TurboFinOps: Delete Cloud Waste and Prove Savings

Action

A governed remediation workflow triggered from a savings opportunity or supporting finding. Actions have a lifecycle: created - approved - executed - verified. Every action produces an audit log entry and can feed receipt verification.

Action Mode

Per-scope setting that controls how TurboFinOps handles execution. Options: suggest (recommendations only), manual_approval (user must confirm before execution), safe (auto-executes low-risk actions), auto (fully automated). Default is manual_approval.

Audit Log

An immutable record of every state-changing operation in TurboFinOps, including who performed it, when, what changed, and what receipt or evidence context was produced.

BYOAI (Bring Your Own AI)

TurboFinOps's model for AI features: instead of operating a shared AI service, customers provide their own API key for an AI provider (OpenAI, Azure OpenAI, Anthropic). TurboFinOps uses that key to generate explanations and summaries.

Cloud Connection

A set of credentials (IAM role ARN, Azure App Registration, GCP service account key) that allows TurboFinOps to authenticate to a cloud provider. One connection can cover multiple scopes.

Commitment Optimizer

A feature that identifies resources eligible for Reserved Instances, Savings Plans, or committed use discounts based on observed utilization patterns.

Conflict Detection Guard

A safety check that runs before every action execution. It verifies that the target resource is not protected by an IaC ownership tag, is not within a freeze window, and is not flagged by a policy protection rule.

Detection

A logic unit that evaluates one condition against your cloud inventory. Each detection has a provider scope, severity, and optional remediation action.

Domain

A supporting classification for signals: FinOps covers cost waste, Security covers exposure and access risk, Governance covers ownership and tagging, and Audit covers evidence readiness. Daily workflows should start from savings actions and receipts.

Evidence Artifact

A generated document (JSON, CSV, or PDF summary) that captures the state of receipts, findings, resources, or actions at a specific point in time. Used for finance, compliance and audit review.

Finding

A supporting signal detected from current cloud inventory. Findings feed savings opportunities, risk context, owner routing and action entry points.

Finding Status

The lifecycle state of a finding: open (unresolved), in_progress (action underway), resolved (fixed), suppressed (acknowledged and accepted), or wont_fix (deprioritized).

Freeze Window

A configured time period during which TurboFinOps will not execute automated actions against a scope. Used to protect production deployments, release windows, or compliance periods.

Governance Policy

Organization-level configuration that defines required resource tags (owner, cost_center, environment, etc.), allowed regions, and other control requirements used for ownership routing and action safety.

IaC Ownership Tag

A tag applied to a cloud resource (e.g. managed-by: terraform) that signals the resource is managed by infrastructure-as-code. TurboFinOps's conflict guard checks for these tags before executing any action.

Inventory

The normalized record of all cloud resources discovered by TurboFinOps across all connected scopes. Resources are updated on each scan.

Organization

The top-level tenant in TurboFinOps. All connections, scopes, findings, users, and settings belong to an organization. Users can belong to one or more organizations.

Policy Pack

A pre-configured set of policy rules for ownership, allocation, safety or compliance context. Built-in packs ship with TurboFinOps; custom packs are available on Professional and Enterprise plans.

Provider

A cloud service provider. TurboFinOps supports aws, azure, and gcp.

RBAC

Role-Based Access Control. TurboFinOps enforces five roles: Admin, FinOps, Security, Auditor, and Viewer. Each role has a defined set of permissions enforced server-side on every API request.

Rightsizing

The process of matching a resource's configuration (instance type, size) to its actual usage. TurboFinOps identifies rightsizing candidates and provides specific target recommendations based on observed utilization.

Savings Receipt

A proof artifact for an executed action. It records baseline daily cost, observed post-action cost, 7/14/30-day checkpoints, status, confidence and methodology notes.

Scan Job

A background task that queries your cloud provider APIs for current resource state, applies all applicable rules, and generates or updates findings. Scan jobs are queued via Redis and run asynchronously. You can queue one scope, or every active scope on a provider at once (one metered job per scope). Scan type (Full, Delta, Targeted) selects which provider API groups run — it is not a diff-only incremental pass compared to your previous job.

Scope

A single discoverable unit: one AWS account, one Azure subscription, or one GCP project. Scopes are linked to a connection and define what TurboFinOps can see and act upon.

Score

A 0-100 metric per domain that summarizes current posture. In day-to-day workflows, teams should prioritize recoverable dollars, action readiness, and receipt verification outcomes first.

Severity

The impact level of a finding: critical, high, medium, or low. Severity affects score weighting and finding prioritization.

Tenant Isolation

TurboFinOps is designed to keep each organization's data isolated from other tenants. Tenant-scoped queries are filtered by organizationId and enforced server-side, with monitoring and audit controls to detect regressions.

VM Scheduling

Automatic start/stop of virtual machines (EC2, Azure VMs, GCE) based on a configured business-hours schedule. Reduces cost by stopping VMs when they are not needed (nights, weekends).

Glossary

Find recoverable spend before the next invoice lands.