FinOps in Practice: Optimizing Cloud Value with AWS, CloudCheckr, and Veeam

More than two years ago I started working with FinOps, supporting organizations in generating value from public cloud mainly AWS.
In this post, the critical mission of FinOps is to add value to the cloud. AWS.
But this mission can be executed in private cloud, public cloud, or on-premises environments.
I share a practical view of the solutions I have used, the lessons learned, and how some barriers were overcome in practice.

Summary:

• FinOps Foundation Framework
• CloudCheckr

1. Monitoring & Auditing
2. Cost Management
3. Cost Optimization & Efficiency (FinOps)
4. Resilience, Backup & High Availability

• How the area helps the Backup Engineer
• Backup Cost Visibility (Veeam for AWS)
• Highly valuable events
• AWS Summit – 2024
• IBM FinOps Day – 2024
• Market Reference – Gartner (Macro View)
• Certifications
• Community

• Framework
All customers have different services, but they share a very similar essential foundation.
The FinOps framework adapts differently to each infrastructure stack. Today, we use the following framework:

Learn more about the Framework here:
FinOps Framework

“FinOps is an operational framework and cultural practice which maximizes the business value of technology, enables timely data-driven decision making, and creates financial accountability through collaboration between engineering, finance, and business teams.”

• CloudCheckr

It has been one of the tools I have used the most during this period.
Over time, it became essential for providing visibility and control over cloud costs.

• Monitoring & Auditing (Logging and Alerts)
  CloudCheckr identifies gaps in detecting critical changes in the AWS environment, ensuring visibility and fast response to sensitive events.

  Examples of recommendations:
  • Lack of Log Metric Filters and alarms for AWS Organizations changes
  • Lack of monitoring for Network ACL (NACL) changes
  • Changes in Network Gateways without alerting
  • Modifications in CloudTrail without detection mechanisms configured
  • Scheduled deletion or disabling of KMS keys without alerts
  • Lack of integration between CloudTrail and CloudWatch for critical events
  • Absence of alerts for sensitive administrative actions
  • Logs generated without proactive notifications (SNS/EventBridge)

• Cost Optimization & Efficiency (FinOps)

CloudCheckr identifies opportunities for cost reduction and resource optimization in AWS, helping maximize budget usage and eliminate waste.

Examples of recommendations:
• Idle resources generating unnecessary costs (e.g., EC2 without effective usage)
• Provisioned but underutilized services without capacity adjustment
• Unused resources still active in the account
• Lack of shutdown strategy for non-production hours
• No usage of Reserved Instances or Savings Plans
• Reserved purchasing opportunities for predictable workloads
• Old resources maintained without operational justification
• Lack of governance over consumption per environment or application

Identification of Savings Plan opportunities to reduce recurring costs
• Analysis of stable consumption without reservation coverage
• Replacement of On-Demand model with long-term commitment

• Operational Efficiency & Architecture Best Practices

CloudCheckr identifies inconsistencies in AWS service configurations and underutilized resources, helping improve performance, governance, and adherence to best practices.

Examples of recommendations:
• EC2 instances not EBS-optimized (impacting I/O performance)
• DynamoDB tables with low read utilization (overprovisioning)
• Underutilized ElastiCache nodes generating unnecessary cost
• CloudFront distributions without logging enabled, reducing visibility
• Database Security Groups without associated instances
• EC2/VPC Security Groups without associated resources (orphaned)
• Lack of governance and cleanup of unused resources
• Configurations misaligned with AWS architecture best practices

• Resilience, Backup & High Availability

CloudCheckr identifies risks related to data protection and business continuity, ensuring workloads are prepared for failures, accidental deletions, and downtime.

Examples of recommendations:
• EBS volumes without snapshots (direct data loss risk)
• EBS volumes without recent snapshots (outdated backup)
• EC2 instances without termination protection enabled
• Environments without multi-AZ deployment
• Lack of automated backup and retention strategy
• Critical resources without defined recovery (DR) policies
• Low maturity in business continuity (BCP)
• Workloads not prepared for availability zone failures

• How the FinOps area helps the Backup Engineer

In the previous example, we found:
• EBS volumes without snapshots (direct data loss risk)
• EBS volumes without recent snapshots (outdated backup)
• Insufficient backup retention policies (e.g., retention under 30 days)

The area directly contributes to validating backup compliance by ensuring not only that backups are enabled, but that they follow proper retention, execution, and consistency policies across services.

Here, CloudCheckr validates that RDS automatic backups are properly configured. In other words, this specific risk is already covered in the environment.

It validates whether there were failures in the last EMR/HBase cluster backup and in this case, it is healthy, meaning no execution failures were identified.

Additionally, CloudCheckr not only identifies protection gaps but also guides corrective actions in a practical way, such as creating snapshots for volumes without recent or existing backups. In some cases, recommendations include safe operational steps like stopping the instance, creating the snapshot, and restarting the environment, ensuring data consistency and supporting compliance and best practices.

• Backup Cost Visibility (Veeam for AWS)

Veeam Backup for AWS allows estimating the cost of the backup strategy clearly and in advance, providing financial predictability before implementation.

Examples of benefits:
• Detailed cost estimation per configured backup policy
• Cost visibility by component (snapshots, replicas, traffic, transactions)
• Calculation based on frequency and retention defined in scheduling
• Identification of financial impact before production deployment
• Support for decision-making between different protection strategies
• Greater control over AWS backup operational costs
• Reduced surprises in the monthly bill

(Exclusive video about Veeam for AWS)

Snapshots: $0.30
Replicas: $0.28
Traffic: $0.21
Estimated total: $0.80/month

Available here:

This illustration represents how little of data protection is typically addressed within FinOps initiatives in this post.
Most of what is discussed usually focuses on cost visibility and optimization, while a much deeper and critical layer  data protection and backup governance  remains below the surface.

In an upcoming post, I will dedicate a deeper dive specifically to this topic: FinOps applied to Data Protection.

• Highly valuable events

I had the opportunity to participate in some events related to this new and rapidly evolving area.

AWS Summit – 2024
Full post:

AWS Summit

Post highlight:
Itaú success case (FinOps)

In less than two years, Itaú bank reached an advanced level of Corporate Financial Management (CFM) in Latin America.

A session presented by Augusto Stracieri (Itaú) on optimization and better use of resources, architecture and application review, process automation (Gen AI), and cultural dissemination within the organization.

Topics covered:
1- Definition of business cases and metrics (KPIs/OKRs) considering engineering and business;
2- Shared cost accountability culture;
3- Centralization of automation for efficiency optimization;
4- Governance and cost visibility with end-to-end FinOps, including showback/chargeback models.

IBM FinOps Day – 2024

A practical immersion into the FinOps universe focused on Cloudability and Turbonomic, providing a complete view of financial governance and continuous optimization in cloud environments.

It was a true deep dive into FinOps, allowing a practical understanding of how to align technology consumption with business strategy, performance, and cost control.

During the event, it became clear why IBM has been standing out and leading market analyses such as Gartner, mainly due to its ability to combine visibility, automation, and intelligence in cost management.

• Market Reference – Gartner (Macro View)

The Gartner Magic Quadrant for Cloud Financial Management Tools reinforces the maturity and relevance of FinOps solutions in the market, highlighting key players based on execution capabilities and strategic vision.

From a macro perspective, IBM is positioned in the Leaders quadrant, demonstrating its ability to consistently deliver value along with a clear vision for evolving financial management in cloud environments.

• Certifications

You can start here: FinOps Certification

Certifications such as Introduction to FinOps, Introduction to FOCUS, and FinOps Practitioner were key to the initial understanding over the years, providing a solid foundation of concepts, practices, and frameworks for cloud financial management. They enabled the development of a more strategic view of cost optimization, governance, and alignment between technology and business.

• Community

The FinOps Foundation community is an essential place for those looking to grow in cloud financial management practices, bringing together professionals, content, events, and up-to-date best practices. Participating in the community is an excellent way to exchange experiences, follow trends, and accelerate FinOps maturity within organizations.

Learn more here: Finops Community