Austin Rose
Lab/FinOps governance

FinOps governance

LiveUpdated 2026-04-26

Cost-to-serve with PR-level governance. The novel piece: a merge pipeline that combines Infracost's automated pricing with hand estimates for resources Infracost can't price — every line tagged by source. Infrastructure PRs are gated on cost-delta acknowledgement.

Built for this
  • merge-cost-breakdown.mjs synthesis (Infracost rows + hand estimates)
  • Per-source row tagging on every line item
  • PR-gated cost-delta governance
Built on
  • Infracost (automated pricing)
  • OpenTofu modules (infra/aws, infra/gcp, infra/cloudflare)
Topology
CloudflareDNS + weighted routinghealth checksAWS · us-west-2x-origin: aws-us-west-2CloudFrontCDNS3Static originACMCertificateGCP · us-central1x-origin: gcp-us-central1HTTPS Load BalancerCDNCloud StorageStatic originManaged CertCertificate50 %50 %Visitor → austinrose.me

Diagram source: content/architecture.yml. Edit the YAML to add components; the diagram re-renders at build time.

Cost to serve
Projected monthly cost to serve
$22.28
source: infracost+estimateupdated: 2026-04-282 priced · 8 estimated
AWS · us-west-2$1.42
ResourceKindMonthlyAssumption
CloudFront requests + egressestcdn$1.10~50 GB/mo egress, ~500k requests at first-tier pricing
Tofu state in S3estops$0.27Versioned, small state file, light reads
S3 bucket (origin)eststorage$0.05~2 GB site bundle, S3 Standard

Module is in code (infra/aws/) but the environment has not been applied yet. The lines below estimate the planned topology. Infracost cannot price these without usage assumptions; expect them to be replaced by Infracost rows once apply lands and traffic begins.

GCP · us-central1$15.86
ResourceKindMonthlyAssumption
google_compute_global_address.sitecdn$7.30IP address (unused) — 730 hours/mo
google_compute_global_forwarding_rule.sitecdn$7.30Forwarding rules — 730 hours/mo
HTTPS LB egressestcdn$1.20~50 GB/mo egress
Cloud Storage bucketeststorage$0.06~2 GB, Standard storage

Module is in code (infra/gcp/) but the environment has not been applied to a backing service yet. Infracost rows above show resources currently declared (and billed for) but unused. The lines below estimate additional runtime cost the planned topology will add once traffic begins.

Cloudflare$5.00
ResourceKindMonthlyAssumption
Load Balancer (weighted steering)esttraffic$5.00$5/mo base + $0.50/500k DNS queries; well under first tier
HTTPS health check monitorestops$0.00Included with LB
DNS zone (austinrose.me)estdns$0.00Free tier, unlimited queries

Cloudflare Load Balancing and DNS are not in Infracost's pricing catalog. The lines below are hand estimates of what the apex domain costs to route traffic between the AWS and GCP origins.

Change governance

Every pull request that touches infra/ runs Infracost against each module and posts a comment summarizing the cost delta. A merge that raises monthly spend by more than a configurable threshold requires an acknowledgement before it can land.

The committed baseline lives at data/cost-breakdown.json and is regenerated on a schedule. The numbers above are read from that file at build time.