What specific integrations are required for the root-cause analysis to work?

The skill requires read-only access to AWS (Cost Explorer and CUR) and API integrations for GitHub, Jira, and Slack to perform its cross-correlation analysis.

Does this skill support Azure or Google Cloud Platform (GCP)?

Current support is optimized for AWS environments; however, the data processing logic is designed to be extensible for multi-cloud FinOps workflows in future updates.

What is included in the purchase of the FinOps Anomaly Intelligence skill?

Every purchase includes the core logic engine, pre-configured data extraction scripts, documentation for secure API setup, and access to all minor version updates and bug fixes for 12 months.

How does the skill link a specific GitHub PR to a dollar amount spike?

The skill identifies the 'anomaly window' using your billing data and then scans your engineering tools for high-confidence matches, such as PR merges, infrastructure-as-code updates, or incident resolution periods.

Freedeveloper-toolsUniversal

finops-anomaly-intelligence

Turn AWS billing mysteries into 10-minute root cause reports by correlating cost spikes with engineering events.

skill install https://www.promptspace.in/skills/finops-anomaly-intelligence

What it does

FinOps Anomaly Intelligence is a root-cause analysis engine designed to investigate and resolve AWS cost spikes. It moves beyond simple alerts by cross-correlating AWS billing data (CUR/Cost Explorer) with engineering activities across GitHub, Jira, CloudWatch, and PagerDuty. At a high level, it detects the anomaly window, identifies impacted services, ranks root-cause hypotheses with confidence scores, and quantifies the "cost of inaction."

Why use this skill

Standard AWS alerts tell you that you spent too much, but they don't tell you why. Manually tracing a $10k spike through CloudTrail logs and PR history can take hours. This skill reduces that to 10 minutes. It is better than simple prompting because it uses a structured sequence of data extraction and correlation scripts to provide proof-based answers, not just hallucinations. It ensures developers see the financial impact of their code changes in real-time.

Supported tools

Cloud: AWS (Cost Explorer, CUR, CloudWatch)
VCS/Task Management: GitHub Enterprise, Jira REST API
Observability/Ops: PagerDuty, Slack API
Frameworks: Boto3, Pandas, Python 3.10+

What the output looks like

The skill produces structured JSON data for workflows and human-readable Markdown reports. This includes a ranked Hypothesis Report linking specific PRs to dollar amounts, a Cost of Inaction table for executive reporting, and a pre-formatted Jira ticket ready for assignment to the responsible engineering team.

Use cases

Identify the specific GitHub PR or Jira ticket that caused an AWS cost spike
Quantify the annual financial impact of unoptimized cloud infrastructure
Generate a weekly 'Cost Story' digest for engineering leadership
Automatically draft Jira remediation tickets assigned to responsible dev teams
Correlate CloudWatch scaling events with unexpected billing anomalies

Example

Prompt

Investigate why our AWS bill spiked last Tuesday and find the PR that caused it.

Output

HYPOTHESIS #1 [Confidence: HIGH | 87%]
Root Cause: PR #4821 (@platform-team) removed S3 VPC Endpoint.
Evidence: NatGatewayBytesOut +340% at 14:22 UTC matches PR merge time.
Cost Delta: +$2,403 over 5 days.
Monthly Projection: $18,240.
Remediation: Re-add aws_vpc_endpoint.s3 to Terraform config.

Known limitations

- **AWS Cost Explorer granularity**: Cost Explorer data is available at daily granularity minimum. Sub-daily (hourly) anomaly detection requires direct CUR + Athena setup, which needs additional configuration per `references/aws-cur-guide.md`. - **Hypothesis accuracy depends on integration coverage**: Without GitHub and Jira credentials configured, hypotheses are generated from CloudWatch alone and will be marked LOW confidence. Manual validation is required. - **Tag attribution requires tagging discipline**: Resources without the required tags (team, env, service) cannot be team-attributed. The skill includes a tag coverage audit to surface gaps, but retroactive attribution is not possible. - **No real-time streaming**: The skill operates on batch data (pulled on-demand). It does not run as a persistent daemon or streaming pipeline. For continuous monitoring, pair with AWS Cost Anomaly Detection + SNS to trigger the skill on alerts. - **Multi-account requires payer access**: For AWS Organizations, credentials for the management (payer) account are needed to aggregate across linked accounts. Linked account-only credentials limit scope to a single account. - **Jira/GitHub rate limits**: High-volume repositories or dense Jira projects may hit API rate limits on large correlation windows (>90 days). Use smaller windows or paginate manually. - **Historical data window**: Cost Explorer API supports up to 12 months of historical data. CUR via Athena supports the full CUR retention period (configurable, typically 12–36 months). - **Not a billing replacement**: This skill does not replace AWS Cost Explorer, Kubecost, CloudHealth, or other dedicated FinOps platforms. It augments them with automated root-cause correlation.

Frequently asked questions

Unlike standard budget alerts, this skill correlates cost spikes with engineering metadata from GitHub and Jira to pinpoint the exact code change or deployment that triggered the expense.