top of page

Maximizing Cloud Efficiency: Harnessing the Power of Human-Vetted Automation

Why zOpt: Part 3

See earlier blogs Part 1 and Part 2

We all love optimizing our public cloud for reducing TCO, improving gross margins, unit economics and improving cloud application performance.

Optimizing public cloud is a 5 step process

  1. Analysis of your cloud spend,

  2. Derive actionable insights from your cloud spend patterns,

  3. Identify optimization opportunities

  4. Ensure the optimizations do not have any ill-effects

  5. Implement the identified optimizations

All these 5 steps are important. They need deep understanding of cloud intricacies and a significant efforts for analysis, coordination across different cloud owners, and the implementation.

We will focus on step #5 "Implementing Optimization Opportunities" in this blog.

Simple Scanario: Lets assume you have 100 Elastic IP (EIP) addresses and 20 of these EIPs are not being used. You are still paying for these provisioned resources and would like to get them removed. These EIPs are in 10 AWS accounts over 20 AWS regions, combination of production, test/dev, staging workloads.

Complex Scenario: You have multi-AZ databases and would like to migrate these databases to better performing compute, storage and IO capacity.

We will use the simple scenario in the sections below.

Option 1: Manual implementation

  1. Log in to each of 10 AWS accounts

  2. choose the appropriate AWS region

  3. Find EIP that needs be removed

  4. A few more clicks to remove the EIP

Maintain a spreadsheet for list of EIPs, AWS accounts, AWS regions and keep checking the EIPs acted upon. This is time consuming and could potentially cause a human error where wrong EIP is removed. Now, if have 10x resources to be acted upon, the efforts are significantly higher.

Option 2: Build shell/python script

  1. Test the AWS API with a sample EIP

  2. Build error handling, and log the results

  3. Build logic to log in to multiple AWS accounts

  4. Extract the list of resources, with their AWS accounts, regions

  5. Feed these list of resources as input parameters

Hurray - you built an automation for cloud optimization.

But, you would need similar automation to be built for each scenario. You may not need this script for next 3 months and no one is going to maintain this script for any changes AWS is making in their API or security models.

This did not actually save you any efforts, but most likely needed more time and efforts to make it work. At best, this was one time toy script that was created and fair to expect it will not be used again by anyone else in your organization.

Option 3: Use third-party automation tools

  1. Deploy the third-party tool

  2. Third-party tool take over your AWS environment for optimization

  3. Third-party tool identify and removes all the EIPs that are not being used

This was much easier, although it came with some cost for the tool that justifies the saved efforts and the cloud cost.

But, you realize this third-party tool could remove EIPs even when they are unattached for a short duration and does not ask for your approval before taking action. If any unintended EIPs are removed in the process, you have a bigger problem because you had specific network/security settings for specific EIP addresses. The new EIP needs be created and the network, security settings needs be applied all over again.

Well, this means more work. You wanted to save some efforts in first place but with lack of communication between automation tool and authorized human, the tool could cause more damage unknowingly.

Option 4: Use human-vetted automation

  1. Deploy

  2. does automated analysis of your cloud spend, identified optimization opportunities

  3. brings the EIP removal opportunity to you for you to take action

  4. You, the authorized human being initiates the automated execution and selects the time for execution

  5. The automation is scheduled for your review

  6. You review & approve the automation for specific AWS accounts and AWS regions

  7. The automation executes the task at the chosen time minimizing any disruptions and you get the expected results.

Why human-vetted automation is critical?

This is efficient execution by saving efforts needed in option 1 and option 2. Authorized user reviewing and approving the automated execution avoids any ill-effects of the automated execution as seen in Option 3. You get best of both worlds, automated execution with much needed efficiency and human oversight for covering any specific overriders ensuring any ill effects are avoided.

FinOps 2024 Report released State of FinOps 2024 report in Feb 2024 and called out Human-vetted automation as #1 priority for the near future.

"we hear there is a lack of trust in full automation, where action is taken without any human approval. Anecdotally, we heard that large spenders, especially those in regulated industries, are more cautious about automation. We also hear that integrating automation into existing systems and workflows is challenging, especially in environments where DevOps teams are distributed and use a mix of tools in their cloud deployments.

These challenges, combined with the lack of trust in full automation (which could take years to build), suggest that FinOps teams—and tooling providers—will have more impact adding elements of human-vetted automation to existing practices than trying to fully automate a task."

At, we offer human-vetted automation where human oversight is ensured in every step of automation, offering efficiency of automation with complete human control of the process.

See zOpt's Human-vetted Automation in action:

30 views0 comments


bottom of page