The FinOps Lambda project automates cost optimization by shutting down non-critical AWS resources during off-hours or low-usage periods. It was designed to align with FinOps principles, promoting efficiency, automation, and accountability in cloud resource management.
This Lambda can be executed on a scheduled basis (EventBridge) or manually triggered, and integrates easily with feature toggles via a configuration service.
- 🧠 Intelligent Shutdown: stops non-production resources such as EC2, ECS, RDS, and Load Balancers.
- 🕒 Scheduled via EventBridge: automatically runs at predefined times (e.g., 8 PM BRT, weekdays).
- 🔐 Least-Privilege IAM Policy: ensures minimal AWS permissions.
- 🧩 Modular Architecture: each AWS service has its own manager class (EC2, ECS, RDS, ELB).
- ⚙️ Feature Toggle Ready: supports enable/disable via environment variable or API.
- 🧪 Comprehensive Testing: unit tests with
pytestandmotosimulate AWS services locally. - 🌍 Infrastructure as Code: fully managed with Terraform for predictable, repeatable deployments.
+---------------------+
| EventBridge Rule | --> Triggers at schedule (e.g., cron(0 23 ? * MON-FRI *))
+----------+----------+
|
v
+----------+----------------+
| AWS Lambda (FinOps) |
|----------------------------|
| - Checks feature toggle |
| - Stops EC2 instances |
| - Scales down ECS tasks |
| - Stops RDS databases |
| - Disables ELB listeners |
+----------+----------------+
|
v
+----------------------------+
| CloudWatch Logs |
| (Observability & Auditing) |
+----------------------------+
finops-lambda/
│
├── src/
│ ├── main.py # Lambda entrypoint
│ ├── ec2_manager.py # EC2 shutdown logic
│ ├── ecs_manager.py # ECS service scaler
│ ├── rds_manager.py # RDS stop handler
│ ├── elb_manager.py # ELB listener disabler
│
├── terraform/
│ ├── main.tf # Core infrastructure (Lambda, IAM, EventBridge)
│ ├── lambda_policy.json # IAM least privilege policy
│ ├── variables.tf # Configurable variables
│ └── outputs.tf # Useful outputs (ARNs, names)
│
├── tests/
│ ├── test_main.py
│ ├── test_ec2_manager.py
│ ├── test_ecs_manager.py
│ ├── test_rds_manager.py
│ └── test_elb_manager.py
│
├── requirements.txt
└── README.md
-
Lambda is triggered by EventBridge (default cron:
0 23 ? * MON-FRI *). -
Checks if
FEATURE_SHUTDOWN=true. -
If enabled, executes sequentially:
- 🖥️ Stop all running EC2 instances.
- 🧩 Scale ECS services down to
desiredCount=0. - 🗃️ Stop all available RDS instances.
- 🌐 Disable ELB listeners to block incoming traffic.
-
Logs all actions in CloudWatch Logs for visibility.
The shutdown can be dynamically enabled/disabled using:
import os
def is_shutdown_enabled() -> bool:
value = os.getenv("FEATURE_SHUTDOWN", "false").lower()
return value in ["true", "1", "yes"]This allows for centralized control of automation — for example, toggled in configuration API.
cd terraform
terraform init
terraform plan -out tfplan
terraform apply "tfplan"| Resource | Description |
|---|---|
aws_lambda_function.finops_shutdown |
Main FinOps automation Lambda |
aws_iam_role.lambda_role |
Execution role with least privilege |
aws_iam_policy.finops_policy |
JSON policy for EC2, ECS, RDS, ELB actions |
aws_cloudwatch_event_rule.shutdown_schedule |
Scheduled EventBridge rule |
aws_cloudwatch_event_target.target_lambda |
EventBridge → Lambda binding |
pip install -r requirements.txtpytest -vAll tests use moto to emulate AWS services locally — no cloud resources required.
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:StopInstances",
"ecs:ListClusters",
"ecs:ListServices",
"ecs:UpdateService",
"rds:DescribeDBInstances",
"rds:StopDBInstance",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DeleteListener",
"logs:*"
],
"Resource": "*"
}This project follows FinOps best practices by:
- Eliminating waste from idle cloud resources.
- Automating repetitive operations.
- Increasing cost visibility.
- Enforcing governance through controlled toggles.
- Enabling quick rollback (via feature toggle or Terraform destroy).
[INFO] Checking EC2 instances...
[INFO] Stopping instances: ['i-08af12345']
[INFO] Scaling ECS service my-app to desiredCount=0
[INFO] Stopping RDS database mydb
[INFO] Disabling ELB listeners: arn:aws:elasticloadbalancing:...
[INFO] Shutdown completed successfully.
- Add SNS notification after shutdown completion.
- Add exclusion tags (e.g.,
finops-exclude=true). - Extend support to Auto Scaling Groups and EKS nodes.