Managing prices throughout a number of AWS accounts typically requires finance groups to question knowledge from a number of sources to get an entire view of spending and optimization alternatives. On this put up, you learn to construct a FinOps agent utilizing Amazon Bedrock AgentCore that helps your finance group handle AWS prices throughout a number of accounts. This conversational agent consolidates knowledge from AWS Value Explorer, AWS Budgets, and AWS Compute Optimizer right into a single interface, so your group can ask questions like “What are my prime price drivers this month?” and obtain quick solutions.
You be taught to arrange the structure, deploy the answer utilizing AWS Cloud Improvement Package (AWS CDK), and work together together with your price knowledge by pure language queries. The answer makes use of AgentCore, Anthropic Claude Sonnet 4.5, the Strands Agent SDK, and the Mannequin Context Protocol (MCP).
You’ll have dialog reminiscence that retains 30 days of context, so you’ll be able to ask follow-up questions with out repeating info. Over 20 specialised instruments cowl the complete spectrum of price administration, from evaluation to optimization, assuaging the necessity to manually navigate a number of AWS consoles. Pure language interplay makes price knowledge accessible to group members throughout your group.
Resolution overview
This answer consists of two predominant parts: the authentication and frontend layer and the Amazon Bedrock AgentCore Runtime with instruments and reminiscence. Amazon Cognito manages person authentication whereas the AgentCore Runtime processes price administration queries. The authentication and frontend layer makes use of AWS Amplify to host the net software interface and Amazon Cognito for person authentication. Amazon Cognito handles person authentication and supplies non permanent AWS credentials by Identification Swimming pools.
The customized agent for FinOps is hosted on AgentCore Runtime and constructed with the Strands Agent that integrates with Amazon Bedrock to entry a Giant Language Mannequin (LLM). Amazon Bedrock AgentCore Gateway manages software invocations and routes requests to backend providers utilizing AWS Identification and Entry Administration (IAM) authentication. MCP Servers are hosted on AgentCore Runtime to supply entry to AWS Billing and Value Administration instruments. AgentCore Reminiscence maintains dialog historical past for as much as 30 days of context retention. AgentCore Identification manages the OAuth 2.0 credential lifecycle for safe communication between the Gateway and MCP server runtimes. It shops the Amazon Cognito M2M shopper credentials as an OAuth credential supplier and points tokens on behalf of the Gateway when it must authenticate with the MCP runtimes.
With these parts in place, the next part examines how they work collectively within the full structure.
Structure diagram
The next diagram represents the answer structure, which incorporates 5 key sections:
Part A – Authentication Infrastructure: First, the FinOpsAuthStack CDK stack deploys the authentication infrastructure (Amazon Cognito Consumer Pool, Identification Pool, M2M shopper, useful resource server, and IAM roles). The Consumer Pool handles person authentication, the M2M shopper permits machine-to-machine OAuth 2.0 flows between the Gateway and MCP runtimes, and the Identification Pool supplies non permanent AWS credentials that permit the frontend software to securely talk with the AgentCore Runtime.
Part B – Picture Construct Infrastructure: Subsequent, the FinOpsImageStack CDK stack deploys the container picture construct pipeline (Amazon S3 bucket, AWS CodeBuild tasks, and Amazon Elastic Container Registry (Amazon ECR) repositories). CodeBuild clones the upstream AWS Labs MCP servers, applies a stdio-to-HTTP transformation (patching them for streamable-http transport), and builds AWS Graviton (ARM64) container pictures which are saved in Amazon ECR to be used by the AgentCore Runtimes.
Part C – MCP Server Runtimes: The FinOpsMCPRuntimeStack CDK stack deploys two AgentCore Runtimes working the reworked AWS Labs MCP servers (Billing and Pricing). Every runtime is configured with JWT authorization utilizing the AuthStack’s Amazon Cognito and has particular IAM permissions for the AWS APIs it accesses. For instance, AWS Billing and Value Administration and AWS Compute Optimizer for the Billing runtime, and AWS Pricing for the Pricing runtime.
Part D – AgentCore Gateway: The FinOpsAgentCoreGatewayStack CDK stack deploys the AgentCore Gateway with AWS_IAM authorization, an OAuth credential supplier (registered with AgentCore Identification utilizing the AuthStack’s Cognito M2M credentials), and two MCP server targets pointing to the Billing and Pricing runtimes. The Gateway supplies a unified software discovery and invocation endpoint, dealing with OAuth token trade for outbound authentication to the MCP runtimes.
Part E – Important Agent Runtime: Lastly, the FinOpsAgentRuntimeStack CDK stack deploys the principle AgentCore Runtime. It makes use of the Strands Agent Framework with Claude Sonnet 3.7 to orchestrate mannequin invocations and power calls by the Gateway. It additionally deploys AgentCore Reminiscence for dialog historical past. The Runtime connects to the Gateway through IAM SigV4 authentication, discovers 24 instruments from each MCP servers, and routes software requests by the Gateway to retrieve price, billing, and pricing knowledge.
Utilizing the net software
Now that you just perceive the structure, let’s stroll by a pattern request movement. For instance, what occurs when a person asks “What are my AWS prices for January 2026?”
- The FinOps person accesses the net software hosted on AWS Amplify, which serves the frontend (HTML, CSS, JavaScript).
- The person authenticates with Amazon Cognito. Amazon Cognito validates the credentials and returns non permanent AWS credentials from the Identification Pool.
- The frontend sends the person’s query to the AgentCore Runtime and makes use of the non permanent AWS credentials to name
InvokeAgentRuntime. - The Strands agent contained in the runtime sends the query together with 24 obtainable software definitions to Claude Sonnet 4.5 on Amazon Bedrock. The mannequin analyzes the query and decides it must name the
billingMcp__cost_explorer - The agent receives the software name request from the mannequin and routes it to the AgentCore Gateway utilizing IAM SigV4 authentication (
InvokeGateway). - The Gateway should authenticate with the MCP runtime. It contacts AgentCore Identification to acquire an OAuth 2.0 token utilizing the registered credential supplier (backed by Cognito M2M shopper credentials).
- The Gateway sends the MCP instruments/name request with the OAuth token to the Billing MCP Runtime.
- The Billing MCP Runtime executes the precise API name to AWS Value Explorer and requests price and utilization knowledge for January 2026 utilizing its execution position.
- The price knowledge flows again by the chain. Billing MCP Runtime responds to the Gateway, then the Gateway responds to the agent. The agent sends the price knowledge again to Amazon Bedrock, the place Claude generates a pure language abstract of the January 2026 prices.
- The formatted response is returned to the FinOps person, displaying the price breakdown within the chat interface.
Conditions
Earlier than you start, confirm that you’ve:
- An AWS account with acceptable permissions for the next providers:
- Amazon Bedrock, AgentCore, Amazon ECR, AWS Lambda, Amazon Cognito, AWS CodeBuild, and IAM
- AWS Command Line Interface (AWS CLI) (v2.x) configured with credentials
- Node.js (v18 or later) and npm put in
- Python 3.13 or increased put in
- AWS CDK put in and bootstrapped in your AWS account
- Set up:
npm set up -g aws-cdk - Bootstrap:
cdk bootstrap aws://AWS-ACCOUNT-NUMBER/AWS-REGION
- Set up:
Deploy the answer utilizing AWS CDK
This answer deploys to the us-east-1 AWS Area. The deployment makes use of the AWS CDK to provision the infrastructure by three AWS CloudFormation stacks.
To deploy the answer:
Step 1: Clone the repository
Step 2: Set atmosphere variables
Change your-email@instance.com together with your e mail deal with to obtain the non permanent admin password:
Step 3: Deploy utilizing CDK
The deployment script installs CDK dependencies, builds TypeScript code, bootstraps the CDK if wanted, then deploys the three stacks in sequence. The method takes roughly 15-20 minutes. After completion, you’ll have 5 CloudFormation Stacks inside your account.
After deployment completes of the final CloudFormation Stack FinOpsAgentRuntimeStack, be aware the next outputs from the terminal:
Consumer Pool Id– Cognito Identification Pool IDConsumer Pool Shopper Id– Cognito Consumer Pool Shopper IDIdentification Pool Id– Identification Pool IDAgentCore ARN– AgentCore runtime ARN
The next screenshot exhibits you what the Outputs will seem like.
You’ll obtain an e mail with a short lived password for the admin person.
With the infrastructure deployed, now you can configure and use the net software to work together together with your price knowledge.
Deploy the Amplify software
Whereas we offer a pattern frontend hosted on AWS Amplify, you’ll be able to combine the answer with your personal customized frontend or join it to your present enterprise communication instruments. The frontend software requires guide deployment utilizing code from the GitHub repository:
- Obtain the frontend code
AWS-Amplify-Frontend.zipfrom GitHub. - Navigate to AWS Amplify within the AWS Administration Console.
- Select Deploy with out Git supplier.
- Add the appliance .zip file.
- Look forward to deployment to finish.
- Notice the generated area URL.
Understanding the MCP servers
MCP servers (AWS Billing and Value Administration MCP Server and AWS Pricing MCP Server) present price administration and pricing instruments. Every MCP server is designed to deal with particular forms of queries. The AWS Billing and Value Administration MCP Server focuses on historic spend evaluation, funds monitoring, price anomaly detection, and optimization suggestions utilizing your precise AWS account knowledge. The AWS Pricing MCP Server handles forward-looking queries by offering real-time pricing knowledge from the AWS Worth Listing API, enabling price estimation for brand new workloads and infrastructure as code (IaC) tasks.
Utilizing the net software
Open the URL supplied after creating your AWS Amplify software. You may be prompted to enter your Amazon Cognito and AgentCore configuration particulars. Enter the values out of your stack output (collected earlier). From the Agent Kind menu, choose AgentCore Agent, enter the deployment Area, and select an Agent Identify (on this instance, we use AgentCore Agent). Save the configuration as proven within the following picture:
Sign up together with your username and the non permanent password despatched to your e mail. At first sign-in, you may be requested to reset your password. After resetting your password, you can begin asking questions. For instance, ask “What are my AWS prices for January 2026?” Whenever you ask about prices, the system retrieves knowledge utilizing the get_cost_and_usage software to retrieve your price knowledge and supplies an in depth breakdown by service.
Ask “What are my present price financial savings alternatives?” The agent calls a number of instruments to determine optimization alternatives:
get_rightsizing_recommendations– identifies over-provisioned or underutilized sourcesget_savings_plans_recommendations– suggests commitment-based low cost plansget_compute_optimizer_recommendations– supplies compute optimization insights
Subsequent, ask “Are you able to give me particulars of any underutilized EC2 situations?” Due to dialog reminiscence, follow-up questions keep context from the earlier query and supply detailed details about particular situations.
See this interactive session in motion within the following video.
Listed here are further pattern queries to strive:
- “Present me my prices by Area for the final 30 days”
- “What’s my price forecast for the subsequent 3 months?”
- “Examine pricing for t3.micro and t3.small situations”
- “Are there any price anomalies in my account?”
- “What’s my free tier utilization standing?”
- “Present me my budgets and their present standing”
- “What’s the pricing for Lambda in us-east-1?”
- “Get rightsizing suggestions for my EC2 situations”
Conversational reminiscence in motion
AgentCore Reminiscence maintains context throughout a number of questions:
You: “What are my prime 5 providers by price?” Agent: (Supplies checklist of prime 5 providers)
You: “What about the second?” Agent: (Remembers the earlier checklist and supplies particulars)
You: “How can I optimize it?” Agent: (Supplies optimization suggestions)
See this interactive session in motion within the following video.
AgentCore Reminiscence mechanically manages dialog historical past, and the Strands session supervisor retrieves related context for every request.
Clear up
To keep away from incurring future fees, delete the sources created by this answer.
Delete the stacks:
You may be requested with the next:
Are you positive you wish to delete: FinOpsAgentRuntimeStack, FinOpsAgentCoreGatewayStack, FinOpsMCPRuntimeStack, FinOpsAuthStack, FinOpsImageStack (y/n)
Kind y and this may delete the stacks.
Delete the Amplify software:
- Within the Amplify console, within the left-hand navigation in your app, select App settings, and choose Basic settings.
- Within the Basic settings part, select Delete app.
Conclusion
On this put up, we confirmed you find out how to construct a FinOps agent utilizing AgentCore. The agent supplies pure language entry to price evaluation and optimization suggestions by consolidating knowledge from AWS Value Explorer, AWS Budgets, and Compute Optimizer.
The structure combines AgentCore Runtime, Gateway, Reminiscence, Identification, the Strands Framework, MCP, and Claude Sonnet 4.5. You possibly can lengthen this basis to different use circumstances like DevOps automation, safety evaluation, and compliance monitoring. Get began as we speak by visiting the GitHub repository.
In regards to the authors
Salman Ahmed
Salman is a Senior Technical Account Supervisor at AWS. He focuses on guiding clients by the design, implementation, and help of AWS options. Combining his networking experience with a drive to discover new applied sciences, he helps organizations efficiently navigate their cloud journey. Outdoors of labor, he enjoys pictures, touring, and watching his favourite sports activities groups.
Ravi Kumar
Ravi is a Senior Technical Account Supervisor in AWS Enterprise Assist who helps clients within the journey and hospitality trade to streamline their cloud operations on AWS. He’s a results-driven IT skilled with over 20 years of expertise. Ravi is captivated with generative AI and actively explores its purposes in cloud computing. In his free time, Ravi enjoys artistic actions like portray. He additionally likes taking part in cricket and touring to new locations.
Sergio Barraza
Sergio is a Senior Technical Account Supervisor at AWS, serving to clients on designing and optimizing cloud options. With greater than 25 years in software program improvement, he guides clients by AWS providers adoption. Outdoors of labor, Sergio is a multi-instrument musician taking part in guitar, piano, and drums, and he additionally practices Wing Chun Kung Fu.
