# Migration → FinOps handoff checklist The migration program (MAP, data-center exit, or lift-and-shift) ends. The bill does not. This is the explicit handoff that stops a freshly-migrated estate from becoming next year's "why is AWS so expensive" ticket. Work it in the **first 30 days post-cutover**, while the migration team still has context. Treat each line as Done/Not-done. The point of failure is almost always an *ownership* gap, not a technical one: nobody owns the bill after the migration SI rolls off. ## 0. Ownership & cadence (do this first) - [ ] Named **FinOps owner** (or owning team) assigned, in writing, before the migration team rolls off. - [ ] Monthly cost-review cadence on the calendar with eng + finance + product. - [ ] Anomaly alerting on (AWS Cost Anomaly Detection) routed to a channel a human reads. - [ ] "Definition of done" for handoff agreed: tagging coverage %, RI/SP coverage target, and a first optimization backlog (see CSV template). ## 1. Visibility (you cannot optimize what you cannot see) - [ ] Cost allocation tags activated in the Billing console (they are inactive by default even if resources are tagged). - [ ] Tagging coverage measured (% of cost carrying owner + environment + app). Migration commonly leaves 30–60% untagged on lifted resources. - [ ] Tag policy + (optional) SCP/`RequireTags`-style guardrail in place so new resources arrive tagged. - [ ] **Cost Optimization Hub** opted in (org-wide). It consolidates 18 recommendation types across accounts/Regions, dedupes them, and prices them with *your* RI/SP discounts. - [ ] Per-team/app cost views (Cost Explorer saved reports or CUR + Athena) shared with the people who can act on them. ## 2. The post-migration waste that lift-and-shift always leaves - [ ] **Right-size** over-provisioned EC2/RDS (migrations copy on-prem specs, which were sized for peak + headroom). Drive from Compute Optimizer via Cost Optimization Hub. - [ ] **Idle / orphaned** resources: unattached EBS, idle RDS, old snapshots, unused Elastic IPs, idle NAT Gateways, zombie load balancers. - [ ] **Storage tiering**: S3 lifecycle / Intelligent-Tiering; gp2 → gp3 on EBS. - [ ] **Graviton** candidates (managed services first: RDS/ElastiCache/OpenSearch, then stateless compute). - [ ] **Dev/test scheduling**: stop non-prod nights/weekends. - [ ] Modernization backlog seeded (not done now): monolith → containers/serverless where it pays for itself — feeds the next quarter, not the handoff. ## 3. Commitment discipline (only AFTER right-sizing) - [ ] Right-size **before** buying commitments. Buying RIs/SPs on over-provisioned instances locks in the waste. - [ ] Establish a coverage target (e.g. 70–80% of stable baseline on Compute Savings Plans), reviewed monthly — don't commit 100%. - [ ] Decide ownership of commitment purchases (usually FinOps/finance, informed by eng). ## 4. Guardrails so it doesn't regress - [ ] AWS Budgets per team/app with alerts (and, where appropriate, Budgets Actions to cap runaway non-prod). - [ ] Unit-cost metric defined (cost per tenant / per order / per 1k requests) so "the bill went up" can be judged against "did the business grow." - [ ] Cost added to architecture-review and Well-Architected cadence. ## "If you only do one thing" Assign a named owner for the bill **before** the migration team leaves, and put a recurring monthly cost review on the calendar. Every other line on this list gets done eventually if an owner exists, and none of them get done if one doesn't.