The 2026 FinOps Checklist: 14 actions to cut your cloud bill 30%
A field-tested FinOps checklist for engineering teams running on AWS, GCP, Azure or Kubernetes. Concrete actions, ordered by ROI.
- finops
- cost-optimization
- kubernetes
- aws
- gcp
Most cloud bills bleed money in places nobody monitors. Idle Kubernetes pods, oversized EC2 instances, untagged storage, forgotten dev environments running 24/7 — every team we onboard finds 25–40% in waste during week one.
This is the checklist we use internally and recommend to every customer. Ordered by ROI per hour of engineering work, not by how trendy it sounds in conference talks.
Quick wins (do this week)
1. Tag everything, then enforce
Without tags you can't allocate cost, build chargeback, or even know who owns what. Make team, env and service mandatory on every cloud resource via SCP/Org Policy/Azure Policy. Resources without tags should fail to create — not generate a JIRA ticket nobody reads.
2. Kill orphaned volumes and snapshots
Detached EBS volumes and snapshots older than 90 days from terminated instances are pure waste. One customer found $18k/month in EBS snapshots from CI runners decommissioned two years ago.
3. Stop dev environments at night
If your dev/staging environments run 168 hours a week instead of ~50, you're paying 3.4× more than necessary. AWS Instance Scheduler, GCP Recommender or a 30-line Lambda fixes it.
4. Right-size obvious overprovisioning
Look for instances under 10% CPU utilization for 14+ days. Drop them one tier. No magic, no ML required — just CloudWatch + a spreadsheet.
Structural fixes (do this quarter)
5. Commit to Savings Plans / Committed Use Discounts
If your steady-state load is predictable for the next 12 months, not buying Savings Plans or CUDs is leaving 30–60% on the table. Start with a 1-year, no-upfront, compute-flexible plan covering ~60% of baseline. Layer on-demand on top.
6. Move stateless workloads to Spot / Preemptible
Batch jobs, CI runners, async workers, ML training — all fine on Spot/Preemptible at 60–90% off. Use Karpenter on EKS or GKE Autopilot Spot pools.
7. Set Kubernetes requests correctly
Most teams over-request CPU/memory by 3–5×, causing low bin-packing efficiency and inflated node counts. Run Vertical Pod Autoscaler in recommend mode for two weeks, then adjust requests to P95 + 20% buffer.
8. Adopt a tiered storage strategy
S3 Standard for hot data, S3 Standard-IA after 30 days, Glacier after 90 days, Deep Archive after 1 year. Use Intelligent-Tiering when access patterns are unpredictable. The same logic applies to GCS and Azure Blob.
9. Audit egress traffic
Cross-AZ, cross-region and internet egress are the silent killers. Look for chatty services living in different AZs, NAT Gateway traffic spikes, and cross-region replication you forgot you turned on.
Governance (do this year)
10. Build a unit-cost metric
Cost per customer, per request, per GB processed — pick one. Without a unit metric, you can't tell whether costs grew because you wasted money or because the business grew.
11. Make engineers see their own costs
A weekly Slack message with each team's cloud spend changes behavior faster than any policy. Bonus points for showing cost per unit metric alongside raw $.
12. Forecast and budget per team
Cloud providers don't give you good forecasting out of the box. Build it yourself or use a FinOps platform — but don't fly blind. Anomaly detection only helps after the fact.
13. Run cost reviews monthly
Same cadence as security reviews. 30 minutes per team lead, walking through:
- Top 10 cost movers MoM
- New resources that look unusual
- Reserved coverage % and waste %
14. Pick one platform, not five
Most teams end up with 2–3 dashboards (cloud-native + a SaaS + a homegrown one) and look at none. Consolidate on a single FinOps platform that covers your clouds, exposes raw data, and integrates with your alerting.
Where Lumicost fits
Steps 1–4 are mostly hygiene and don't need a tool. Steps 5–14 benefit from automation: forecasting, allocation, anomaly detection, recommendations, chargeback. That's exactly what Lumicost does — across GCP, AWS, Azure and Kubernetes, with a read-only IAM Role and a 5-minute setup. There's a free plan so you can validate findings before committing.
Pick three items from this list, ship them this month, measure the impact. Then come back for the next three.