Guidance for Cost Analysis and Optimization with Amazon Bedrock Agents
Summary: This implementation guide provides an overview of the Guidance for Cost Analysis and Optimization with Amazon Bedrock Agents, its reference architecture and components, considerations for planning the deployment, and configuration steps for deploying the Guidance to Amazon Web Services (AWS). This guide is intended for solution architects, business decision makers, DevOps engineers, data scientists, and cloud professionals who want to implement Guidance for Cost Analysis and Optimization with Amazon Bedrock Agents in their environment.
Get started
This Guidance demonstrates how to build a FinOps agent using Amazon Bedrock with multi-agent capability and Amazon Nova as the foundation model. It enables natural language interactions for AWS cost management, providing comprehensive cost analysis and optimization recommendations through AI-driven agents.
Overview
The Guidance for Cost Analysis and Optimization with Amazon Bedrock Agents on AWS demonstrates how to leverage AI agents to revolutionize AWS cost management. By using Amazon Bedrock Agents with multi-agent capability and Amazon Nova foundation models, this Guidance provides a powerful and intuitive way to analyze, optimize, and manage AWS costs through natural language interactions.
AI agents are transforming how businesses enhance their operational capabilities and enterprise applications. Amazon Bedrock Agents combines the capabilities of foundation models with APIs and data to process user requests, gather information, and execute specific tasks effectively. The multi-agent feature enables organizations to orchestrate multiple specialized AI agents working together to tackle complex, multi-step challenges that require diverse expertise.
Features and benefits
The Guidance for Cost Analysis and Optimization with Amazon Bedrock Agents provides the following features:
- Multi-agent collaboration - Orchestrates specialized agents working together to solve complex cost management challenges
- Natural language interaction - Enables users to query cost data and receive optimization recommendations using conversational language
- Real-time cost insights - Provides up-to-date information on AWS spending patterns and resource utilization
- Actionable optimization recommendations - Delivers specific, implementable suggestions to reduce cloud costs
- Role-based access control - Ensures secure access to cost management capabilities for authorized personnel
- Parallel processing - Improves efficiency by handling multiple aspects of cost analysis simultaneously
Use cases
- Finance team cost analysis - Finance teams can quickly access and analyze AWS cost data without needing technical expertise in AWS services or cost management tools
- Cloud cost optimization - Cloud administrators can identify and implement cost-saving opportunities across their AWS environment
- Budget planning and forecasting - Organizations can leverage cost forecasting capabilities to plan future cloud spending and set appropriate budgets
- Resource utilization assessment - Teams can identify underutilized resources and take action to optimize their cloud infrastructure
Architecture overview
This section provides a reference implementation architecture diagram for the components deployed with this Guidance.
Architecture diagram
Figure 1: Guidance for Cost Analysis and Optimization with Amazon Bedrock Agents on AWS - Reference Architecture
Architecture steps
- The administrator user deploys the Guidance to an AWS Account and AWS Region using an AWS CloudFormation template. The base CloudFormation stack will deploy and create all the AWS resources needed to host the Guidance. This includes the Amazon Cognito user group and user, Amazon Bedrock Agents, AWS Lambda functions, AWS Identity and Access Management (IAM) roles, and an AWS Security Token Service (AWS STS) token.
- The user navigates to the secure chat UI URL.
- The secure chat application is hosted on AWS Amplify.
- The page is returned with HTML, CSS, and JavaScript. The user can then input the configuration details for Amazon Cognito and Amazon Bedrock Agents.
- Upon configuration completion, the user is prompted to authenticate using Amazon Cognito with a username and password configured for them in the user pool.
- After successful authentication, Amazon Cognito identity pool will negotiate temporary credentials from AWS STS.
- Amazon Cognito identity pool passes temporary AWS credentials to the secure chat UI.
- Once authenticated, the user will see the secure chat UI prompt to interact with the Amazon Bedrock Agent that is configured.
- The FinOps Supervisor Agent evaluates each user’s question and directs it to one of two specialized sub-agents: the Cost Analysis Agent or the Cost Optimization Agent.
- Each specialized agent (Cost Analysis or Cost Optimization) reviews its predefined set of actions to identify the correct procedure for answering the user’s question.
- The action groups execute their respective Lambda functions to fetch data, whether that includes accessing the AWS Cost Explorer API or pulling recommendations from the AWS Trusted Advisor Cost Optimization pillar.
- The FinOps Supervisor Agent compiles all the gathered data into a final answer and sends it back to the secure chat UI visible to the user.
AWS services in this Guidance
| AWS service | Description |
|---|---|
| Amazon Bedrock | Core. Provides foundation models and agent capabilities for natural language processing and multi-agent orchestration. |
| Amazon Nova | Core. Next-generation foundation model that delivers breakthrough intelligence and industry-leading performance. |
| AWS Lambda | Core. Executes code for Amazon Bedrock action groups, enabling agents to interact with AWS services. |
| Amazon Cognito | Core. Provides user authentication and role-based access control for the application. |
| AWS Amplify | Core. Hosts the frontend application for user interaction with the FinOps agents. |
| AWS Cost Explorer | Core. Provides cost data and analysis capabilities for the Cost Analysis Agent. |
| AWS Trusted Advisor | Core. Delivers cost optimization recommendations for the Cost Optimization Agent. |
| AWS Identity and Access Management (IAM) | Supporting. Manages permissions and access control for AWS services used in the Guidance. |
| AWS CloudFormation | Supporting. Deploys and configures the Guidance resources in a consistent and repeatable manner. |
Plan your deployment
Cost
You are responsible for the cost of the AWS services used while running this Guidance. As of July 2024, the cost for running this Guidance with the default settings in the US East (N. Virginia) us-eqst-1 region is approximately $30.73 per month.
We recommend creating a budget through AWS Cost Explorer to help manage costs. Prices are subject to change. For full details, refer to the pricing webpage for each AWS service used in this Guidance.
Sample cost table
The following table provides a sample cost breakdown for deploying this Guidance with the default parameters in the US East (N. Virginia) Region for one month.
| AWS Service | Usage Estimate | Monthly Cost (USD) |
|---|---|---|
| Amazon Bedrock (Nova) | 3,000 requests * 1,000 tokens/request | $30.00 |
| Amazon Cognito | 100 MAU | $0.00 (within free tier) |
| AWS Lambda | 3,000 invocations * 5 functions * 1s avg. duration | $0.00 (within free tier) |
| AWS Amplify | 1 GB storage, 5 GB data transfer | $0.23 |
| Amazon CloudWatch | Basic monitoring + 1 GB logs | $0.50 |
| AWS IAM | N/A | $0.00 |
| AWS Cost Explorer | 3,000 API requests | $0.00 (within free tier) |
| AWS Trusted Advisor | Basic checks | $0.00 |
| Total Estimated Monthly Cost | $30.73 |
This cost estimate assumes a relatively simple usage pattern and minimal data storage. The majority of the cost comes from Amazon Bedrock usage. Costs could increase if:
- Requests to Amazon Bedrock involve larger token counts
- Lambda functions run for longer durations
- More data is stored or transferred through Amplify
- Advanced features of Trusted Advisor are used
Security
When you build systems on AWS infrastructure, security responsibilities are shared between you and AWS. This shared responsibility model reduces your operational burden because AWS operates, manages, and controls the components including the host operating system, the virtualization layer, and the physical security of the facilities in which the services operate. For more information about AWS security, visit AWS Cloud Security.
This Guidance implements the following security features:
- Amazon Cognito user authentication - Secure user authentication with user pools and identity pools
- Role-based access control - Ensures that only authorized users can access specific functionality
- IAM roles and policies - Provides least-privilege permissions for Lambda functions and other AWS services
- Secure API communication - All communication between components uses HTTPS encryption
Supported AWS Regions
“Guidance for Cost Analysis and Optimization with Amazon Bedrock Agents” is supported in the following AWS Regions (as of July 2025):
| Region Name | |
|---|---|
| US East (Ohio) | Asia Pacific (Seoul) |
| US East (N. Virginia) | Europe (Paris) |
| US West (Northern California) | Middle East (Bahrain) |
| US West (Oregon) | AWS GovCloud (US-West) |
| Africa (Cape Town) | Asia Pacific (Seoul) |
Deploy the Guidance
Prerequisites
You must have the following in place to deploy this Guidance:
- An AWS account
- Foundation model access in Amazon Bedrock for Amazon Nova Pro and Micro models in the same AWS Region where you will deploy this Guidance
- The accompanying AWS CloudFormation template downloaded from the GitHub repository
Deploy Guidance resources using AWS CloudFormation
This CloudFormation template is designed to run in the us-east-1 Region. If you deploy in a different Region, you must configure cross-Region inference profiles to have proper functionality and update the CloudFormation template accordingly.
During the CloudFormation template deployment, you will need to specify three required parameters:
- Stack name
- Foundation model selection
- Valid user email address
Figure 2: CloudFormation Stack Deployment input parameters
- When deployment is complete, copy the following from the Outputs tab on the AWS CloudFormation console to use during the configuration of your application after it’s deployed in Amplify:
- AWSRegion
- BedrockAgentAliasId
- BedrockAgentId
- BedrockAgentName
- IdentityPoolId
- UserPoolClientId
- UserPoolId
Figure 3: CloudFormation stack output parameters
Deploy the Amplify application
- Download the frontend code AWS-Amplify-Frontend.zip from the GitHub repository.
- Use the .zip file to manually deploy the application to Amplify.
- Return to the Amplify page and use the domain it automatically generated to access the application.
- When accessing the application URL, you will be prompted to provide information related to Amazon Cognito and Amazon Bedrock Agents - please use the values you collected from the CloudFormation stack outputs.
- Sign in with your username and password. A temporary password was automatically generated during deployment and sent to the email address you provided when launching the CloudFormation template.
Application URL
Figure 4: Amplify Application URL
Configuration page
Figure 5: Application Configuration Page for backend interaction
First time login & password change
Figure 6: Login view using Amplify Cognito UI component
Figure 7: Password change view on Application First login
Sample Chat
Figure 8: Sample chat using the connected Amazon Bedrock Agent into the application
Uninstall the Guidance
If you decide to discontinue using the FinOps application deployed by this Guidance, you can follow these steps to remove it and its associated resources:
- Delete the CloudFormation stack:
- On the CloudFormation console, choose Stacks in the navigation pane.
- Locate the stack you created during the deployment process.
- Select the stack and choose Delete.
- Delete the Amplify application and its resources. For instructions, refer to Clean Up Resources.
Contributors
- Ravi Kumar, Sr TAM
- Ankush Goyal, Sr ESL/TAM
- Daniel Zilberman, Sr WW SA, Tech Solutions Team
- Salman Ahmed, Sr TAM
- Sergio Barraza, Sr. TAM
Notices
Customers are responsible for making their own independent assessment of the information in this Guidance.
This Guidance:
(a) is for informational purposes only,
(b) represents AWS current product offerings and practices, which are subject to change without notice, and
(c) does not create any commitments or assurances from AWS and its affiliates, suppliers, or licensors.
AWS products or services are provided “as is” without warranties, representations, or conditions of any kind, whether express or implied.
AWS responsibilities and liabilities to its customers are controlled by AWS agreements, and this Guidance is not part of, nor does it modify, any agreement between AWS and its customers.