounts within Finout for a more accurate representation of their post-discount cloud costs.

• Versatile discount application: The EDP feature in Finout is versatile and can be used to apply discounts not just for Amazon Web Services, but across various services integrated into a user's MegaBill. This makes it a valuable tool for businesses managing a diversified cloud infrastructure​​.

• For direct EDP recipients: Users who already receive their EDP discounts directly in their CUR from AWS (or any other cloud provider) might not need to use Finout's EDP feature, as their discounts are automatically applied and reflected in their billing data. However, they can still use Finout's EDP feature for any additional, non-AWS services they wish to apply discounts to, or for further customization and detailed monitoring of their cloud costs​​.

Set Up Your EDP

By selecting a specific cost filter and layering an EDP configuration over it, Finout creates an EDP Tag that includes the assigned rate or percentage. To set your EDP:

1. In Finout, navigate to Settings and click EDP Setup. ​
2. Configure you EDP:

   • If this is your first time setting up an EDP in Finout, click Add new EDP.
3. Define EDP Rules: 1)Name: Enter a name for the EDP. 2)Add Category: Select a category for the EDP

   3)Where: Select relevant cost center filters for EDP application.

   4)Then: Specify the applicable EDP discount rate or percentage. - Percentage: This applies to the entire cloud bill. For example, a 50% discount on the AWS bill due to EDP. - Rate: Represents a specific value. For example, a 1.5$ discount for AmazonEC2 due to EDP. 5)Timeframe settings: Optionally define a timeframe for EDP rules to apply. 6)Additional rules: Incorporate any other specific rules as needed. For instance, a 25% EDP discount on certain services (e.g., Datadog). 7)Untagged Cost: Set the percentage value for the untagged cost. 8)Notifications: Receive notifications on any changes made to this virtual tag. ​

4. Click Apply EDP Tag. After applying the EDP tags, you will see a preview of your configurations.

Manage your EDP

Manage your EDP by enabling EDP adjustments and specific cost types.

Enable EDP Adjustments

Enable this EDP to allow all users to see the cost data with EDP adjustments on all Finout pages.

To enable EDP adjustments:

1. In Finout, navigate to Settings. You are brought to the Account Settings tab. ​
2. In the Account settings tab, toggle-on Select Show cost with EDP adjustments to apply EDP changes across Finout pages. EDP adjustments are enabled on all of Finout’s pages.

Enable EDP for Specific Cost Types

Allow users to configure which cost type the EDP should be applied to. This functionality ensures consistent and accurate application of EDP across the platform for various cost types, including Net Amortized, Unblended, Amortized, Net Unblended, Blended Cost, Effective Cost, and Net Effective Cost. This customization gives users precise control over how EDP affects their cost management and visibility, providing more precise insights into both EDP-adjusted and non-adjusted costs.

To enable EDP for specific cost types:

1. In Settings, navigate to the Account Settings tab.
2. Under Cost Types & EDP Configuration, toggle-on the cost types where you want EDP to be applied and click Save. The Confirm Changes pop-up appears.
3. Click Apply. EDP is applied to cost types as default to all views.

Incorporate EDP into MegaBill

After EDP Is set up, you can instantly see it in your MegaBill by toggling the Show cost with EDP.

Still need help? Please feel free to reach out to our team at support@finout.io.

Overview

List Cost shows the public pricing for your cloud resources, reflecting what you would have paid without any discounts, commitments, or Enterprise Discount Plans. It uses the baseline retail price of services, offering a clear and unbiased view of your cloud spend. This empowers you to take control of your cloud expenses by providing clear, actionable insights based on public pricing data.

What are the benefits of List Cost?

• Benchmark Costs: See the raw, unadjusted pricing of your cloud usage.

• Simplify Analysis: Understand the true value of your resources without financial manipulations such as Reserved Instances (RIs), promotions, or commitment plans.

• Improve Accountability: Evaluate cost anomalies and missed savings opportunities due to lack of coverage or unused resources.

How does it work?

Finout calculates List Cost by sourcing public pricing data from each provider:

• AWS: Based on the column pricing_public_on_demand_cost.

• GCP: Based on the column cost_at_list.

Add List Cost to a View

Add List Cost to your view to analyze your cloud spend at its raw retail value without the noise of discounts or commitments.

Navigate to any cost-related view in Finout and choose List Cost as the cost type.

• Dashboards / Widgets
• Data Explorer
• Resources

FAQs

Q: Where can I see List Cost in Finout?

A: List Cost is available across all cost-related views in Finout, including:

• Dashboards / Widgets

• Data Explorer

• Resources

Q: Why is List Cost missing or displayed as null for a Cost Center?

A: To maintain a consistent user experience, List Cost will not appear in certain application features if unsupported by a Cost Center but will be displayed as null in Data Explorer. However, to ensure a consistent user experience, List Cost will not appear in certain application features if it is unsupported by a Cost Center; however, it will be displayed as null in Data Explorer.

Finout simplifies cloud cost management with seamless integrations across major cloud providers. By unifying billing data from multiple platforms into a single view, Finout empowers you to track, analyze, and optimize your cloud expenses precisely, regardless of where your resources are hosted.

The following cloud services can be integrated with Finout:

Oracle Integration Overview

Oracle Cloud Infrastructure (OCI) is a comprehensive platform offering high-performance computing and a wide range of cloud services, designed for reliability, scalability, and security.

Integrating Finout with OCI allows you to efficiently manage your cloud resources, optimize spending, and gain valuable insights into your OCI cloud operations.

1. Create a New Group for Finout

Access permissions in Oracle are assigned to groups. Create a separate group for Finout to ensure access only to the necessary billing resources.

1. Go to the OCI navigation menu → Identity & Security → Domains → <Finout domain> → Groups (in the right-hand menu).

1. Click Create Group.

1. Fill in the Group Name and add some Description.

1. Click Create.

2. Add the Group a Policy to Access the Cost Reports

Assign a policy to the group for accessing cost reports. In OCI, group permissions are managed through policies. By assigning a policy to the Finout group, you ensure that all its members can access only what the group policies allow.

1. Go to the OCI navigation menu → Identity & Security → Policies.
2. Click Create policy.

3. Choose a name for the policy that clearly indicates its purpose for accessing cost reports.

4. In the policy builder box at the bottom of the screen, activate the Show manual editor button and enter the following statements:

   Note: Save your tenancy for step 5.

   • Statement 1:

     Important: The following statement is not an example. You need to run this statement exactly as it is shown below.

     define tenancy usage-report as ocid1.tenancy.oc1..aaaaaaaaned4fkpkisbwjlr56u7cj63lf3wffbilvqknstgtvzub7vhqkggq This specifies the tenancy for usage reports, which is in a bucket owned by Oracle.

   • Statement 2: endorse group <group name> to read objects in tenancy usage-report Replace <group name> with the name of the group created for Finout. If you want your own groups/users to access the cost reports as well, add another policy with the relevant <group name>.

     Examples:

     • If you chose the “Default” domain: endorse group default to read objects in tenancy usage-report

     • If you chose a custom domain named “finoutdomain”: endorse group finoutdomain/default to read objects in tenancy usage-report

5. Click Create.

3. Create a User for Finout

1. Go to the OCI navigation menu → Identity & Security → Domains → Users.
2. Click Create User.
3. Fill in the name and email of the Finout user.

1. Click Create.

4. Generate an API Key

Generate an API key to enable Finout users to access the reporting bucket via the Oracle API key.

Create an API key pair in the OCI console to enable API signing for the Finout user:

1. Ensure an administrator user is logged into Oracle, as only administrators can perform these steps.

2. Navigate to Identity & Security → Domains → <Finout user domain> → Users, and click the Finout user to access their profile.
3. Navigate to the Resources section in the bottom left screen and select API keys.
4. Make sure that the Generate API key pair is chosen.

5. Click Download Private Key and save the key in a local directory.

6. Click Add.
7. A configuration is displayed. Click on the copy button below the text box and paste it into a local file editor (save for step 5).

5. Integrate Oracle with Finout

1. In Finout, navigate to Settings > Cost Centers and click Add cost center. The Connect Accounts window appears.
2. In OCI, click Connect Now. The Connect to OCI window appears.
3. Fill the relevant fields from the "Configuration file preview" text box you copied in the previous step (Step 4). For “Private key data” you need to open the file and copy the entire file contents, including the key header.

4. Click Next. The cost center is created.

Azure Integration Overview

Integrate Azure with Finout to generate comprehensive cost and usage reports tailored to your organization's needs. Configure Finout to create detailed reports using Azure data, either for specific subscriptions or across your entire organization. This integration allows for in-depth analysis and management of expenses, offering valuable insights into cost allocation and usage trends across your Azure infrastructure.

Azure Configuration Workflow:

1. Create a Service Principal for Finout

a. Create a service principal using the CLI

1. From the CLI, type the following:

az ad sp create-for-rbac -n "finout"

1. You will receive an output similar to the following:

{
  "appId": "3c666g0g6-8cb8-8b33-cba6-abc7676a8989",
  "displayName": "finout",
  "password": "789************************",
  "tenant": "6666b777-ba88-44a9-a4aa-666ccb222a91"
}

b-1. Create a service principal using the Azure portal

1. From your Azure portal, search for and select Azure Active Directory.

2. Select App registrations, then click New registration.
3. Name the application (For example, "Finout").

4. Leave the default values in the rest of the parameters and click Register.

5. The Overview page provides two of the credentials required for the Finout console (step 4) the Application (client) ID and the Directory (tenant) ID.

   Important: Save the following details to use in the Finout console (step 4):

   • appId → Application (client) ID

   • tenant → Directory (tenant) ID

b-2 Set up the authentication

For the Finout integration, use the password-based authentication (application secret) method by following these steps: ​

1. Select Certificates & secrets from the left-hand menu on the app registration page.
2. Click + New client secrets to create a new client secret.

3. Select a time frame for its expiration, add a description, and then click Add.

   Note: If the secret is set to expire, you must remember to renew the credentials and reconfigure it in the Finout console.

4. Copy the Value from the Client secret to the Application secret field in the Finout console (step 4).

2. Create the Billing Export

In this step, create the export for the billing scope and grant Finout read-only access to these export files.

Create the report exports on the billing scope:

The reports must be exported twice, once for each of the following cost types:

1. Actual cost

2. Amortized cost

You should provide a different directory for both exports, but both exports must be exported to the same container.

To create an export in your Azure portal:

1. In Azure, navigate to Cost Management.
2. Click Exports in the left-hand menu.
3. From the Export screen, click + Create. The New export page appears.
4. Click Cost and Usage (actual or amortized).

   ​Note: The reports must be exported twice, once for each cost type. You should provide a different directory for both exports, but both exports must be exported to the same container.

   You are brought to the Datasets tab.
5. Add the Export Profile name and click Next. You are brought to the Destination tab.

   Important: - Ensure that the Format is CSV. - Ensure that the Compression type is None.

   Fill in the details required on the destination page.

   Note: Save the following details to add to Finout (step 4): -Storage Account

   -Container

   -Actual Cost Directory and Export Name

   -Amortized Cost Directory and Export Name

6. Click Next. You are brought to the Review and Create tab.

7. Review the summary and click Create.

8. After the export is created, select it from the export page and click Run now.

3. Grant Finout Read-Only Permission from the Export Storage

Grant read-only permission by using Azure CLI or the Azure portal.

Grant permissions using Azure CLI

• Type the following command in your CLI and fill in the parameters according to the role and storage details:

  Copy

  az role assignment create --assignee <app_id> --role "Storage Blob Data Reader" --scope /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/Microsoft.Storage/storageAccounts/<storage_account_name>/blobServices/default/containers/<container_name>

Grant permissions using the Azure portal

1. From your Storage account page, click Containers and select the export container.

2. Select Access control (IAM).

3. Click +Add and then click Add role assignment.

4. Search for Storage blob data reader, select it, and then click Next.

5. Click + Select members and find the Finout service principal.

6. Select the Finout service principal and click Select.

7. Click Review + Assign.

4. Integrate Azure with Finout

1. Navigate to Settings > Cost Centers and click Add cost center. The Connect Accounts window appears.
2. In Azure, click Connect Now. The Azure integration window appears.
3. Add the details saved from step 1 and click Next. You are brought to the Create the billing export page.
4. Add the details saved from step 2 and click Next. The integration is complete.

AWS Integration Overview

Integrate AWS with Finout to generate comprehensive cost and usage reports tailored to your organization's needs. Configure Finout to create detailed reports using AWS data, specifying specific accounts or encompassing your entire organization. This integration enables in-depth expense analysis and management, providing valuable insights into cost allocation and usage trends across your AWS infrastructure.

AWS Configuration Workflow:

1. Create a CUR in the AWS Console

To begin using Finout to monitor the cost of your cloud bill, Finout needs access to your Amazon Cost and Usage Report (CUR).

​To create a CUR in AWS:

2. Mark Legacy CUR export.
3. In Export name, enter a report name. Example: yourcompanyname-billing-reports

4. Export content:

   - In Additional export content, mark the following:

   1. Include resource IDs - Ensure that this is marked for successful configuration.

   2. Split cost allocation data - Optionally mark to add more detailed cost and usage data. Enabling split cost allocation does not make any changes to the Finout console.

   Note: Pod label enrichment remains a separate Finout feature that is not covered in AWS's split data. Finout will also continue providing Kubernetes rightsizing recommendations.

   - In Data refresh settings, ensure the Refresh automatically is marked.

5. Data export delivery options:

   1. Ensure the time granularity is marked Hourly.

   2. Choose either Create new report version or Overwrite existing report. Both report versioning types are supported.

   3. Choose the Parquet compression type

6. Data export storage settings:

   1. • Create the destination bucket to store the cost and usage data:

        1. Add a bucket name. Save it for future use in step 5.

           1. Choose a region. Save it for future use in step 5.

           2. Mark The following default policy will be applied to your bucket.

           3. Click Save. Your bucket is created.

   2. Add your S3 path prefix. Save it for future use in step 5.

7. Click Next and then Review and Complete. The report is created within a few hours.

2. Verify Tag Activation

Verify that the tags you want included in your CUR are activated so that Finout can provide visibility for those tags.

To check if tags are activated:

2. Ensure that all the tags you want Finout to analyze, both now and in the future, are activated.

3. Obtain External ID from Finout

Get the external ID in order to Grant Finout Access to Your CUR Bucket.

1. Navigate to Settings > Cost Centers and click Add cost center. The Connect Accounts window appears.
2. In AWS, click Connect Now. The Connect to AWS window appears. ​
3. Copy the External ID and continue to grant Finout access to your CUR bucket.

4. Grant Finout Access to Your CUR Bucket

Once the CUR is created, grant Finout access to your CUR bucket by creating an IAM role. This can be done manually or by using CloudFormation.

To grant access using CloudFormation:

3. Complete the steps by adding the “external-id” (obtained in step 3) and the bucket name created for your CUR (step 1).

4. Click Next and then Submit. ​You are brought to the Stack details page.
5. Click Output and copy the ARN IAM role value to add in Finout (step 5). ​

To grant access manually:

2. In the account ID, enter: 277411487094.

3. Paste the Require external ID and enter the “external-id” (obtained in step 3).
4. Click Next. ​The Review step appears.
5. Add a Role name: FinoutMetricsReadOnlyRole and then configure the role. A new role is created.

6. Go to your new role in Summary.
7. Copy the Role ARN and save it for use in Finout (step 5).

8. Click on Add permissions and choose Create inline policy.

9. Choose JSON format and paste the following JSON: Replace <CUR_BUCKET_NAME> with the name of the bucket you created in step 1 or your existing CUR bucket:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "tag:GetTagKeys"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:Get*",
        "s3:List*"
      ],
      "Resource": "arn:aws:s3:::<CUR_BUCKET_NAME>/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:Get*",
        "s3:List*"
      ],
      "Resource": "arn:aws:s3:::<CUR_BUCKET_NAME>"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeReservedInstances*",
        "ec2:GetReservedInstances*"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "savingsplans:DescribeSavingsPlan*"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "organizations:ListAccounts",
        "organizations:ListTagsForResource"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ce:GetReservationUtilization",
        "ce:GetSavingsPlansUtilization",
        "ce:GetSavingsPlansUtilizationDetails",
        "ce:GetCostAndUsage",
        "ce:GetCostAndUsageWithResources"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "cloudwatch:ListMetrics",
        "cloudwatch:GetMetricData",
        "cloudwatch:GetMetricStatistics"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeVolumes"
      ],
      "Resource": "*"
    }
  ]
}

1. Click Next until the Review step, and name it finout-access-policy.

2. Click Create policy. Your IAM role is finalized and created.

5. Adding AWS Bucket Details to Finout

After creating your CUR in AWS and granting Finout access to your CUR bucket, you can add your AWS details to Finout.

To add bucket details in Finout:

1. Navigate back to the Finout console that you used in step 3.
2. Fill in the following fields:

   1. Add a personalized Cost Center Name.
3. Click Continue. After verifying the information entered, Finout will create a new cost center.

Connect AWS China to Finout Billing

Connect AWS China to Finout billing to securely share your AWS China billing data with Finout. Once the files are copied to a non-China region, continue with the regular AWS integration.

• Connect AWS China to Finout: To connect AWS China to Finout, ensure your AWS China billing data is copied to an S3 bucket outside of China. This is crucial for Finout to access and process the data effectively.

• Billing Data Conversion: ​Finout support can help convert billing data from Chinese Yuan to US Dollars, ensuring your financial data is consistent and manageable. For assistance, contact support at support@finout.io.

• CostGuard Support Limitations: Finout does not support CostGuard for AWS China accounts because the necessary metrics and permissions required for CostGuard scans are not accessible outside of China. This means that some detailed cost management features for other regions may not be available for AWS China.

AWS China Known Limitations:

When connecting Finout to AWS China, please be aware of the following limitations:

• Account Names:

  • Account names are not included in the Cost and Usage Report (CUR) files provided by AWS China. As a workaround, Virtual Tags can be used to manage and identify accounts.

• Enrichments:

  • Enrichments that require data beyond the CUR files, like Account-Level Tags, are not supported. This limitation exists because Finout only has access to the CUR files and lacks the additional permissions needed to retrieve these enrichments.

• Resource and Metric Access:

  • Finout does not have access to any AWS resources or metrics within the China region. The integration is limited to processing the billing files that are exported to an accessible location outside of China.

FAQs

• What format should the CUR file be in for optimal integration with Finout? ​ We recommend using the CUR file in the Parquet format for optimal integration, although Finout also supports CSV/csv.gz format. The Parquet format is preferred for its efficiency in processing and analytics, especially for large-scale data handling.

• Does the CUR file need to be located in the master payer account? ​ No, the CUR file does not need to be in the master payer account. The important requirement is to be comprehensive of all billing data for the master payer to ensure accurate and complete data analysis.

• Is it acceptable for the CUR file to overwrite itself throughout the month? ​ Yes, it is acceptable for the CUR file to overwrite itself throughout the month. This allows for up-to-date data analysis as new billing information becomes available.

• Can we use a CUR file from CloudHealth or another third-party service? ​ Yes, you can use a CUR file from services like CloudHealth as long as it matches the settings required by Finout and contains all necessary billing data. For integration, the directory structure should be in the format: s3://bucket_name/cur/year=2023/month=12/*.parquet.

• How long does it usually take for data to appear in the Finout platform? ​ Finout usually takes about 24 hours to complete the first fetch of data from AWS. We recommend checking first thing in the morning (10 AM your local time) the next day.

• What Should I Do If My AWS Self-Onboarding Process Fails? If the self-onboarding process fails, check the following:

  • Verify S3 Bucket Content: Ensure that your S3 bucket contains the CUR files and is not empty.

  • Check S3 Path Prefix: An incorrect S3 path prefix is the most common issue. The path prefix should typically follow the format your-organization-name/cur-report-name/. Avoid including the date-range part in the prefix, as it is replaced dynamically with the actual date range. ​Example: Use fedramp-org/finout-cur instead of including the date range in the path.

  • Manifest.json File: Confirm that the Manifest.json file is in your S3 bucket, as it's essential for the CUR integration. If the problem persists, contact Finout support with the credentials for further debugging.

• How can I correct an incorrect S3 path prefix? The S3 path prefix should be static and consistent with the location of the CUR files in your S3 bucket without including date ranges. If you included the date range in your path prefix, remove it and try again. Example: Use your-path/cur-report-name/ instead of your-path/20240101-20240201/.

• What if validations pass locally but fail during onboarding? ​ If validations pass locally but fail during onboarding, double-check the S3 path prefix to ensure that it matches the CUR setup in your S3 bucket. The prefix provided to Finout should match the prefix where the CUR files are stored. If you have made changes and everything is set up correctly, attempt the onboarding process again.

• Can I enable encryption on a S3 bucket created for cost reports? ​ Yes, the S3 encryption is supported.

Finout enhances your cost management capabilities by integrating with leading third-party tools and services. From CI/CD pipelines to monitoring platforms, these integrations provide a unified view of your spend across all operational layers, helping you optimize costs and align them with business objectives effortlessly. The following third-party services can be integrated with Finout:

GCP Integration Overview

Connecting Google Cloud Platform (GCP) to Finout enables seamless tracking and monitoring of your cloud expenses. By integrating GCP, Finout provides detailed insights into your usage, allowing you to visualize costs, optimize spending, and manage budgets across your GCP resources. The connection process involves securely linking your GCP billing account to Finout for real-time cost analysis.

1. Billing Export from GCP

1. In the Google Cloud account, select Billing.
2. Choose Billing export.
3. Make sure that the Detailed usage cost is enabled.

2. Granting Finout access to GCP

To connect GCP, Finout requires minimal permission to BigQuery in the project that is tied to your billing. To identify that project, check your billing page to see the connected project.

Perform the following steps after selecting the correct project:

1. Search for Service Accounts, and click Create New.
2. Configure these three roles:

   BigQuery Data Viewer BigQuery Job User BigQuery Read Session User

1. Leave section 3 blank and click Done.

2. From the context menu, select Manage Keys.
3. Click Add Key and Create New Key.
4. Choose JSON and paste the JSON in Finout's console:

GCP Credit Types

GCP credit types enable users to categorize and display different types of credits. This addition, which includes the ability to group and filter GCP credit types and show original costs, performs as an effective tool for cloud expense management and aims to deliver clarity and ease in financial analysis, empowering users with a more transparent view of their GCP billing and spending patterns.

This feature allows users to easily identify and analyze different types of GCP credits impacting their costs. It simplifies understanding how these credits play a role in overall expense management.

Common GCP credit types

• Sustained use discounts: For continuous resource usage.

• Committed use discounts: For consistent resource usage over time.

• Free tier usage: Covering costs under the GCP Free Tier.

• Promotional credits: Offered during promotions or special events.

• Research credits: Provided for academic or research-related purposes.

When no credits are applied to a cost, the Credit Types field will show Cost Without Credits. This distinction ensures clarity in cost analysis, helping users differentiate between discounted and non-discounted expenses. Understanding the original cost before credits is essential for a comprehensive view of spending and evaluating the effectiveness of credits used.

Key feature functionalities

• Grouping by Credit Types: Offers an aggregated view of how different credits influence your total cloud expenses.

• Filtering by Credit Types: Allows for targeted analysis of specific credit types, offering deeper financial insights.

FAQs

How can I grant Finout access to my GCP billing table through a custom project instead of the primary project?

• Project Name

• Dataset

• GCP Table

Datadog Overview

Integration Types: UAT (Default) and Custom Tags

Datadog Integration

To set up the Datadog integration, you first create an API key and an application key in your Datadog account to establish secure access. Then, in the Finout console, enter these keys to connect Datadog with Finout. Once integrated, Finout syncs usage and cost data, offering detailed cost breakdowns, resource categorization, and actionable insights.

1. Create an API Key

a. Log into your Datadog account.

b. Hover over your Datadog user and select Organization Settings. The Organization Settings view appears.

c. Click API Keys. The New API Key pop-up appears.

d. Enter an API key name and click Create Key.

e. Copy the new API key, save it for later (step 3-f), and click Finish.

2. Create an Application Key

a. In your Datadog account, hover over your Datadog user and select Organization Settings.

b. Choose Application Keys.

c. Enter an API key name and click Create Key.

d. The default configuration is a non-scoped app key. To scope the API key, click Edit under the scope section. The Edit Key Scope appears.

f. Copy the new App key and save it for later (step 3-f).

3. Finout Console Integration

a. In Finout, navigate to Settings.

b. Click Cost Centers. You are brought to the cost centers page.

c. Click Add cost center. The Connect Accounts popup appears.

d. Find Datadog and click Connect Now. The Datadog integration popup window appears.

f. Add the API key and APP key (created in step 1 and 2) and click Next. The cost center has been created.

Limitations

• Single Integration Type: Finout supports a single DataDog integration method per account.

• Impact of Transitioning to UAT: Migrating from Custom Tags to UAT Integration might break certain application features that rely on the existing Datadog data. Affected features may include:

  • Saved Views

  • Widgets

  • Virtual Tags

  • Reallocations

  • Anomalies

  • Datadog Scans

  • Data Explorer Queries

• No Support for Unique Sub-Organization Tags: Finout allows data break down based on the parent organization UATs. When the sub-organizations tags are different, their data will be allocated under "N/A" when grouping/filtering by the parent's UATs.

FAQs

• Note: The UAT feature is available only for Enterprise accounts in DataDog; If your DataDog account doesn't support it, you will be limited to use the Custom Tags integration in Finout. If you are unsure how to verify that, please contact Finout support at support@finout.io for further assistance.

• What happens to my sub-organization tags?

  If sub-organizations use the same tags as the parent organization, their data can also be broken down using these tags.

• What if sub-organization Tags differ from the Parent organization? Finout allows presentation and data breakdown only based on the parent organization's tags. Data using different tags will appear as "N/A" when filtering/grouping by the parent’s tags. Breakdown by sub-organization tags is not yet supported.

• What are the key differences between UAT and Custom Tag's integrations? Finout has two integration methods with Datadog: UAT (Default) and Custom Tags. They differ in how they retrieve and break down data. UAT Integration provides both cost and usage data with standardized tagging across multiple Datadog products. At the same time, Custom Tags Integration retrieves only cost data, relying on user-defined tags that may vary across products. the main differences between the integration types are: Current Datadog Integration (Custom Tags)

  The existing integration relies on Custom Tags, which are not Datadog’s native cost allocation method. This approach comes with several limitations:

  • Missing Usage Data – Only cost data is fetched, with no support for usage data.

  • Limited Product Support – Tag-based cost breakdown is available only for Timeseries and Indexed Logs, while cost data is fetched for all Datadog products.

  • Estimated Cost Allocation – Since Custom Tags are not Datadog’s standard method, Finout applies manipulations that may lead to potential inaccuracies.

  • Inconsistent Tagging Across Products – Custom Tags vary between Datadog organizations, causing inconsistencies in cost breakdowns across different products.

  UAT Integration (Usage Attribution Tags - Default)

  • Datadog Usage: Supports the fetching, presentation, and breakdown by tags of Datadogs usage data.

  • More Datadog Products: Supports cost and usage breakdown by tags for more Datadog products (38 vs. 2 in the old integration).

  • Accurate Cost and Usage Allocation: UAT directly leverages Datadog's cost and usage allocation by tags, eliminating the need for Finout’s previous estimation methods, and leading to more accurate and reliable cost distribution.

  • Additional Breakdown Features: In addition to UATs, we are able to breakdown the data based on organizations and regions.

  • Detailed & Consistent Cost Breakdown: UAT provides standardized cost and usage insights across organizations, sub-organizations, and regions, unlike custom tags that vary by product.

• What should I do to transition to the UAT-based integration?

  • If you currently have Datadog integration that uses Custom Tags: No integration configuration changes are required once the UAT feature is enabled. The transition might affect the following features:

    • Saved Views

    • Widgets

    • Virtual Tags

    • Reallocations

    • Anomalies

    • Datadog Scans

    • Data Explorer Queries

    Note: Contact support support@finout.io to get the list of the affected features within your account.

  • If you never integrated Datadog with your account before: If you have never integrated Datadog with your account before, contact support at support@finout.io to enable the feature before proceeding with the integration configuration steps.

    Note: The required migration might affect and break your current objects.

• Is any action required if an account was previously configured with the Custom Tags integration and UAT integration has been activated? You do not need to take any action because the integration configuration remains the same.

  Note: Transitioning to UAT-based integration might require migration of the application features currently using Custom Tags data

• Are there any limitations on historical data backfill?

  • Accounts previously using the Custom Tags integration: No limitations from Finout’s side, as the data has already been retained from Datadog’s Cost API. However, Datadog retains data for only 15 months, so older data cannot be backfilled.

  • Accounts initially set up with UAT as their first DD integration in Finout: Datadog’s Cost API allows fetching historical data only up to 2 months back, so the historical backfill will be limited accordingly.

Jira Overview

Connect Jira to Finout to streamline cost tracking for your projects. Jira, a popular tool for project management, issue tracking, and agile development, can be integrated with Finout to gain insights into your project costs and resource usage, enhancing financial visibility and control across your workflows.

Connect ​​Jira to Finout

Step 1: Generate an API token in the Jira Cloud

1. Sign in to your Jira Cloud account.

2. Navigate to Account Settings and select Security.

3. Under API token, select Create and manage API tokens.

4. Select Create API token, provide the API with a name for easy identification, and securely save the generated token.

Step 2: Gathering necessary information for the Finout integration

Before setting up the integration in Finout, ensure you have these details:

• Jira cloud base URL: Your specific Jira Cloud instance URL (e.g. https://yourdomain.atlassian.net).

• API token: The token generated in Jira Cloud.

Step 3: Setting up the integration in Finout

1. In Finout, navigate to Settings.

2. Go to the Integrations.

3. Choose Create Jira Integration.

4. Enter the details from step 2: User Email, URL, and API Token.

5. Click Submit.

Selecting the Appropriate Jira Email Address

• Identification: The Jira email address is an important identifier of your user account in Jira Cloud, essential for authenticating and authorizing the connection between your third-party tool and Jira.

• API Authentication: For API requests to Jira Cloud, such as creating a ticket, authentication is required to verify the legitimacy and authorization of the request. Typically, this involves using an email address in combination with an API token for basic authentication in Jira Cloud.

• Integration Context: The chosen email address determines the specific Jira account with which the third-party tool will interact. This is important as any actions (such as creating or updating issues) performed by the tool will be under the privileges and permissions of the associated Jira account.

• Audit and Traceability: Actions performed through the API are typically logged by Jira. The email address can be used to identify the account involved in these actions, helping in audit trails and troubleshooting purposes.

In a team or enterprise setting, it's recommended to use an email associated with a service account rather than an individual's account for more effective management of permissions and access control.

Using a Dedicated Service User for the Integration

For organizations with an unlimited user count in their Jira Cloud subscription, we highly advise creating a dedicated service user account for the integration with our tool. This method offers enhanced control and stability.

Create a dedicated service user in Jira Cloud

Step 1: Create a new user account

1. Navigate to the user management section in Jira.

2. Create a new user, designated for the integration. Provide a clear user name such as integration_service_user, for easy recognition.

Step 2: Assign necessary permissions

• Provide the new user with the necessary permissions for tasks such as issue creation and management.

  Note: Avoid giving administrative rights unless necessary.

Step 3: Generate an API token

Advantages of using a dedicated service user

• Permission Control: Simplifies permission management and auditing as they are isolated actual user accounts.

• Stability and Continuity: The integration is not linked to an individual employee’s account, ensuring continuity regardless of staff changes.

• Improved Security: Reduces the risk associated with using personal accounts for integrations and helps in maintaining a clear separation between user activities and automated processes.

• Clear Audit Trails: Any actions performed by the integration are attributed to the service user, simplifying tracking and auditing.

Key points to consider

• License Usage: For Jira Cloud accounts with limited user seats, adding a service user consumes one of these seats. However, for accounts without user count limitations, this is not a concern.

• Regular Maintenance: Like any account, ensure that the service user’s credentials are securely managed and that its permissions are reviewed regularly for any necessary updates.

By following these recommendations, organizations can achieve a more secure, controlled, and reliable integration with Jira Cloud.

Connect Finout to your Snowflake account to gain detailed insights into your Snowflake costs. Choose from two secure authentication methods—key-pair authentication or password-based—to integrate your data seamlessly. This setup allows you to visualize and analyze your expenses precisely, offering a clear view of cost trends and allocations within your Snowflake environment.

1. Create Permissions in Snowflake

1. Log into your Snowflake account using your login credentials.

2. Create a Finout Permissions in Snowflake:

   1. Open a new worksheet in your Snowflake console.

   2. To set up a dedicated warehouse, role, and user for Finout, paste the following query, ensure secure access by restricting the connection to specific IP addresses used by Finout, and then run the following command:

      Note: If you choose to use Key-pair authentication, you do not need to set a password when creating the user.

2. Integrate Snowflake in Finout

1. Navigate to Settings > Cost Centers and click Add Cost Center. The Connect Accounts window appears. ​
2. In Snowflake, click Connect Now. The Connect Snowflake wizard appears.
3. Enter the following details:

   • Cost Center Name: Enter the name of the cost center associated with this Snowflake account.

   • Username: Provide the username of the dedicated Finout user created in Snowflake.

   • Snowflake URL: Enter your Snowflake account URL.

   • Warehouse: Specify the warehouse (finout_warehouse) that was created for Finout.

   • Credits Cost: Enter the Snowflake credits per the compute and storage services.

   • Role: Enter the role (finout_role) created for Finout in Snowflake.

   • Database: Specify the Snowflake database where your cost data resides.

   • Add the price per TB of storage and the price of compute credit.

     Note: This is only for multiple organization accounts. Single organization accounts are automatically created when credit cost data is provided

4. Click Next. You are brought to the Authentication Method step.

5. To connect Finout to Snowflake, you can use either key-pair authentication or password-based authentication. When using key-pair authentication, Finout must securely store the private key because it initiates the connection to Snowflake. That’s why both keys need to be generated: the private key is securely stored by Finout, and you set the public key on your Snowflake user. This ensures secure access without requiring you to manage private credentials directly.

   • Key-Pair Generation: Finout will generate the key pair for you. We will securely store the private key, and you will receive the public key.

     1.Update Your Snowflake User Table: - Open a worksheet in your Snowflake console. - Use the public key provided by Finout to update your Snowflake user permissions/authentication method: ALTER USER <your_username> SET RSA_PUBLIC_KEY='<public_key>'; - Replace <your_username> with your Snowflake username. - Replace <public_key> with the public key provided by Finout.

     2.Complete the Setup in Finout: Return to the Finout console, mark I have completed the ALTER USER command in Snowflake, and click Next. Snowflake is onboarded and you will see Snowflake data in Finout within 24 hours.

   • Password Authentication: Connect Finout to Snowflake without leaving the Finout console.

     You might choose the password option if:

     • Your environment doesn’t require the advanced security of key-pair authentication.

     • You’re looking for a simpler, faster setup with minimal configuration.

     • You prefer not to manage private keys or want to avoid the additional steps involved in generating key pairs.

       1. Enter your password that was created in Snowflake (Step 1).

       2. Click Next. Snowflake is onboarded, you will see Snowflake data in Finout within 24 hours.

FAQs

Which Snowflake services are currently supported by Finout?

• Snowflake - Warehouse Reader Credits (Compute)

• Snowflake - Warehouse Credits (Compute)

• Snowflake - Warehouse Credits (Cloud Services)

• Snowflake - Storage

• Snowflake - Serverless Task Credits

• Snowflake - Search Optimization Credits

• Snowflake - Replication Credits

• Snowflake - Pipe Credits

• Snowflake - Materialization Credits

• Snowflake - Auto Clustering Credits

I already have a Snowflake Cost Center (CC) with password authentication. How can I change it to key-pair authentication?

Follow these steps to switch from password to key-pair authentication:

1. Request the public key: Contact Support to obtain the public key.

2. Update the Snowflake user: Insert the provided public key in your Snowflake console using the ALTER USER command. Finout generates the key pair for you—securely storing the private key while giving you the public key to complete the setup.

   1. Open a worksheet in your Snowflake console.

   2. Use the public key provided by Finout to update your Snowflake user permissions/authentication method: ALTER USER <your_username> SET RSA_PUBLIC_KEY='<public_key>';

   3. Replace <your_username> with your Snowflake username.

   4. Replace <public_key> with the public key provided by Finout.

3. Notify Support: Contact Support once you’ve added the public key so they can update the authentication method in Finout from password to key-pair.

4. Change or deactivate the password: Change or deactivate the password only after Support confirms that everything is working correctly.

Does Finout support granting nested roles in Snowflake?

No. Finout only supports roles with permissions directly assigned to them. Nested roles are not supported.

Can I connect custom cost centers via Snowflake?

Yes. You can connect custom cost centers by configuring your Snowflake integration. Use the following table structure in Snowflake to enable Finout to ingest custom data:

Where:

• SOURCE is an indication to the source cloud or system, i.e Datadog, Azure etc.

• USAGE_DATE is the date you would want to add the costs to.

• SERVICE_NAME is a sub-service within the source, COST is the cost in USD.

• METADATA is a custom key-value object for tags, optional.

How do Snowflake storage costs work?

How is storage cost per table tracked?

Storage cost per table is tracked as a daily snapshot from TABLE_STORAGE_METRICS. Each snapshot captures the cost at a specific point in time.

Will storage cost values update retroactively if something changes?

No. Storage cost values are snapshot-based, so historical data is not retroactively updated or recalculated—once captured, those values remain fixed. If a snapshot isn’t captured for any reason, storage cost data for that day will be missing and cannot be recovered.

Introduction

The FairShare Cost type is an advanced solution for the fair distribution of discounts from Reserved Instances (RIs), Spot Instances, and Savings Plans (SPs), as well as On-Demand costs, across Amazon EC2, AWS Lambda, Amazon ECS, and Compute Savings Plans, RDS, Elasticache, DynamoDB, and RedShift. Designed for organizations managing commitments centrally, it addresses the complexities of AWS’s discount allocations and provides transparency and control over cloud expenses.

Challenges and Solutions

Let’s start with a simple story…

Two brothers buy apples daily, and each apple typically costs $10. They receive a total discount allocation for both apples that equals 4$; however, the store allocates this discount randomly, which varies daily.

On the first day, Alex’s apple gets a $3 discount, costing $7, while Jon’s apple receives only a $1 discount, costing $9. While the apples are identical, the discounts applied to them vary.

The next day, the discounts are reversed: Jon’s apple gets a $2.50 discount, costing $7.50, while Alex’s apple only gets a $1.50 discount, costing $8.50. While the apples are identical, and the total discount remains the same, the discount allocation per apple varies.

This pattern continues daily, with the total discount remaining the same and the brothers buying identical apples. However, each brother sometimes pays significantly less or more for the same apple. By the end of the week, both brothers are confused—their apples are identical, but their costs fluctuate unpredictably due to the varying discounts applied each day.

The story of these two brothers mirrors the challenges faced by different development teams with identical usage in managing cloud costs, where unpredictable discount allocation creates confusion and unfair distribution, much like the fluctuating discounts on identical apples. Imagine you’ve carefully rightsized your EC2 instances, expecting a reduction in costs, but the next month’s bill unexpectedly increases. Upon closer inspection, you discover that while Reserved Instances (RIs) and Savings Plans (SPs) were applied, the distribution of these discounts varied unpredictably. Some resources received discounts on certain days but not others, causing the anticipated savings to fluctuate.

This issue is compounded by AWS’s discount allocation system, where RIs and SPs may be applied arbitrarily, sometimes with little connection to actual resource usage. For example, discounts meant for production might apply to unrelated environments, such as development, leading to inaccurate budget attribution and distorted cost tracking. This misalignment can inflate costs for the teams requiring savings and disrupt finance teams’ forecasting, budgeting, and reporting. By using FairShare Cost, teams can address these issues, ensuring more predictable and equitable discount distribution across resources.

AWS Pricing Structure Challenges:

• Random Discount Allocation:

  • AWS may arbitrarily apply RIs and SPs to your environment, often unrelated to actual resource usage.

  • Teams that don’t need specific resources might receive discounts, while those requiring savings pay full price. ​

• Misaligned Costs and Usage: ​

  • Discounts for specific workloads or environments (e.g., production) can be applied to unrelated teams (e.g., development), leading to incorrect budget attributions.

  • This misalignment distorts cloud spend tracking and creates false perceptions of departmental consumption. ​

• Inconsistent and Unpredictable Billing: ​

  • The lack of structured allocation makes forecasting cloud expenses challenging, hindering accurate budgeting.

  • Finance teams struggle to generate reliable showback reports, causing planning disruptions and financial disputes.

Story Continued…

To resolve the confusion, the brothers introduced a predictable discount system with a set price for red apples and a set price for green apples.

Red Apple Discount: The brothers buy two red apples that each get a 2$ discount costing 8$ per apple. This lowers the price of each apple from $10 to $8, ensuring consistent pricing and eliminating unexpected price fluctuations.

Green Apple Discount: After receiving the discount on red apples, the brothers also decided to buy green apples as well. All green apples share a total $3 group discount, distributed equally across the three apples so that each gets a $1 discount, reducing their price from $10 to $9.

Apples Plan: In addition to the group discounts, the store decided to add a total $10 global discount (equivalent to SP and not EDP) applied to all apples regardless of their color. Since the apples are the same size and there are a total of 5 apples, the global discount of $10 is distributed equally, resulting in a $2 discount per apple.

Summary of final apple prices:

The brothers finally have a fair and predictable discount allocation for all apples.

Red Apples:

• Group Discount: $2 per apple (from the $4 total group discount distributed evenly across all 2 red apples, $4 ÷ 2 = $2 each)

• Global Discount: $2 per apple (from the $10 total global discount distributed evenly across all 5 apples, $10 ÷ 5 = $2 each)

• Final Price: $10 - $2 (Group) - $2 (Global) = $6 per red apple

Green Apples:

• Group Discount: $1 per apple (from the $3 total group discount distributed evenly across all 3 green apples, $3 ÷ 3 = $1 each)

• Global Discount: $2 per apple (from the $10 total global discount distributed evenly across all 5 apples, $10 ÷ 5 = $2 each)

• Final Price: $10 - $1 (Group) - $2 (Global) = $7 per red apple

Both brothers now enjoy a stable, predictable cost structure for their apples. The total discount is permanent, and with the new system, the allocation is also predictable. Similarly, Finout’s FairShare Cost model offers a solution to the AWS discount confusion by providing consistent discount allocation across Amazon EC2, AWS Lambda, Amazon ECS, Compute Savings Plans, RDS, Elasticache, DynamoDB, and RedShift. Each resource will get a fair share of its eligible discounts (RIs, Spot Instances, and Savings Plans) based on usage. This helps teams track and optimize cloud spending without surprises, providing the same predictability and stability the friends now experience with their apples.

FairShare Cost Solutions:

• Analyze the Past - Showback and Chargeback: ​ You gain a transparent and accurate view of cloud costs, with each team or service being charged based on actual usage, free from the distortions caused by arbitrary discount allocations.

  • Eliminates anomalies and false positives

  • Simplifies analysis of historical spending patterns

  • Provides accurate and actionable cost insights ​

• Plan the Future - Modern Financial Planning: ​ FairShare Cost allocation ensures that no team benefits unfairly from discounts intended for other workloads, aligning costs with usage and fostering accountability across departments.

  • Aligns costs with actual usage

  • Enhances predictability in billing

  • Supports precise budget planning and resource allocation ​

• FinOps Adoption - A Core Product Value : ​ Structured and predictable cost allocation enables finance teams to generate reliable reports and forecasts, enabling better budgeting and planning.

  • Simplifies cost models for clarity

  • Reduces organizational noise

  • Fosters cross-team collaboration with a shared language

FairShare and Amortized Cost Comparison

An apple stand sells red and green apples. Each type of apple has unique qualities, and discounts need to be allocated fairly across both types according to specific criteria.

This scenario, along with the various commitment combination types, highlights the similarities and differences between FairShare and Amortized costs, using an apple as a metaphor for a resource.

There are four types of commitment combinations in cost calculations: No Commitments, Group Commitments Only, Global Commitments Only, and Group and Global Commitments, each defining how FairShare and AWS Amortized costs are applied based on eligible discounts and allocation methods.

1. No Commitments ​

   Scenario continued:

   Both red and green apples are sold at a standard price of $10, without special discounts or commitments. Both apple groups have the same discount, with no adjustments for specific requirements or categories.

   Explanation:

   All resource costs are calculated on an On-Demand basis (no discount applied). The FairShare cost and the AWS Amortized cost are the same.
2. Group Commitments Only ​ ​Scenario continued: Only red apples receive a special discount, reducing their cost over time through a prepaid commitment. This discount is divided evenly among all red apples, ensuring each one benefits equally. Green apples, however, continue to be sold at the public price of $10 with no discount applied. ​ ​Explanation: Resources with group commitments receive eligible discounts, allocated by the usage ratio calculated through the FairShare cost type (group allocation), while all other resources are calculated at the On-Demand rate (which have no discount). Groups that receive a discount will show different FairShare and Amortized costs, while groups without a discount will have equal FairShare and Amortized costs, reflecting the on-demand rate.
3. Global Commitments Only

   Note:​ Not including EDP

   Scenario continued: A general discount is applied to all apples. ​ ​Explanation: All resources are calculated using the Fairshare cost calculation (global allocation calculation) and receive their relative discount according to usage. The Fairshare cost for individual resource groups may differ from the AWS Amortized cost but the total price of all resources together will be the same for both cost types.
4. Group Commitments and Global Commitments ​ ​Scenario continued: The store gave a discount to all the apples and also an additional discount to each apple type. ​ ​Explanation: All resources are calculated using the Fairshare cost calculation by both Reserved Instances (RIs) and Savings Plans (SPs) allocation, according to the eligible discounts. The Fairshare cost for individual resource groups may differ from the AWS Amortized cost but the total price of all resources together will be the same for both cost types.

Summary of Fairshare Cost and AWS Amortized Cost Comparison:

The Fairshare cost for individual resource groups may differ from the AWS Amortized cost. Still, the total price of all resources combined will remain the same for both cost types because the total discount is the same; it’s allocated differently between these cost types.

​Visualization of Finout’s Fairshare vs. AWS’s Net Amortized cost allocation:

Using Fairshare, you can accurately allocate 100% of each discount to its owner, making showback and chargeback straightforward and efficient.

Use Cases

Inconsistent discount allocation in AWS cloud services presents challenges for organizations across various roles. When Reserved Instances (RIs), Savings Plans (SPs), and Spot Instance discounts are applied unpredictably, it disrupts accurate financial reporting, stable budgeting, and reliable cost tracking. For FinOps managers, finance leaders, developers, and DevOps engineers alike, these fluctuations can lead to inefficiencies and budget disputes, making optimizing and managing cloud costs challenging. The following use cases illustrate how unpredictable AWS discount distribution impacts each role and highlight the need for a consistent cost allocation model.

FinOps

Use Case: Ensuring Accurate Showback and Chargeback Reporting

As a FinOps manager, I’m responsible for generating accurate showback and chargeback reports for each team based on their cloud usage. This reporting helps allocate costs fairly and allows teams to track their spending against their budget. However, AWS’s unpredictable discount allocations, where RIs and SPs may apply randomly to different resources, cause inconsistencies in the cost data. For instance, in one month, Team A’s instances received discounts that Team B’s identical instances didn’t receive, making it appear that Team A’s costs are lower despite similar usage. This creates disputes between teams and makes it challenging to allocate budgets fairly, requiring manual adjustments and reducing the accuracy of our financial reports.

Finance

Use Case: Forecasting Cloud Expenses for Budget Planning

As a finance manager, I need reliable cost data to forecast expenses and plan budgets accurately. However, AWS’s fluctuating discount allocations make this problematic. For example, when preparing the quarterly budget, I notice that cloud spending in one month was significantly lower than in the next, despite stable usage. After investigating, I found that the first month benefited from more RI and SP discounts than the second. These unpredictable shifts mean that projected costs can deviate widely from actual cost, complicating financial planning and making it harder to meet budget goals.

Development

Use Case: Tracking Cost Savings Through Instance Rightsizing

As a developer focused on reducing my team’s EC2 costs, I regularly rightsize instances to match cloud usage better. I recently adjusted our instances, expecting a drop in costs for the following month. To my surprise, the costs remained high and sometimes even increased. After investigating, I found that AWS had inconsistently applied RI and SP discounts to our resources, with some instances receiving discounts and others not, despite identical configurations. This inconsistency makes it challenging to assess the impact of my optimization efforts and accurately communicate cost savings to my manager.

DevOps

Use Case: Stabilizing Cloud Costs for Resource Optimization

As a DevOps engineer, I aim to stabilize cloud costs by monitoring usage and adjusting resources as needed. However, AWS’s variable discount allocations make this problematic. For instance, I track our EC2 usage closely, but in one week, our costs spike without any change in demand. Upon investigation, I found that fewer instances received RI or SP discounts that week compared to the previous one. This irregularity in discount distribution complicates my cost management efforts, as it’s hard to pinpoint actual areas for optimization when costs fluctuate unpredictably.

How Does It Work?

The FairShare Cost cost type is built to allocate cloud discounts fairly and accurately, ensuring that each resource receives the appropriate cost reductions based on usage and eligible commitments. This sophisticated cost type guarantees that discounts from Reserved Instances (RIs), Spot Instances, Savings Plans (SPs), and On-Demand costs are distributed equitably across all relevant resources. It addresses the complexities of AWS pricing mechanisms by clearly defining how different types of cost commitments are applied across various services.

FairShare Cost Calculation

1. Commitment and Discount Categorization:

   Finout categorizes resource discounts into two types: Group and Global Commitments:

• Group-Level Discounts: These include Reserved Instances (RIs) and Spot Instances, which are applied to specific groups of resources sharing attributes such as region, operating system, instance type, and size. For example, if RIs are purchased for EC2 instances in a specific region and instance type, only those instances will benefit from the discount. Finout ensures that these group-level discounts are distributed proportionally across all resources within the group that meet the eligibility criteria, preventing unrelated resources from receiving unintended discounts.

• Global Discounts: These include Savings Plans (SPs) and On-Demand, which are applied across all relevant resources, regardless of region or OS. SPs offer flexible discounts that cover multiple services, such as EC2, Lambda, and Fargate. Finout ensures that these global discounts are distributed proportionally based on the actual usage of each resource, ensuring fairness and transparency across all services.

1. Resource Usage Share: After identifying a resource's group and global commitments, Finout divides the discount for each resource by the resource usage.

• Relative Group Cost - measures how much the resource contributes to the total on-demand cost within its specific group (e.g., region or instance type). ​Formula: Relative Group Cost = resource’s on-demand rate / on-demand group cost

• Relative Global Cost - shows the resource's contribution to the total on-demand cost across all groups and services globally. ​Formula: Relative Global Cost = resource’s on-demand rate / on-demand total cost ​

1. Fair Discounts Allocation:

This ensures the discounted costs account for eligible discounts and the relative usage.After configuring the relative cost, FInout multiples the relative cost by the resource commitments, having the discounted cost consider the eligible discounts and the relative usage. ​

• Group Allocation - Combines group-level commitment and relative group cost to represent the adjusted or allocated cost at the group level. ​Formula: Group Level Commitments × Relative Group Cost

• Global Allocation - Combines global-level commitment and relative global cost to represent the adjusted or allocated cost at the global level. ​Formula: Global Level Commitments × Relative Global Cost

1. FairShare Cost: Combines the Group and Global allocation as the resource can benefit from both discounts.

Formula: (Relative Group Cost × Group-Level Commitments) + (Relative Global Cost × Global Commitments)

Net FairShare Formula: (Relative Group Net Cost × Group-Level Commitments) + (Relative Global Net Cost × Global Commitments)

Technical Use Case

Resources

Group A (us-west-1, Linux, m5.large):

• 10 On-Demand EC2 instances

• 5 Spot Instances at $0.25 per hour

• On-Demand Rate: $1 per hour

- Cost Breakdown:

• On-Demand Group Cost (Group A): -For 10 on-demand instances, the total cost is: $1 * 10 = $10.00 per hour -The 5 spot instances cost: $0.25 * 5 = $1.25 per hour Total On-Demand Cost for Group A = $10.00 + $1.25 = $11.25 per hour ​

Group B (us-east-1, Windows, t3.medium): ​

• 15 On-Demand EC2 instances

• On-Demand Rate: $1.20 per hour

-Cost Breakdown:

• On-Demand Group Cost (Group B): Total On-demand cost for 15 instances is: $1.20 * 15 = $18.00 per hour

​Lambda Functions:

• 20 Lambda functions across multiple regions

• On-Demand Rate: $0.15 per function invocation

Cost Breakdown:

• On-Demand Group Cost (Lambda): Total cost for 20 Lambda invocations instances is: $0.15 * 20 = $3.00

​Total On-Demand Cost = $11.25 + $18.00 + $3.00 = $32.25

Commitments

• Reserved Instances (RIs): 5 RIs for Group A, 7 RIs for Group B

• Spot Instances: 5 Spot instances for Group A

• Savings Plans (SPs): A global savings plan covering both EC2 instances and Lambda functions, with a $5/hr commitment ​

FairShare Cost Calculation for a Resource in Group A

Global Commitments:

• On-Demand Cost (globally): On-demand cost for Group A: $5.00 On-demand cost for Group B: $9.60 Total On-Demand Global Cost = $5.00 + $9.60 = $14.60

Total Savings Plan Commitments = $5.00

Relative Group Cost:

• RI Cost for Group A: Total RI commitment cost = $2.00 (for 5 RIs) Discount: 60% discount applied, so cost per hour = $0.40/hr

• Spot Cost for Group A: Total Spot commitment cost = $1.25 (for 5 Spot instances) Discount: 75% discount applied, so cost per hour = $0.25/hr

Discount Allocation:

• Relative Group Cost (for Group A) = On-Demand rate / On-Demand group cost = $1 / $11.25 = 0.0889 (Relative cost for Group A)

• Relative Global Cost = On-Demand rate / Total On-Demand cost = $1 / $32.25 = 0.0310 (Relative global cost)

FairShare Calculation Group A

FairShare Cost for Group A = 0.896 per hour ​ ​

FairShare Cost Calculation for a Resource in Group B

Relative Group Cost:

• RI Cost for Group B: Total RI commitment cost = $3.50 (for 7 RIs) Discount: 41.6% discount applied, so cost per hour = $0.50/hr

• Global Commitments: Same total global on-demand cost of $14.60 as Group A

Discount Allocation:

• Relative Group Cost (for Group B) = On-Demand rate / On-Demand group cost = $1.20 / $18 = 0.0667

• Relative Global Cost = On-Demand rate / Total On-Demand cost = $1.20 / $32.25 = 0.0372

FairShare Calculation Group B:

FairShare Cost for Group B = 0.886 per hour

FAQs

Does FairShare support Kubernetes (K8s) costs?

K8s costs in FairShare are supported only for AWS, with costs allocated to a node’s pods proportionally based on their usage within the same hour.

What is the difference between FairShare and Net FairShare cost types?

FairShare Cost includes both Group and Global allocation, but AWS refunds (e.g., PrivateRateDiscount) are treated as separate billing rows and excluded from the formula. Net FairShare cost types, on the other hand, incorporates AWS refunds directly into the cost of each service before applying the FairShare formula.

On-Demand vs. Commitment Costs

Datadog on-demand costs

These represent pay-as-you-go expenses, accruing and displaying on the relevant days when on-demand usage occurs.

Datadog commitment costs

Commitment costs are usually displayed on the 1st of every month, while on-demand costs will be presented on the day they occur.

Commitment costs can be categorized into different models:

• Usage-based- In this model, your commitment costs are based on a predetermined “bank” of usage. Once you run out of your usage, on-demand charges kick in.

• Host/ Hourly commitment- An hourly commitment is set, beyond which on-demand rates are applicable.

Finout’s Model for Commitment Costs Across the Month

API Cost (“Unblended Costs”)

Unblended costs represent the expenses as received from Datadog. In the case of commitments, these are shown on the 1st of the month, while on-demand costs are displayed on the relevant day of usage.

“Amortized” Costs

• Usage-based- Finout’s algorithm calculates daily costs based on usage, adapting the rate based on historical and current monthly data. Since the discounted rate isn't reflected in the API and may vary, Finout's dynamic adjustment, leveraging the data received through the APIs, ensures the most current and precise cost representation.
• Host- The commitment is evenly divided across the month's total hours, ensuring a consistent and understandable cost breakdown.

Reasoning for Infra host, APM hosts, and Timeseries cost spikes on the 1st of the month

2. Timeseries (custom metrics)- The billable count for custom metrics is determined by averaging the number of custom metric hours over the month. Your monthly billable count for custom metrics (reflected on the Usage page) is calculated by taking the total of all distinct custom metrics recorded each hour throughout the month and dividing this month’s cumulative hours to receive a monthly average value.

Overview

The Finout Microsoft Teams integration allows your organization to seamlessly send reports and Anomalies alerts directly from the Finout platform to your organization Microsoft Teams channels. This document outlines the steps required to set up and manage this integration, ensuring that your teams can efficiently be notified and get the relevant information they need from Finout.

Prerequisites

Before starting the integration process, ensure the following prerequisites are met:

• Consistent Tenant
• App Installation Permissions

Integration WorkFlow

Step 1: Initiate Integration from Finout

1. Navigate to the Integrations tab:

• Log in to your Finout account and go to Settings > Integrations tab.

• Locate the Microsoft Teams integration box and click on Connect.

1. Sign in to Microsoft:

• You will be redirected to Microsoft’s sign-in page. Enter your Microsoft credentials and grant the necessary permissions to Finout.

• The required permission is User.Read, set to Delegated.

3. Complete the Integration:

• After clicking Accept, you will be redirected back to Finout. You will now see that Microsoft Teams is successfully integrated with your Finout account.

Step 2: Install Finout Application on Microsoft Teams

Install the Finout App:

• Start by selecting a standard (public) channel for the app installation. This channel will serve as the primary channel for the bot, as Teams requires each app to have a primary channel, which must be a standard channel.

  Note: Once the app is installed, the bot will automatically have access to all public within the selected Team, based on your organization's security policy, not just the channel where the bot was initially installed.

Step 3: Setup Notification Endpoints

• After installing the Finout app, the channel where the bot is installed will send a welcome message, and all the channels in the Team will appear as endpoints in Finout automatically.

FAQ

How does Microsoft Teams channel work with Endpoint Metadata?

• All public channels in a Team will automatically mapped to an endpoint ID in Finout.

• You can then assign each endpoint ID to the relevant virtual tag value through the virtual tag metadata API.

I completed the integration and installed the app in Teams, but I still can't see any channels in Finout. What should I do? ​ Ensure that you complete the integration setup in Finout before installing the Finout app in Teams. If you installed the app in Teams first, try the following steps:

1. Delete Finout app from Teams.

2. Reinstall Finout app in Teams.

What happens if the person who accepted the permission request on the AD side leaves the company? The integration will continue to function without interruption.

Does Finout create any resources for the client’s tenant? No, Finout does not create any data or resources in the tenant's account. We only store basic information about the logged-in user.

Security Considerations

• OAuth 2.0 Authentication: The integration uses OAuth 2.0 for secure authentication between Finout and Microsoft Teams, ensuring your data is protected during integration.

• Permissions Management: Finout requires specific permissions within your Microsoft Teams environment to function correctly. These permissions are limited to the necessary scope, ensuring that your organization maintains control over its data.

You can connect to custom cost centers in addition to the native cost centers supported by Finout. This can be done in the following two ways: CSV - Connect custom cost centers using CSV format in a container that can be read, such as an S3 bucket.

Snowflake - Connect custom cost centers using the Snowflake table containing cost data.

Connect Custom Cost Centers via CSV

The CSV format we support is based on three main columns:

"UsageDate","ServiceName","Cost"

• UsageDate - YYYY-MM-DD - The day the cost incurred

• ServiceName - String - The name of the cost, the way you want it to appear in Finout

• Cost - double - the cost in dollars

For example:

"UsageDate","ServiceName","Cost"

"2022-06-07","Servers","12.12"

"2022-06-07","Storage","6.22"

"2022-06-08","Network","0.05"

With this custom integration, you can make more complicated integrations and add metadata fields as well.

Connect Custom Cost Centers Via Snowflake

The following table structure in Snowflake could be used for us to ingest custom data from:

create or replace TABLE FINOUT_COST_EXPORT ( SOURCE VARCHAR(100), USAGE_DATE DATE, SERVICE_NAME VARCHAR(1000), COST FLOAT, METADATA OBJECT );

Where:

• SOURCE is an indication to the source cloud or system, i.e Datadog, Azure etc.

• USAGE_DATE is the date you would want to add the costs to.

• SERVICE_NAME is a sub-service within the source, COST is the cost in USD.

• METADATA is a custom key-value object for tags, optional.

Basic Datadog Integration

Finout’s most basic offering. Add your Datadog’s product cost to Finout’s MegaBill with breakdowns by, sub-products, regions, and organizations.

Finout supports all Datadog products.

Required scopes: usage_read

Enhanced Datadog Integration- Cost Per Tag Visibility

With this advanced integration level, you can add cost-per-tag visibility to the Finout MegaBill. By incorporating product tags, you can access a more comprehensive breakdown of your Datadog Logs and Timeseries products, facilitating precise cost attribution to these services.

Two groups of tags can be added to Finout:

• Default Datadog set of tags per product

  For example, the tags for Indexed Log- "service", "status", "datadog_index"

  Required scopes: metrics_read, timeseries_query

• Custom tags set by the customer

  Customers have the freedom to set their own custom tags. Our process is designed to dynamically resolve tag values based on customer specifications. In cases where resolution is unsuccessful, Finout utilizes its default tag set as a fallback option.

  Required scopes: not scoped

Enhanced Datadog Integration - CostGuard

Finout enables you to effortlessly access out-of-the-box actionable cost optimizations and insights for your Datadog usage via the CostGuard product.

Required scopes: monitor_read, dashboard_read

Enhanced Datadog Integration- Kubernetes Cost and Unit Metrics

Required scopes: not scoped

Overview

To integrate Finout with your ServiceNow instance, designate a user account that Finout will use to make API calls on your behalf. This ensures smooth and secure communication between Finout and your ServiceNow instance.

ServiceNow Configuration Workflow:

1. Choose a User for the Integration

1. In ServiceNow, create or use a dedicated user with the appropriate ACL permission to read incident metadata fields and create incidents. The user should have the following read ACL permissions:

   1. sys_db_object

   2. sys_db_object.*

   3. sys_dictionary

   4. sys_dictionary.*

   5. sys_glide_object

2. OAuth Authentication

To enable your instance to receive inbound calls from our service, create an OAuth application within your instance to initiate a token exchange process. Follow these steps to set it up:

3. Fill in the following fields:

   1. Name: <ANY>

   2. Client Type: Integration as a service

      Note: Make sure to leave the Redirect URL and Logo URL empty.
4. Press Submit. You will be redirected to the list of all available apps.

5. Navigate to the app that you created and press the lock icon next to the Client Secret field. This will reveal the Client secret, which you will need to provide to Finout later.
6. In Finout, fill in the following information:

   1. ServiceNow Instance URL

   2. ServiceNow Client ID

   3. ServiceNow Client Secret

   4. ServiceNow User Name

   5. ServiceNow User Password

3. ServiceNow Configuration in Finout

1. In Finout, navigate to Settings > Integrations.

   Note: You can connect with only one instance.
2. Click Add Integration.
3. Under ServiceNow, click Connect Now. The ServiceNow Integration wizard appears.

   1. Enter your ServiceNow Instance URL.

   2. Enter the Client ID from the ServiceNow OAuth application.

   3. Enter the Client secret associated with the ServiceNow OAuth application.

   4. Enter the ServiceNow User name for Authentication.

      Note: The user should have the following read ACL permissions:

      1. sys_db_object

      2. sys_db_object.*

      3. sys_dictionary

      4. sys_dictionary.*

      5. sys_glide_object

   5. Enter the password for the specified ServiceNow user.

4. Click Connect.

   ServiceNow is now connected.

FAQs

How many ServiceNow instances can I connect?

Only one ServiceNow instance.

Can I use the integration if I don't create endpoints?

No, you must have endpoints configured to use the ServiceNow integration.

What happens if the integration is deleted? It will be deleted along with all associated ServiceNow endpoints.

Why are no fields available for selection in the “Additional Fields” dropdown when creating an endpoint?

The integration user lacks authorization and requires the following read ACL permissions:

• sys_db_object

• sys_db_object.*

• sys_dictionary

• sys_dictionary.*

• sys_glide_object

What are Usage Attribution Tags (UAT)?

Integration Types: UAT (Recommended) and Custom Tags

Finout supports two Datadog integrations: UAT Integration (recommended) and Custom Tags Integration. UAT Integration provides detailed cost and usage breakdowns using Usage Attribution Tags, Datadog organizations, and regions, ensuring accurate data across all Finout features. At the same time, Custom Tags Integration retrieves only cost data based on user-defined tags, which can vary across products.

Key Benefits of Datadog UAT Integration:

• Datadog Usage: Easily track and analyze your Datadog usage with full support for fetching, presenting, and breaking down usage data by tags for deeper cost insights.

• Accurate Cost and Usage Allocation – UAT uses Datadog's native cost and usage allocation, eliminating guesswork and ensuring accurate and reliable cost distribution.

• Deeper Insights with Additional Breakdown Options – Beyond UATs, you can also segment data by organizations and regions for a clearer financial picture.

• Consistent and Standardized Reporting – Unlike custom tags, which vary by product, UAT provides a uniform and structured breakdown across organizations, sub-organizations, and regions.

Prerequisites

• UAT Integration is available only for Datadog Enterprise accounts. If your account is not on an Enterprise plan, you can use the Custom Tags integration instead.

• Your Usage Attribution Tags must be tagged at the parent organization level with an enterprise account in Datadog.

Datadog supports data breakdown by UATs, organizations, and regions for the following products:

• APM Fargate

• APM Host

• APM Trace Search

• Application Security Host

• CI Pipeline

• CI Pipeline Indexed Spans

• CI Test Indexed Spans

• Custom Event

• CWS Host

• Database Monitoring (DBM) Host

• Database Monitoring (DBM) Normalized Queries

• Fargate Container

• Fargate Container Profiler

• Infrastructure Container

• Infrastructure Host

• Ingested Spans

• Ingested Timeseries

• Lambda Function

• Logs Indexed (15 Days)

• Logs Indexed (180 Days)

• Logs Indexed (30 Days)

• Logs Indexed (3 Days)

• Logs Indexed (7 Days)

• Logs Indexed (90 Days)

• Logs Ingested

• Network Performance Monitoring (NPM) Host

• Online Archive

• Profiler Container

• Profiler Host

• RUM Replays

• RUM Lite

• Sensitive Data Scanner

• Serverless Invocation

• Security Information and Event Management (SIEM)

• Synthetics API Tests

• Synthetics Application Testing

• Synthetics Browser Checks

• Timeseries

How Does UAT Work?

Usage Attribution Tags (UATs) in Datadog enable cost and usage breakdown by parent account's UATs, organizations (including sub-organizations), and regions. Finout retrieves tags based on the parent organization and categorizes costs and usage accordingly. If sub-organizations use the same tags as the parent organization, their data can be broken down using these tags. However, if sub-organization tags differ from the parent organization's, data will be categorized as "N/A" when filtering/grouping by the parent’s tags, as breakdowns by sub-organization tags are not yet supported.

How can UAT be used in Finout?

Use case: UAT in MegaBill

In Finout's MegaBill, you can view Datadog cost and usage data by grouping resources based on your UATs, organizations, or regions. This offers detailed insights into your Datadog's cost and usage. This analysis extends across features like Virtual Tags, Widgets, and Views, enabling better-informed decisions for optimizing cost management. Additionally, it improves your showback reports, providing clearer visibility into cost allocation and accountability.

Applying group-by for teams (where "team" is one of the accounts UATs):

Daily Datadog team cost for the last seven days:

Daily Datadog team usage for the last seven days:

Finout’s Kubernetes integration brings powerful cost visibility and optimization to your containerized workloads. Finout provides granular insights into resource utilization and costs by connecting directly to your Kubernetes clusters, enabling precise allocation and optimization across namespaces, pods, and workloads. Transform your Kubernetes environment into a cost-efficient, fully transparent part of your cloud strategy.

This topis covers the following topics:

Overview

The Credentials Vault is a secure tool for sharing sensitive credentials with Finout. It ensures your secrets are transmitted and stored safely. To use it, simply upload your credentials and contact Finout support with clear instructions on what actions you'd like them to take with the provided information.

Credentials Vault Creation

1. In Finout, navigate to Settings.
2. Select Cost Centers and then click Add cost center. You are brought to the Connect Accounts step.
3. Select Credential Vault. The Credential Vault creation appears.
4. Add your JSON key and Secret, and then click Next. The Credential Vault is created.

5. Contact Finout support at support@finout.io with clear instructions on what actions you'd like them to take with the provided information.

Telemetry refers to any data measurements that users intend to incorporate into Finout. This includes any metrics or data points that can be leveraged to enhance insights, enable monitoring, or assist in managing costs within the platform.

When preparing your telemetry data for Finout, ensure your input can support the following format, which includes three main attribute types: Date, Metadata, and Metric.

If the data can be integrated into Finout using this format, it can be used as a telemetry source in Finout’s abilities.

Utilizing Telemetry Data for Shared Cost Breakdown

One of the major advantages of Finout’s telemetry data integration is its ability to provide detailed allocation and breakdown of shared costs, beyond the resource level. This capability is especially important for breaking down multi-tenant use cases (such as cost per development team or cost per customer) that are not easily attributed to their right destinations. It addresses the challenge of expenses that lack granularity from cloud service providers, such as EC2 data transfers or database instances utilized by several tenants (teams/customers).

With Finout's advanced capabilities, users achieve a more granular reallocation of costs beyond basic resource levels, enabling deeper cloud cost analysis and management.

Methods for Integrating Telemetry Data into Finout

To integrate your telemetry data with Finout effectively, please utilize one of the supported methods listed below. This can be done through external telemetry sources or internally through Finout.

External Telemetry Sources

• Snowflake - Connect your Snowflake data warehouse directly with Finout. Documentation is coming soon.

• Prometheus - For systems monitored by Prometheus, leverage this integration to forward metrics directly to Finout. This is supported only for accounts with K8s environments that are monitored using Prometheus. After integrating successfully, Finout collects the relevant metrics. Documentation is coming soon.

Internal Telemetry Sources

Integrating your telemetry data into Finout using a S3 bucket of your choosing, requires setting up a consistent export process to an S3 bucket, for which Finout has been granted read access. This ensures that Finout can retrieve and process your data, which should be structured to include a daily timestamp, the telemetry value for each day, and the granularity of the data collected.

1. Generate CSV Export

Generate a daily CSV export by selecting from two approaches for your CSV exports:

1. Maintain a single CSV that receives updates daily with new data entries.

2. Create a new CSV file for each day's telemetry data.

We recommend opting for the second option, which is creating a distinct CSV file for each day's telemetry data.

2. Prepare CSV Format

When preparing your telemetry data for Finout, ensure your CSV files follow the required format, which includes three main column types: Date, Metadata, and Telemetry.

Example:

In this example, we will supply the mandatory columns date (“date") and telemetry (“bytes") together with an optional metadata column “teamname”.

"date","teamname","bytes"

"2022-06-07","Servers","12.12"

"2022-06-07","Storage","6.22"

"2022-06-08","Network","0.05"

Date = date

teamname = metadata

Bytes = telemetry

3. Create a Folder in the Bucket

Create a separate folder within the bucket for each telemetry integration. This setup allows you to easily reuse permissions for sending other telemetries using the same integration.

4. Set up an S3 Bucket

Set up an S3 bucket. Ensure the bucket is properly configured to store and manage your data securely.

I want to use an S3 bucket already being accessed by Finout

If an S3 bucket is already linked to Finout for the AWS Cost and Usage Report (CUR) or a previous telemetry integration, you can utilize the same S3 bucket and ARN role. The role and bucket details will auto-populate in the Finout console (in the cost center integrations page). In this case, proceed directly to step 5.

I want to set up a new S3 bucket for telemetry-based export

For setting up a new S3 bucket or if you haven't configured one yet, follow the instructions below to grant Finout access to your S3 bucket.

Grant Finout access to an S3 bucket

After creating the daily export, you need to grant Finout access to your export bucket by creating an IAM role that will have read access to the daily export.

1. Copy your “external-id” from the Finout console, or use a random one, preferably in the format of finout-XXXXXXX.

3. Enter the AWS Account ID associated with the S3 bucket in the Account ID field.

4. Choose the option to Require external ID and input the “external-id” you got from the Finout console.
5. Click Next until you reach the review screen. ​

6. Configure the review as shown below, with one exception: the role name should be: FinoutMetricsReadOnlyRole (unlike in the screenshot below).
7. Go to your newly created role. ​

8. Copy the Role ARN and paste it into the Finout console.

9. Click Add permissions and select Create inline policy.
10. Select JSON, and insert the following. Replace the <BUCKET_NAME> with the name of your newly created bucket or your existing CUR bucket:

    Copy

    "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "tag:GetTagKeys"
                ],
                "Resource": "*"
            },
            {
                "Effect": "Allow",
                "Action": [
                    "s3:Get*",
                    "s3:List*"
                ],
                "Resource": "arn:aws:s3:::<BUCKET_NAME>/*"
            },
            {
                "Effect": "Allow",
                "Action": [
                    "s3:Get*",
                    "s3:List*"
                ],
                "Resource": "arn:aws:s3:::<BUCKET_NAME>"
            }
        ]
    }

11. Click Next until you reach the review screen, and name the policy finest-access-policy_telemetry_export (or choose your own name).