FinOps
This is the thinking behind each one, not a tool list. FinOps is bringing financial accountability to the variable spend model of the cloud — a cultural + engineering practice, not just a cost dashboard. Senior FinOps means running the program (visibility → optimisation → accountability) and treating cost as a first-class engineering concern, which is increasingly a hiring differentiator.
A handful of principles answer most FinOps questions and mark you as someone who runs a cost program:
- FinOps brings financial accountability to variable cloud spend — it's a cultural practice, not a tool. The core lifecycle is Inform → Optimise → Operate.
- You can't optimise what you can't attribute. Tagging and cost allocation are the foundation — everything else depends on knowing who spends what.
- Unit economics beats absolute spend. Cost per customer / request / transaction is the real metric — rising total cost is fine if the unit cost is falling.
- Cost is a shared responsibility. Engineers who create cost should see and own it (showback) — decentralised accountability, enabled by a central FinOps function.
- The biggest levers, roughly by ROI: eliminate waste → rightsize → commit (RIs/Savings Plans/Spot) → architect for cost.
- Cost is a design concern — part of the cost/performance/reliability triangle, not an afterthought.
- Optimisation itself has a cost (engineer time) — be ROI-aware; don't spend $10k of engineering to save $1k. And make the cost-efficient path the easy path.
FinOps
17 scenarios · 1–17The complete FinOps scenario set, worked through in depth. This is the thinking behind each one, not answers to memorise.
📋 The full scenario inventory (distinct — no padding)
A. Framework & visibility
- What is FinOps / the FinOps framework
- Cost visibility & allocation (tagging, showback/chargeback)
- Unit economics — cost per unit of value
B. Optimisation levers
- Rightsizing (the #1 waste)
- Commitment discounts (Reserved Instances / Savings Plans / Spot)
- Eliminating waste (orphaned & idle resources)
- Storage & data lifecycle optimisation
- Data-transfer / egress cost optimisation
C. Specific domains
- Investigating a cost spike / bill anomaly
- Kubernetes cost management
- Serverless & autoscaling cost
- Non-production / environment cost
D. Culture, design & process
- Building FinOps culture / cost accountability
- Cost-aware architecture
- Forecasting & budgeting
- When NOT to optimise (the ROI of optimisation)
- AI / GPU workload cost
1What is FinOps / the FinOps frameworkFinOps▸
"What is FinOps?" or "how do you manage cloud cost at scale?" — the framing question.
What is actually happening (the mental model).
In the old world, IT spend was a fixed capital purchase decided up front by finance. In the cloud, every engineer's decision (spin up an instance, add a replica) is a real-time spending decision — spend is variable, decentralised, and continuous. FinOps is the practice of bringing financial accountability to that, so engineering, finance, and product collaborate to get the most value per dollar. The lifecycle is Inform (visibility, allocation) → Optimise (rightsize, commit, eliminate waste) → Operate (continuous governance, culture).
How to work through it.
- Inform — cost visibility and allocation (tagging, dashboards, showback) so everyone can see their spend. You can't manage what you can't see.
- Optimise — apply the levers: eliminate waste, rightsize, commitment discounts, architect for cost.
- Operate — continuous: budgets, anomaly detection, forecasting, and a culture where cost is a shared, ongoing responsibility.
- Cross-functional — engineering (who create cost), finance (who account for it), and product (who own the value trade-off) collaborate.
Key controls and trade-offs.
FinOps is a practice, not a one-time cleanup — it's continuous. Centralised FinOps (a team owns all cost) doesn't scale; the model is a central enabling function + decentralised accountability (engineers own their spend).
The trap that less-experienced engineers fall into.
Treating FinOps as a one-time cost-cutting exercise (it's continuous), or as purely a finance/tooling problem (it's a cross-functional engineering culture).
🎯 Interviewer follow-up questions you should expect.
- "What is FinOps?" Financial accountability for variable cloud spend; Inform → Optimise → Operate; cross-functional engineering/finance/product.
- "Why is cloud cost different from traditional IT?" It's variable and decentralised — every engineer's decision is a real-time spending decision.
- "Centralised or decentralised?" A central enabling function, decentralised accountability (engineers own their spend).
2Cost visibility & allocation (tagging, showback/chargeback)FinOps▸
"Nobody knows what anything costs" / "we can't attribute our bill to teams" — the foundational visibility problem.
What is actually happening (the mental model).
You can't optimise what you can't attribute — cost allocation is the bedrock of FinOps. The mechanism is a consistent tagging strategy (team, service, environment, cost-center) so every dollar maps to an owner, feeding showback (show each team its spend — awareness) or chargeback (actually bill it back — accountability). The hard part is the untagged/shared cost problem: unattributable spend (shared clusters, data transfer, un-tagged resources) that nobody owns.
How to work through it.
- Tagging strategy — mandatory tags (team, service, env, cost-center) enforced by policy-as-code, so cost maps to owners.
- Showback vs chargeback — showback (visibility → behaviour change, low friction) is the usual start; chargeback (real budget impact → strong accountability) is more mature but heavier.
- Handle shared/untagged cost — allocate shared costs (a shared K8s cluster, data transfer, support) via a fair method (usage-based) rather than leaving it unowned.
- Dashboards per team — each team sees its own trend, so waste is visible to the people who can fix it.
Key controls and trade-offs.
Showback: low friction, drives awareness. Chargeback: strong accountability but organisationally heavy and can breed cost-avoidance behaviour. Tag enforcement (policy-as-code blocking untagged resources) is the practical key. Perfect allocation is impossible (shared costs); aim for good-enough fairness.
The trap that less-experienced engineers fall into.
No/inconsistent tagging (a huge unattributable "other" bucket nobody owns), and not addressing shared costs (so they're invisible and grow unchecked).
🎯 Interviewer follow-up questions you should expect.
- "How do you allocate cloud cost to teams?" A mandatory, enforced tagging strategy; showback/chargeback; allocate shared costs fairly.
- "Showback vs chargeback?" Showback shows spend (awareness, low friction); chargeback bills it back (accountability, heavier).
- "How do you handle untagged/shared costs?" Enforce tagging via policy-as-code; allocate shared costs by usage.
3Unit economics — cost per unit of valueFinOps▸
"Our cloud bill is going up — is that bad?" — the question that separates a mature FinOps view from naive cost-cutting.
What is actually happening (the mental model).
Absolute spend is the wrong metric; unit economics is the right one. Rising total cost is fine — even good — if it's tracking growth and the cost per unit of value (per customer, per request, per transaction, per GB processed) is flat or falling. Conversely, flat total cost can hide a problem if unit costs are rising. So you measure cost against a business metric, which tells you whether you're scaling efficiently — and it's the language that resonates with the business.
How to work through it.
- Define the unit — the meaningful unit of value: cost per active customer, per 1,000 requests, per order, per GB.
- Track cost / unit over time — is it flat or improving as you scale? That's efficiency.
- Reframe the conversation — "spend is up 30% but cost-per-customer dropped 15% while we grew 50%" is a success story, not a problem.
- Spot real problems — a rising unit cost signals genuine inefficiency worth investigating, even if total spend looks stable.
Key controls and trade-offs.
Unit economics requires connecting cost data to business metrics (some plumbing) but it's the only way to judge whether spend is healthy. Absolute-spend targets can drive bad behaviour (starving growth); unit-cost targets align cost with value.
The trap that less-experienced engineers fall into.
Judging cloud spend by the absolute number (panicking at a rising bill that's actually efficient growth, or missing a rising unit cost hidden by flat total spend).
🎯 Interviewer follow-up questions you should expect.
- "The bill is going up — is that a problem?" Depends on unit economics: if cost-per-customer/request is flat or falling as you grow, it's healthy.
- "What's the right cost metric?" Cost per unit of value (customer/request/transaction), not absolute spend.
- "How do you spot inefficiency that absolute spend hides?" A rising unit cost even when total spend looks stable.
4Rightsizing (the #1 waste)FinOps▸
"Where's the biggest cost waste?" — and the answer is almost always over-provisioning: instances, databases, and containers sized far larger than their actual usage.
What is actually happening (the mental model).
The single biggest source of cloud waste is over-provisioning — resources sized for a worst-case guess (or "just to be safe") that run at 10–20% utilisation. Rightsizing matches resource size to actual observed usage (with headroom), which is usually the fastest, lowest-risk, highest-ROI optimisation. It requires usage data (utilisation metrics) and it's continuous (usage changes).
How to work through it.
- Measure actual utilisation — CPU/memory/IOPS over a representative period (not a snapshot); tools like Compute Optimizer / VPA recommend.
- Right-size to observed usage + headroom — drop over-provisioned instances/DBs/containers to a size that fits real demand.
- Prefer elasticity over static sizing — autoscaling so you're not paying for peak capacity 24/7 (scenario 11).
- Continuous, not one-time — usage drifts; rightsizing is an ongoing operate-phase activity.
- Low-risk first — non-prod and clearly-idle-headroom resources before touching sensitive prod.
Key controls and trade-offs.
Rightsizing is high-ROI and low-risk if you leave headroom (too aggressive → performance/availability risk). Static rightsizing helps; elasticity (autoscaling) is better because demand varies. It needs good utilisation data.
The trap that less-experienced engineers fall into.
Over-provisioning "to be safe" (running at 15% utilisation), rightsizing off a snapshot instead of peak-under-load (then getting OOM/throttling), and treating it as one-time (usage drifts back).
🎯 Interviewer follow-up questions you should expect.
- "Biggest source of cloud waste?" Over-provisioning; rightsizing to actual usage is the highest-ROI, lowest-risk optimisation.
- "How do you rightsize safely?" From observed utilisation over time (peak under load) with headroom; start with non-prod.
- "Rightsizing vs autoscaling?" Rightsizing fixes the baseline; autoscaling handles variable demand so you don't pay for peak 24/7.
5Commitment discounts (Reserved Instances / Savings Plans / Spot)FinOps▸
"How do you reduce compute cost beyond rightsizing?" — the commitment/purchasing question.
What is actually happening (the mental model).
Cloud providers offer large discounts (up to ~70%) in exchange for commitment or flexibility: Reserved Instances / Savings Plans trade a 1–3 year commitment for a discount on your baseline (predictable, always-on) usage; Spot trades interruptibility for huge discounts on fault-tolerant workloads. The strategy is to layer them by workload predictability: commit to your steady baseline, use Spot for interruptible/batch, and keep on-demand only for the unpredictable spike.
How to work through it.
- Rightsize first — never commit to over-provisioned capacity (you'd lock in the waste). Commitments come after rightsizing.
- Commit to the baseline — Savings Plans (flexible across instance types, preferred) or RIs for the steady, always-on usage you're confident about; discount for a 1–3 year commitment.
- Spot for interruptible workloads — batch, CI runners, stateless/fault-tolerant, big-data — up to ~90% off, at the cost of possible interruption (handle gracefully).
- On-demand only for the unpredictable, spiky remainder.
- Manage the commitment portfolio — track coverage and utilisation; don't over-commit (unused commitment is wasted money).
Key controls and trade-offs.
RIs/Savings Plans: big discount but a multi-year commitment (risk if usage drops or tech changes — Savings Plans are more flexible than RIs). Spot: huge discount but interruptible (only for fault-tolerant work). Layering matches the discount mechanism to the workload's nature. Commit after rightsizing, never before.
The trap that less-experienced engineers fall into.
Committing (RIs/SPs) to over-provisioned capacity (locking in waste), over-committing (unused commitment = wasted spend), and putting stateful/critical workloads on Spot (interruption = outage).
🎯 Interviewer follow-up questions you should expect.
- "RI vs Savings Plan vs Spot?" RI/SP commit to baseline for a discount (SP more flexible); Spot for interruptible/fault-tolerant workloads at a huge discount.
- "Rightsize or commit first?" Rightsize first — committing to over-provisioned capacity locks in the waste.
- "What can go on Spot?" Fault-tolerant, interruptible workloads (batch, CI, stateless); not stateful/critical.
6Eliminating waste (orphaned & idle resources)FinOps▸
"Where's the easy money?" — and it's usually resources that are running but doing nothing: orphaned volumes, idle instances, unattached IPs, forgotten environments, old snapshots.
What is actually happening (the mental model).
Cloud makes it trivial to create resources and easy to forget them — so waste accumulates as orphaned (disconnected: unattached EBS, unassociated EIPs, old snapshots, empty load balancers) and idle (running but unused: dev boxes left on, over-provisioned-to-zero). This is often the lowest-effort, zero-risk saving (deleting genuinely-unused things), and the fix is continuous detection + automated cleanup, because manual sweeps don't scale.
How to work through it.
- Find orphaned resources — unattached EBS volumes, unassociated Elastic IPs (billed when idle!), old/redundant snapshots, empty load balancers, unused NAT gateways — via Cost Explorer / Trusted Advisor / a cleanup tool.
- Find idle resources — instances/DBs at near-zero utilisation, forgotten environments running 24/7.
- Automate cleanup — scheduled detection + automated removal (with safeguards: tag-to-keep, grace periods) — manual sweeps don't scale.
- Prevent recurrence — TTLs on ephemeral resources, auto-shutdown schedules (scenario 12), and ownership tags so nothing is un-owned.
Key controls and trade-offs.
Deleting genuinely-orphaned resources is near-zero-risk, high-ROI. Idle-resource cleanup needs care (confirm truly unused). Automation is essential (manual doesn't scale) but needs safeguards against deleting something needed.
The trap that less-experienced engineers fall into.
Manual one-time cleanups (waste re-accumulates), forgetting the sneaky billed-when-idle resources (unattached EIPs, provisioned IOPS, idle NAT gateways), and no prevention (TTLs/ownership) so it recurs.
🎯 Interviewer follow-up questions you should expect.
- "Where's the easy cost saving?" Orphaned resources (unattached volumes/EIPs, old snapshots, empty LBs) and idle resources — low effort, low risk.
- "How do you keep waste from re-accumulating?" Continuous automated detection, cleanup, TTLs on ephemeral resources, ownership tags, and auto-shutdown.
- "A surprising billed-when-idle resource?" An unassociated Elastic IP is charged; so are idle NAT gateways and unused provisioned IOPS.
7Storage & data lifecycle optimisationFinOps▸
Storage costs are large and growing — S3, snapshots, logs — often quietly, because storage is cheap-per-GB but accumulates forever.
What is actually happening (the mental model).
Storage cost grows because data is rarely deleted and often stored in the wrong (expensive) tier. The lever is matching the storage tier to the access pattern (hot data in fast/expensive storage, cold/archival data in cheap tiers) via lifecycle policies, plus deleting what you don't need (old snapshots, expired logs). The 80/20 applies: most data is rarely accessed and belongs in a cheaper tier.
How to work through it.
- Tier by access pattern — S3 lifecycle policies to move data from Standard → Infrequent Access → Glacier/Deep Archive as it ages; or S3 Intelligent-Tiering to automate it.
- Retention & deletion — expire old logs (CloudWatch/S3), delete redundant/old EBS snapshots (they accumulate silently), enforce retention policies.
- Right storage class/type — gp3 over gp2, the right S3 class; don't over-provision IOPS.
- Deduplicate & compress where it pays.
- Watch for growth drivers — a service logging verbosely, snapshot proliferation.
Key controls and trade-offs.
Tiering trades retrieval latency/cost for storage savings (Glacier is cheap to store, slow/costly to retrieve — right for true archives, wrong for data you'll access). Lifecycle automation is set-and-forget once configured. Deleting data is the cheapest but needs retention/compliance care.
The trap that less-experienced engineers fall into.
Everything in the expensive hot tier forever (no lifecycle policies), snapshot/log proliferation (silent growth), and archiving data to Glacier that's actually accessed (expensive retrieval).
🎯 Interviewer follow-up questions you should expect.
- "How do you optimise storage cost?" Tier by access pattern with lifecycle policies (Standard → IA → Glacier), retention/deletion of old logs & snapshots, and right storage class.
- "What's the trade-off with cold tiers?" Cheap to store but slow/costly to retrieve — right for true archives, wrong for accessed data.
- "A silent storage-cost driver?" Old EBS snapshots accumulating, and verbose logs with no retention.
8Data-transfer / egress cost optimisationFinOps▸
Data-transfer is a large, hard-to-explain line item — the cost that hides in the architecture (ties to the AWS/Networking scenarios, from the FinOps angle).
What is actually happening (the mental model).
Data transfer is uniquely insidious because it's invisible until you look and driven by architecture, not a knob. The map: internet egress is expensive; cross-AZ traffic is billed both directions; cross-region costs; NAT gateway processing charges every byte. The fixes are architectural — VPC endpoints, AZ-aware placement, CDN — so it's a design-review problem more than a purchasing one.
How to work through it.
- Find the driver — Cost Explorer by usage type: is it internet egress, cross-AZ, cross-region, or NAT processing?
- VPC endpoints — for S3/DynamoDB/ECR, so that traffic bypasses the NAT gateway and internet (often pays for itself immediately).
- AZ-aware placement — keep chatty service pairs in the same AZ (cross-AZ is billed both ways) — weighed against AZ-failure resilience.
- CDN (CloudFront) for egress-heavy content — cheaper egress + caching.
- Compression and reducing chatty inter-service traffic.
Key controls and trade-offs.
VPC endpoints are a near-free win. Same-AZ placement saves cross-AZ cost but slightly reduces AZ-failure resilience for those flows (a real cost-vs-reliability trade-off). CDN adds cost but cuts egress and improves latency.
The trap that less-experienced engineers fall into.
Ignoring data transfer (it's invisible), routing S3/ECR traffic through the NAT gateway (instead of a free VPC endpoint), and forgetting cross-AZ is billed in both directions.
🎯 Interviewer follow-up questions you should expect.
- "Why is data-transfer cost hard to control?" It's invisible until you look and driven by architecture — cross-AZ (both ways), NAT processing, egress.
- "How do you cut it?" VPC endpoints to bypass NAT for S3/ECR, AZ-aware placement, and CDN for egress; it's a design-review problem.
9Investigating a cost spike / bill anomalyFinOps▸
"The bill spiked — find out why" — the FinOps incident (ties to the AWS bill-doubled scenario, with the FinOps process lens).
What is actually happening (the mental model).
A cost spike is almost always concentrated in one service/usage-type/team, so you localise it fast with the right grouping, identify the driver, decide if it's legitimate (a launch, real growth) or waste/a bug (a runaway job, a misconfig, a leaked key mining crypto), fix it, and — the FinOps part — ensure anomaly detection catches the next one in days, not on the monthly invoice.
How to work through it.
- Localise — Cost Explorer grouped by service → usage type → tag/team → region to pinpoint the concentrated driver.
- Identify the driver — data transfer, a runaway compute job, a scaled-up service, a misconfig, or a security event (a leaked key mining crypto — a cost spike is sometimes a security incident).
- Classify — legitimate (a launch / real growth → expected) vs waste/bug (fix it) vs security (respond).
- Fix and prevent recurrence — Cost Anomaly Detection + Budgets with alerts so it's caught in days automatically, not on the invoice.
Key controls and trade-offs.
Fast localisation (right grouping) vs guessing. The FinOps deliverable is detection: anomaly detection converts "found on the monthly bill" into "alerted within a day." Anomaly detection has some false positives (tune it).
The trap that less-experienced engineers fall into.
No cost anomaly detection (spikes discovered weeks later on the invoice), not considering a spike could be a security incident (crypto-mining), and fixing the instance without adding detection so it recurs.
🎯 Interviewer follow-up questions you should expect.
- "The bill spiked — how do you investigate?" Cost Explorer by service → usage type → tag to localise; identify and classify the driver; then anomaly detection to prevent recurrence.
- "Could a cost spike be a security issue?" Yes — a leaked key spinning up crypto-mining is a classic; investigate.
- "How do you catch it faster next time?" Cost Anomaly Detection, Budgets alerts, and caught in days not on the invoice.
10Kubernetes cost managementFinOps▸
"How do you manage and allocate Kubernetes cost?" — because K8s makes cost especially hard to attribute (many workloads share nodes).
What is actually happening (the mental model).
Kubernetes obscures cost in two ways: the shared-node allocation problem (many pods/teams on shared nodes → whose cost is it?) and poor bin-packing (requests set too high → nodes underutilised → you pay for reserved-but-unused capacity). So K8s FinOps is about allocating cost back to workloads/teams (Kubecost/OpenCost) and improving utilisation (right-size requests, bin-pack, autoscale nodes).
How to work through it.
- Cost allocation — tools like Kubecost/OpenCost attribute node cost to namespaces/labels/teams based on their requests/usage, solving the shared-node problem (showback per team).
- Improve utilisation (bin-packing) — the big lever: pods reserve via requests, so over-inflated requests waste node capacity (you pay for reserved-but-idle). Right-size requests to real usage so nodes pack densely.
- Node autoscaling — Cluster Autoscaler / Karpenter to run right-sized nodes and scale down idle ones; use Spot for fault-tolerant workloads.
- Right-size the cluster — don't run large idle node headroom.
Key controls and trade-offs.
Allocation (Kubecost) gives visibility to drive accountability. Bin-packing (right-sized requests) is the biggest cost lever but risks OOM/throttling if too tight — leave headroom. Karpenter + Spot cuts node cost significantly for fault-tolerant workloads.
The trap that less-experienced engineers fall into.
No cost allocation (the cluster is one big unattributable bill), over-inflated requests (nodes at 30% utilisation, paying for reserved-idle capacity), and not using Spot/Karpenter for eligible workloads.
🎯 Interviewer follow-up questions you should expect.
- "How do you allocate K8s cost to teams?" Kubecost/OpenCost attributing node cost to namespaces/labels based on requests/usage.
- "Biggest K8s cost lever?" Bin-packing — right-size requests so nodes pack densely, because requests reserve capacity you pay for whether used or not.
- "How do you cut node cost?" Karpenter for right-sized nodes, scale-down, and Spot for fault-tolerant workloads.
11Serverless & autoscaling costFinOps▸
"Is serverless cheaper?" or "how do you use elasticity to cut cost?" — the pay-for-what-you-use question, with a nuance.
What is actually happening (the mental model).
Elasticity is a cost lever — scaling with demand (including scale-to-zero) means you don't pay for peak capacity 24/7. Serverless takes this furthest (pay per invocation, nothing at idle), which is very cheap for spiky/low-volume workloads — but there's a crossover point where, at high steady volume, serverless costs more than right-sized always-on compute. So the FinOps view is: use elasticity/serverless where the load is variable, and reserved/committed always-on compute where it's steady and high.
How to work through it.
- Elasticity over static capacity — autoscale (including scale-to-zero for non-prod / bursty services) so you pay for actual demand, not peak.
- Serverless for spiky/low-volume — Lambda pays per invocation with nothing at idle; ideal for event-driven, unpredictable, low-average load.
- Know the crossover — at high, steady volume, serverless per-request cost exceeds right-sized committed compute; move steady heavy workloads to always-on (with commitments).
- Match the model to the load shape — variable → elastic/serverless; steady → committed always-on.
Key controls and trade-offs.
Serverless: zero idle cost + no ops, but a per-request premium at high volume + cold starts. Autoscaling: pay for demand, but needs the right scaling metric and warmup. The art is matching the pricing model to the load shape — there's no universally-cheapest option.
The trap that less-experienced engineers fall into.
Assuming serverless is always cheaper (it isn't at high steady volume — the crossover), and running always-on capacity for a bursty/low-volume workload that should be serverless or scale-to-zero.
🎯 Interviewer follow-up questions you should expect.
- "Is serverless cheaper?" For spiky/low-volume, yes (zero idle cost); at high steady volume there's a crossover where always-on committed compute is cheaper.
- "How does elasticity cut cost?" Scaling with demand (including scale-to-zero) means you don't pay for peak 24/7.
- "How do you decide?" Match the pricing model to the load shape — variable → elastic/serverless, steady → committed.
12Non-production / environment costFinOps▸
"Where's a quick, safe win?" — and it's often non-production environments running 24/7 when they're only used during work hours.
What is actually happening (the mental model).
Dev, test, and staging environments frequently run full-time (168 hours/week) but are only used during work hours (~40–50 hours) — so ~70% of their cost is pure waste. The lever is scheduled shutdown (stop non-prod outside work hours) and right-sizing non-prod (it rarely needs prod-scale). It's low-risk (non-prod) and high-ROI, and a great early FinOps win.
How to work through it.
- Scheduled shutdown — auto-stop non-prod instances/environments outside work hours and on weekends (~70% saving on those environments).
- Right-size non-prod — it rarely needs prod-scale; use smaller instances, fewer replicas, cheaper tiers.
- Ephemeral environments — spin up per-PR/per-feature and tear down after (pay only while used), instead of long-lived idle envs.
- TTLs + ownership — so forgotten environments don't linger.
Key controls and trade-offs.
Non-prod shutdown is low-risk, high-ROI (nobody uses dev at 2am). Ephemeral per-PR environments cost only while used but need automation. The trade-off is minor developer friction (starting a stopped env) for a large saving — usually worth it.
The trap that less-experienced engineers fall into.
Running non-prod 24/7 (paying for nights and weekends nobody uses), running non-prod at prod scale, and long-lived environments that linger forgotten.
🎯 Interviewer follow-up questions you should expect.
- "A quick, safe cost win?" Scheduled shutdown of non-prod outside work hours (~70% saving on those environments), and right-sizing non-prod.
- "How do you handle test/PR environments?" Ephemeral per-PR environments that spin up and tear down, paying only while used.
13Building FinOps culture / cost accountabilityFinOps▸
"How do you make engineers care about cost?" — the culture question, and the real key to sustainable FinOps.
What is actually happening (the mental model).
Cost optimisation done to teams by a central team doesn't scale and doesn't stick — sustainable FinOps requires engineers who create cost to see and own it. The lever is making cost visible to the people who can act on it (per-team showback dashboards), giving them accountability without blame, embedding cost into normal engineering decisions, and providing tooling/guardrails so the cost-efficient path is easy. When a team sees its own spend, waste gets cleaned up without central policing.
How to work through it.
- Visibility to the doers — per-team/service cost dashboards so engineers see their own spend and trend (showback). Awareness alone changes behaviour.
- Decentralised accountability — teams own their cost (a cost KPI / budget), enabled by a central FinOps function (not policed by it).
- Cost in engineering decisions — surface cost in design reviews, PRs (Infracost showing the $ impact of a change), and retros.
- Blameless + rewarding — celebrate savings, don't punish spend; make it a shared goal, not a witch-hunt.
- Make the efficient path easy — guardrails, secure-and-cheap defaults, so doing the right thing is the default.
Key controls and trade-offs.
Decentralised accountability (teams own cost) scales far better than a central team policing everyone (a bottleneck). Showback (awareness) is lower-friction than chargeback (real budget impact) but both work. The central team shifts from "cost police" to "enabler."
The trap that less-experienced engineers fall into.
Central-team cost-policing (doesn't scale, breeds resentment, teams have no visibility), and a blame culture around spend (people hide or avoid rather than optimise).
🎯 Interviewer follow-up questions you should expect.
- "How do you make engineers care about cost?" You make their own cost visible to them (showback), give decentralised accountability, embed cost in decisions (Infracost on PRs), keep it blameless and rewarding.
- "Central team or decentralised?" Decentralised accountability enabled by a central FinOps function; central policing doesn't scale.
- "How do you surface cost in the workflow?" Infracost on PRs, cost in design reviews, and per-team dashboards.
14Cost-aware architectureFinOps▸
"How does cost factor into your architecture decisions?" — cost as a first-class design concern, a senior/staff signal.
What is actually happening (the mental model).
Cost is part of the architecture trade-off triangle alongside performance and reliability — the biggest cost decisions are made at design time, not squeezed out later with rightsizing. A cost-aware architect considers the cost implications of every major choice (managed vs self-hosted, the data-transfer topology, the storage tier, the compute model, the database) up front, because a poor architectural choice bakes in cost that no amount of later optimisation fully recovers.
How to work through it.
- Cost as a design trade-off — weigh it alongside performance and reliability in every major decision; it's not an afterthought.
- The expensive decisions are architectural — data-transfer topology (VPC endpoints, AZ placement), managed-vs-self-hosted, storage tier, compute model (serverless vs containers vs VMs), database choice (DynamoDB vs RDS at scale).
- Design reviews include cost — a rough cost model per option; Infracost/estimates so the $ impact is visible before building.
- Right-size resilience to cost — multi-region active-active is expensive; match to the actual RTO/RPO (don't over-build).
- Avoid baking in cost — a bad topology (chatty cross-AZ, everything through NAT) costs forever.
Key controls and trade-offs.
The cost/performance/reliability triangle — you optimise for the business need, not one axis. Design-time cost decisions have far more leverage than post-hoc rightsizing. But don't under-build for cost either (starving performance/reliability) — it's a balance.
The trap that less-experienced engineers fall into.
Treating cost purely as a post-hoc optimisation (rightsizing) rather than a design input, and baking in expensive topologies (cross-AZ chatter, over-built multi-region) that later optimisation can't fully fix.
🎯 Interviewer follow-up questions you should expect.
- "How does cost factor into architecture?" As a first-class trade-off alongside performance and reliability; the big cost decisions are architectural (topology, managed-vs-self, compute/storage/db choices), made at design time.
- "Where does architecture bake in cost?" Data-transfer topology, over-built resilience, wrong compute/storage model — hard to fix later.
15Forecasting & budgetingFinOps▸
"How do you predict and control cloud spend?" — the planning side finance cares about.
What is actually happening (the mental model).
Cloud spend is variable, but the business needs predictability — so FinOps forecasts future spend (from historical trends + planned growth/launches) and sets budgets with alerts so spend is controlled proactively, not discovered after the fact. Good forecasting ties to unit economics (project cost from projected business growth) and enables commitment planning (how much to reserve).
How to work through it.
- Forecast — project future spend from historical trends, planned growth, and known launches; tie to unit economics (cost/unit × projected units).
- Budgets + alerts — set budgets per team/service with proactive alerts (at 50/80/100% of budget) so overruns are caught early.
- Anomaly detection — complements budgets by catching unexpected spikes (scenario 9).
- Inform commitment planning — the baseline forecast tells you how much to reserve (RIs/Savings Plans).
- Continuous re-forecasting — update as reality and plans change.
Key controls and trade-offs.
Forecasting gives the business predictability and enables commitment planning; it's inherently uncertain (variable spend), so budgets + anomaly detection catch the misses. Budgets that only alert (not enforce) preserve agility while giving control.
The trap that less-experienced engineers fall into.
No forecasting/budgets (spend is a surprise each month), forecasting off raw trend without accounting for planned growth/launches, and budgets with no alerts (a budget you don't watch does nothing).
🎯 Interviewer follow-up questions you should expect.
- "How do you predict cloud spend?" Forecast from historical trend, planned growth/launches, and tied to unit economics; set budgets with proactive alerts.
- "How does forecasting help commitments?" The baseline forecast tells you how much to safely reserve with RIs/Savings Plans.
- "Budgets that enforce or alert?" Alerts preserve agility while giving control; enforcement is heavier.
16When NOT to optimise (the ROI of optimisation)FinOps▸
"Would you always optimise cost?" — the judgment question that separates mature FinOps from penny-pinching.
What is actually happening (the mental model).
Optimisation itself has a cost — engineer time — and you optimise the return, not the cost blindly. Spending $10k of engineering effort to save $1k/year is a loss. So you prioritise optimisations by ROI (savings vs effort vs risk), focus on the big line items (the 80/20 — a few services are most of the bill), and know when to stop (diminishing returns, or when engineer time is better spent on features/reliability that create more value than the saving). Cost is one goal among several, not the only one.
How to work through it.
- Optimise by ROI — savings vs engineering effort vs risk; a big saving for little effort first.
- Focus on the big line items — the 80/20: a few services/resources dominate the bill; optimise those, ignore the rounding-error ones.
- Know when to stop — diminishing returns; and when engineer time creates more value elsewhere (features, reliability) than the cost saving.
- Weigh against other goals — don't sacrifice reliability, performance, or velocity for a marginal cost saving (the triangle).
- Automate the recurring optimisations so they don't consume ongoing engineer time.
Key controls and trade-offs.
ROI-aware optimisation focuses effort where it pays; blind cost-cutting wastes engineer time and can harm reliability/velocity. The opportunity cost of engineer time is real — sometimes the best FinOps decision is not to optimise something small.
The trap that less-experienced engineers fall into.
Optimising everything regardless of ROI (spending more engineer time than the saving is worth), micro-optimising rounding-error line items while ignoring the big ones, and sacrificing reliability/velocity for marginal savings.
🎯 Interviewer follow-up questions you should expect.
- "Would you always optimise cost?" No — optimise by ROI; a big saving for little effort first, and stop at diminishing returns or when engineer time creates more value elsewhere.
- "How do you prioritise optimisations?" The big line items (80/20), by savings vs effort vs risk.
- "When is not optimising the right call?" When the engineer time costs more than the saving, or would harm reliability/velocity.
17AI / GPU workload costFinOps▸
"How do you manage the cost of AI/ML/GPU workloads?" — the new, high-stakes frontier, because GPU compute is extremely expensive and easy to waste.
What is actually happening (the mental model).
AI/ML workloads shift the cost problem because GPUs are an order of magnitude more expensive than CPU and are frequently underutilised (idle GPUs waiting, over-provisioned instances). The levers are the familiar FinOps ones amplified: maximise GPU utilisation (the dominant cost), use Spot for interruptible training, right-size the (expensive) instances, and separate the training vs inference cost models. And for LLM/API usage, cost per token/request is the unit economic.
How to work through it.
- Maximise GPU utilisation — GPUs are the dominant cost, so idle GPU time is the biggest waste; batch jobs, share GPUs (MIG/time-slicing), and keep them busy.
- Spot for training — training is often interruptible/checkpointable → Spot GPUs for large savings; keep inference on reliable capacity.
- Right-size expensive instances — GPU instance families are costly; match the GPU/instance to the model's actual need, don't over-provision.
- Training vs inference — training is bursty/batch (Spot, scale-to-zero); inference is steady-serving (right-size + autoscale + possibly committed).
- Unit economics for AI — cost per training run, per inference, per token (for LLM APIs); and consider managed vs self-hosted trade-offs.
Key controls and trade-offs.
GPU utilisation is the make-or-break lever (idle GPUs are extremely expensive). Spot for training saves a lot but needs checkpointing. Self-hosting models vs API (build-vs-buy) is a real cost decision. The stakes are higher because the per-unit costs are large.
The trap that less-experienced engineers fall into.
Idle/underutilised GPUs (the biggest AI waste), on-demand GPUs for interruptible training (Spot would save hugely), and no unit-economics view (cost per inference/token) so runaway AI costs aren't caught.
🎯 Interviewer follow-up questions you should expect.
- "How do you manage GPU/AI cost?" Maximise GPU utilisation (the dominant cost), Spot for interruptible training, right-size expensive instances, separate training vs inference cost models, and track cost per inference/token.
- "Biggest AI cost waste?" Idle/underutilised GPUs — they're extremely expensive to leave sitting.
- "Spot for AI?" Yes for checkpointable training; keep inference on reliable capacity.