When it comes to cloud cost management, teams are often faced with the classic build vs. buy decision: should they invest in building their own FinOps tool, or should they buy an existing solution? This is a major consideration that shapes the long-term efficiency of their cloud management strategy.
But there’s also a smaller, more immediate question. Often, engineering teams, eager to solve pressing operational challenges, believe that writing Python scripts is the easiest way to tackle their day-to-day FinOps tasks. While scripting in Python may seem like a quick, flexible solution, it often introduces long-term challenges around scalability, security, and maintenance—problems that snowball as operations grow.
In this blog, we want to show that even in scenarios where Python scripting feels like the right solution for managing cloud costs, Wiv.ai offers a better approach. By simplifying automation with predefined workflows, no-code/low-code interfaces, and built-in best practices, Wiv.ai not only saves time but also helps avoid the complexity and risks associated with building custom scripts.
Let’s explore how Wiv.ai compares to Python scripts across several key factors, and why it’s the smarter choice for FinOps automation—whether your challenge is a short-term script or a long-term FinOps platform.
1. Scalability and Security
When managing FinOps across multiple AWS accounts, credential management is a critical security concern. Engineering teams often start by hardcoding credentials in Python scripts to quickly get results, but this practice becomes a serious liability as the system scales.
Python Approach:
In Python, teams typically hard-code AWS credentials into their scripts to quickly access cloud resources. This approach might seem fine initially, but it exposes sensitive information, making it a major security risk as more accounts and users interact with the system.
# Hardcoded credentials (a serious security risk) AWS_ACCESS_KEY = 'hardcoded-access-key' AWS_SECRET_KEY = 'hardcoded-secret-key'
Scaling this solution across multiple accounts introduces significant complexity, as each new account requires additional credentials management, increasing the risk of vulnerabilities.
Wiv.ai Approach:
Wiv.ai provides a more scalable and secure alternative. Credentials are securely managed in a centralized, encrypted system. There’s no need to hard-code credentials, and Wiv.ai automates credential rotation and management as your FinOps operations grow, ensuring that all sensitive data remains protected. Whether you’re managing 10 accounts or 1,000, Wiv.ai scales seamlessly without security risks or manual overhead.
2. Ease of Use and Collaboration
In Python, managing multiple scripts and keeping them synchronized across teams can become a challenge, especially when version control and collaboration are required. Writing scripts in isolation often leads to fragmentation, where different team members maintain their own versions of a script, causing inconsistencies in FinOps processes.
Python Approach:
Python scripts, while flexible, are often written and run on individual machines. This can make collaboration difficult as team members may be working with different versions of the same script. Additionally, maintaining scripts requires deep coding knowledge, which can limit involvement from non-technical users and result in silos within the team. Version control also needs to be set up manually, adding another layer of complexity.
Wiv.ai Approach:
Wiv.ai offers a centralized platform where all workflows are stored, shared, and updated in real time. This centralization ensures that workflows remain consistent across teams and projects. The no-code/low-code interface also makes collaboration easier by allowing both technical and non-technical users to contribute to workflows without needing deep technical expertise. Additionally, built-in version control ensures that every workflow change is tracked automatically, allowing teams to roll back to previous versions or review changes—streamlining collaboration and eliminating versioning issues.
3. Development Time and Efficiency
For many engineers, the allure of Python scripting comes from its perceived flexibility and control. However, even simple tasks can require significant time to develop and maintain, especially when scaling across multiple accounts or integrating with third-party tools.
Python Approach:
In Python, even a seemingly simple task like retrieving EC2 instances across multiple accounts and regions and filtering them by instance age involves custom loops, API calls, and manual filtering.
Python Code to Retrieve EC2 Instances Across All Accounts/Regions:
import boto3 from datetime import datetime, timedelta # Assume role and retrieve EC2 instances across accounts and regions def assume_role(account_id, role_name): sts_client = boto3.client('sts', aws_access_key_id=AWS_ACCESS_KEY, aws_secret_access_key=AWS_SECRET_KEY) assumed_role = sts_client.assume_role( RoleArn=f'arn:aws:iam::{account_id}:role/{role_name}', RoleSessionName='FinOpsSession' ) return assumed_role['Credentials'] # Retrieve EC2 instances across all regions def get_ec2_instances(account_id, role_name): credentials = assume_role(account_id, role_name) ec2_client = boto3.client( 'ec2', aws_access_key_id=credentials['AccessKeyId'], aws_secret_access_key=credentials['SecretAccessKey'], aws_session_token=credentials['SessionToken'] ) all_instances = [] for region in ec2_client.describe_regions()['Regions']: region_name = region['RegionName'] regional_ec2_client = boto3.client( 'ec2', region_name=region_name, aws_access_key_id=credentials['AccessKeyId'], aws_secret_access_key=credentials['SecretAccessKey'], aws_session_token=credentials['SessionToken'] ) all_instances += regional_ec2_client.describe_instances()['Reservations'] return all_instances # Filter instances older than 90 days def filter_old_instances(instances): cutoff_date = datetime.utcnow() - timedelta(days=90) old_instances = [] for reservation in instances: for instance in reservation['Instances']: launch_date = instance['LaunchTime'] if launch_date < cutoff_date: old_instances.append(instance) return old_instances # Example: Iterate over all accounts and regions, and filter by instance age accounts = ['123456789012', '234567890123', '345678901234'] role_name = 'YourRoleName' all_old_instances = [] for account in accounts: instances = get_ec2_instances(account, role_name) old_instances = filter_old_instances(instances) all_old_instances += old_instances print(f"Found {len(all_old_instances)} old instances across all accounts and regions.")
This script might work for small-scale projects, but as your infrastructure grows, managing this level of manual development quickly becomes cumbersome.
Wiv.ai Approach:
In Wiv.ai, this entire process is much simpler. You can achieve the same outcome with predefined steps and filters:
- Add the “EC2 Describe Instances” step, which automatically retrieves instances across all accounts and regions.
- Apply a predefined filter like “Instance Age > 90 Days” without writing custom loops or filtering logic.
Wiv.ai saves your team significant development time by allowing you to focus on high-level decision-making rather than spending weeks building and maintaining custom code.
4. Retrieving Amortized EC2 Costs via AWS Athena
Tracking accurate cloud costs is crucial for FinOps. In Python, retrieving amortized EC2 costs often requires setting up custom Athena queries, managing SQL, and manually handling query results, which increases both complexity and the potential for errors.
Python Approach:
In Python, you would need to write Athena queries and parse the results manually, as shown in this example:
# Athena query to get amortized costs per EC2 instance def run_athena_query(query, database, output_location): athena = boto3.client('athena') response = athena.start_query_execution( QueryString=query, QueryExecutionContext={'Database': database}, ResultConfiguration={'OutputLocation': output_location} ) return response['QueryExecutionId'] # Example Athena query to get EC2 cost query = """ SELECT resourceid, SUM(lineitem_blendedcost) as total_cost FROM wivdb.wiv_cur WHERE lineitem_productcode = 'AmazonEC2' GROUP BY resourceid """
While Python gives you flexibility, it also means handling SQL queries, result parsing, and managing Athena configurations.
Wiv.ai Approach:
In Wiv.ai, retrieving monthly and yearly costs for common services like EC2 or S3 is as simple as enabling a toggle—no need for manual SQL or Athena management. For other services, Wiv.ai provides predefined steps that retrieve actual, amortized, or net amortized costs based on the resource ID, removing the need for manual querying.
5. Customization and Flexibility
While Python allows for complete flexibility, this often comes at the cost of development time and maintenance complexity. Every custom integration, workflow, or filter requires manual coding, and scaling these solutions increases the technical debt over time.
Wiv.ai Approach:
Wiv.ai offers a balance of predefined workflows and customization. Most common FinOps tasks are covered by built-in steps, but if you need to extend functionality, Wiv.ai allows you to insert custom Python steps directly into the workflow. This hybrid approach enables you to have the best of both worlds—flexibility when needed, but without the overhead of maintaining a fully custom-built solution.
Conclusion
The decision between building a FinOps tool in-house or using an existing platform like Wiv.ai becomes clearer when considering the long-term challenges of maintaining custom Python scripts. While writing scripts may seem like the right solution for immediate problems, it often introduces scalability, security, and collaboration issues that compound over time.
With Wiv.ai, teams benefit from a centralized platform, predefined workflows, and no-code/low-code interfaces, all while maintaining flexibility through customizable steps. Wiv.ai allows you to scale FinOps automation efficiently, eliminating the risks and complexities of building and maintaining custom scripts.
For FinOps teams looking to streamline their operations, Wiv.ai offers the same power as Python scripts—without the complexity.