Cloud Governance

// Definition

Cloud governance is the set of policies, processes, and guardrails that define how cloud resources are provisioned, tagged, monitored, and retired within an organization. In a FinOps context, governance specifically addresses the rules that enforce cost accountability — who can provision what, what tagging is required, what spend thresholds trigger review, and how non-compliant resources are handled.

// Why It Matters

Governance is what makes FinOps practices sustainable at scale. Individual optimization efforts — rightsizing a fleet, purchasing Reserved Instances, cleaning up idle resources — deliver one-time savings. Governance prevents the same waste from accumulating again by embedding cost controls into the provisioning workflow itself.

The technical tools: AWS Service Control Policies (SCPs) and Tag Policies enforce tagging and restrict which services can be provisioned in which accounts. Azure Policy does the same across Azure subscriptions. GCP Organization Policies apply at the project and folder level. These policy-as-code approaches mean that a developer who tries to launch an unapproved instance type or create a resource without required tags gets blocked at provisioning time — not discovered weeks later in a billing audit.

Governance also covers the human side: who approves large committed purchases (Reserved Instances, Savings Plans), what happens when a team exceeds their cloud budget, and how exceptions are handled. A governance framework without exception handling breaks down quickly — engineers facing a production incident don't wait for a cost approval process. The framework must distinguish between routine provisioning (self-service within guardrails) and exception cases (expedited human review). See how governance matures across FinOps maturity stages.

// In Practice