AWS ships seven native cost tools for free, and there's a $300M third-party market layered on top of them. Most teams use the wrong subset — paying for a platform they don't need, or flying blind on a bill the native tools could have flattened. This is the practitioner's map: every AWS-native tool, the major third-party platforms, what each is genuinely good at, and the line where native stops being enough and a paid tool (or a partner-led audit) pays for itself.
Every AWS cost tool, native or third-party, does one of four jobs: see the spend, find the waste, act on the savings, or prevent the next surprise. Once you map a tool to its job, the buying decision gets simple — you only pay for the jobs the free tools do badly.
Cost tools cluster into four functions. Visibility — where is the money going, broken down by service, account, team, environment, and time. Recommendation — given the usage, where is the waste (idle resources, over-provisioned instances, the wrong storage class, missing commitments). Action / automation — actually changing something: buying a Savings Plan, resizing an instance, deleting an unattached volume, or doing it continuously without a human. Governance — budgets, anomaly alerts, allocation tags, and the showback/chargeback that keeps teams accountable for the spend they create.
AWS's seven native tools cover all four functions to a baseline level, for free. The third-party market exists because the baseline has real gaps: native visibility clusters multi-account and multi-cloud data awkwardly, native tooling cannot allocate Kubernetes costs at all, and native action is manual — AWS will recommend a Savings Plan but it will never buy and rebalance one for you. Every successful third-party platform sells against one of those three gaps.
The single most expensive mistake teams make is buying for a gap they don't have. A six-engineer startup on one AWS account at $18K/month does not need a CloudHealth seat — Cost Explorer plus Compute Optimizer plus a Savings Plan will get them most of the way. A 40-account enterprise running Kubernetes across three clouds genuinely cannot operate on native tools alone. The rest of this guide is about knowing which one you are.
A note on price-realism throughout: AWS pricing and the discounts each tool surfaces shift continuously, and third-party platform pricing is mostly negotiated, not listed. Treat every number here as a representative 2026 range and confirm live rates in the AWS Pricing Calculator, your Cost Explorer, and a vendor quote before you commit.
Before evaluating a single paid product, you should know exactly what AWS already gives you. These seven are all included with your account; none cost extra to turn on (the CUR incurs only the S3 storage and query cost of the data it lands).
Treat this as the free foundation. In practice the native stack does 70–90% of what a small-to-mid team needs; the paid market is mostly about doing the last 10–30% better, at scale, or automatically.
What it does: interactive charts of your spend and usage, sliceable by service, linked account, region, instance type, tag, and time, with up to 12 months of history and a 12-month forecast. It also surfaces rightsizing and Savings Plans recommendations.
Free vs paid: the console UI is free. The Cost Explorer API costs $0.01 per paginated request — trivial unless you're polling it programmatically at high frequency.
The honest limit: it's a reporting tool, not an analytics warehouse. Granularity caps at daily by default (hourly/resource-level is a paid toggle), and complex multi-dimensional questions ("unattached gp2 volumes by team, last 30 days") are clumsy. That clumsiness is exactly what the CUR and third-party tools exist to fix.
What it does: set cost, usage, RI/SP-utilization, or RI/SP-coverage budgets and get alerted (email/SNS) at thresholds you define — actual or forecasted. Budget Actions can even auto-apply an IAM policy or stop instances when a budget is breached.
Free vs paid: your first two budgets are free; beyond that it's about $0.02 per budget per day (~$0.60/month each). Negligible.
The honest limit: Budgets is a tripwire, not a diagnosis. It tells you that you blew through $X; it won't tell you which deploy or which team caused it. Pair it with Cost Anomaly Detection for the "why."
What it does: uses machine learning on CloudWatch metrics to recommend right-sized EC2 instances, Auto Scaling groups, EBS volumes, Lambda memory, and ECS-on-Fargate tasks — including cross-family and Graviton (ARM) migration suggestions, each with a projected price and performance delta.
Free vs paid: free. Enhanced infrastructure metrics (3 months of lookback instead of 14 days) cost a small per-resource fee but materially improve recommendation quality for bursty workloads.
The honest limit: it sees CPU/network/memory-via-agent, not application semantics. It will happily tell you to downsize a node that's idle for a reason (a warm standby, a monthly batch job). Recommendations are a starting point a human still has to sanity-check.
What it does: ML-based monitors that learn your normal spend pattern per service or per linked account and alert when spend deviates — the classic catch being a runaway NAT Gateway, a forgotten GPU instance, or a misconfigured data pipeline egressing terabytes. Free.
The honest limit: it's reactive by design — it tells you after the anomaly starts, not before. And it needs a few weeks of history to model "normal." It's the single highest-ROI free tool to turn on day one, because the alert it sends one Saturday morning can pay for a year of FinOps effort.
What it does: cross-cutting checks across cost, security, performance, fault tolerance, and limits. The cost checks flag idle load balancers, underutilized EBS volumes, idle RDS instances, low-utilization EC2, and unassociated Elastic IPs.
Free vs paid: a limited free set; the full cost-optimization check suite requires a Business or Enterprise Support plan. Many teams on Developer support never see the deeper checks.
The honest limit: breadth over depth. It's a checklist of usual suspects, not a quantified savings model. Good for a quick "did we leave anything obvious on" sweep; not a substitute for Compute Optimizer's sizing math.
What it does: the most granular billing data AWS produces — every line item, hourly or resource-level, with every tag, delivered to S3 in Parquet. It's the source of truth that powers Athena/QuickSight dashboards and, crucially, almost every third-party cost platform (they ingest your CUR).
Free vs paid: the report itself is free; you pay only for the S3 storage and whatever you spend querying it (Athena per-TB-scanned, or QuickSight seats). CUR 2.0 / the newer Data Exports format is the current default.
The honest limit: it's raw. The CUR is a firehose, not a dashboard — turning it into answers takes SQL and BI work. This is precisely the labor third-party platforms productize, and it's why "we'll just build it on the CUR" so often stalls on a lean team.
What it does: the newest native tool — a single place that aggregates and de-duplicates all your cost recommendations (rightsizing, idle-resource deletion, Graviton migration, Savings Plans, RIs) across accounts and Regions, quantifies the estimated monthly savings of each, and ranks them so you can work the list top-down.
Free vs paid: free, and it consolidates outputs from Compute Optimizer, Cost Explorer, and Trusted Advisor into one prioritized, dollar-quantified backlog.
Why it matters: it closes the biggest historical gap in the native stack — recommendations used to be scattered across four tools with overlapping, un-deduplicated, un-prioritized advice. Cost Optimization Hub is now the right native starting point for "what should we do first."
Turn on, in this order: Cost Anomaly Detection (day-one tripwire), AWS Budgets (one cost + one SP-coverage budget), the CUR / Data Exports (so you have the raw data when you need it), then work Cost Optimization Hub top-down with Compute Optimizer for the sizing detail. That free sequence captures most of the achievable savings for teams under ~$50K/month — do it before you evaluate a single paid platform.
Every viable third-party tool exists because it does something native AWS does badly, not at all, or not automatically. Here's the major-player map, grouped by the gap they fill — so you can match a tool to a problem you actually have.
Pricing across this market is mostly a percentage of the cloud spend they manage (commonly ~1–3%, negotiated and tiered down at scale) or a per-resource / platform fee. Read every one of these as "does this gap cost me more than the tool does?" If the gap isn't real for you, the tool is pure overhead.
The gap: native visibility clusters multi-account, multi-team, and multi-cloud data poorly, and turning the CUR into shareable dashboards is real engineering work. These platforms ingest your CUR (and often Azure/GCP), give you clean cross-account dashboards, virtual tagging to fix the allocation gaps your real tags missed, anomaly detection, and showback/chargeback reports the finance team can actually read.
Vantage is the developer-friendly, fast-to-onboard option (good cost-per-unit views, active "EngOps" angle, transparent-ish pricing). CloudHealth (VMware/Broadcom) and Cloudability (Apptio/IBM) are the enterprise incumbents — deep governance, policy, and chargeback, priced and sold for large orgs. Finout and nOps compete on unit economics and automation respectively.
When it pays off: several AWS accounts (or genuine multi-cloud), more than a handful of teams you need to hold accountable, and a finance function asking for chargeback. When it doesn't: one or two accounts under ~$50K/month — Cost Explorer plus a CUR-on-Athena dashboard does the job for free.
The gap: this is the clearest "native simply cannot do this" case. AWS bills you for an EKS node; it has no idea that the node runs 30 pods across 6 namespaces owned by 4 teams. Native tools allocate cost to the EC2 instance, full stop. Kubecost (and its open-source core, OpenCost, now a CNCF project) reads Kubernetes metrics and AWS pricing to allocate spend down to namespace, deployment, pod, and label — plus right-sizing recommendations for requests/limits and idle-capacity detection.
Free vs paid: OpenCost and Kubecost's free tier cover single-cluster allocation; paid Kubecost adds multi-cluster aggregation, longer retention, SSO, and governance. For one cluster, the free tier is often enough.
When it pays off: any meaningful EKS footprint where more than one team shares clusters and you need to know who's spending what. If you run Kubernetes at all and care about cost, this is usually the first paid (or free-OSS) tool worth adding, because nothing native fills the gap.
The gap: AWS recommends Savings Plans and RIs but never buys, blends, or rebalances them for you — and getting commitment coverage right (laddering 1- and 3-year terms, mixing Compute SP with EC2-Instance SP and RIs, adjusting as usage shifts) is a continuous portfolio-management job most teams do once and then let drift. ProsperOps automates exactly this: it manages your commitment portfolio algorithmically to maximize effective savings rate while minimizing lock-in risk, typically charging a share of the incremental savings it generates.
Spot by NetApp (formerly Spot.io) and Zesty automate the compute-side analog — running interruptible Spot capacity safely for stateless/batch/k8s workloads and commitment optimization, so you capture Spot's up-to-~90% discount without managing interruptions by hand.
When it pays off: compute spend large enough that a few extra points of effective savings rate exceeds the tool's cut, and a team that will otherwise let commitments go stale (which is almost everyone). When it doesn't: small, flat compute spend you can cover with a single 1-year Compute Savings Plan and forget.
Infracost shifts cost left: it estimates the cost delta of a Terraform change in the pull request, so engineers see "+$420/month" before they merge. It targets prevention, the cheapest kind of optimization.
Open source generally: beyond OpenCost and Infracost, the CUR-on-Athena-and-QuickSight pattern (AWS publishes the CUDOS / Cloud Intelligence Dashboards framework for free) gives you enterprise-grade visibility dashboards at the cost of the BI work to stand them up. For a team with the engineering bandwidth, this is the "platform-grade visibility for $0 in license" path.
The whole buying decision reduces to a few thresholds. Cross one and a paid tool earns its fee; stay under all of them and the free stack is the right answer. Here are the lines that actually matter.
A useful rule of thumb: a paid cost tool has to return more than it costs. If a platform charges ~2% of a $30K/month bill ($600/month, $7.2K/year), it has to find or automate at least that much savings that you wouldn't have captured with the free tools — and at small scale, the free tools capture most of it. The honest threshold for "a visibility platform starts paying off" sits somewhere around $50K/month of spend or genuine multi-account/multi-cloud complexity, whichever comes first.
This is the part the tool vendors gloss over. A dashboard that says "you could save 38%" is not 38% of savings — it's a backlog. And on most teams, that backlog never gets worked, because the people who could do it are shipping product.
Walk the actual chain. Cost Optimization Hub hands you a ranked list: right-size 14 instances, migrate 9 workloads to Graviton, buy a Compute Savings Plan, delete 240 unattached EBS volumes, replace two NAT Gateways with VPC endpoints, move 40 TB of S3 to Intelligent-Tiering. Every line is a real engineering ticket with real testing, real rollout risk, and a real owner who has to context-switch off the roadmap to do it. Multiply by the fact that some of those changes (Graviton recompiles, commitment laddering, data-transfer re-architecture) need genuine expertise, and you see why the recommendations sit untouched quarter after quarter.
That's the structural reason a tools-only approach underdelivers: the tool is the cheap 10% (seeing the waste), the implementation is the expensive 90% (removing it), and the implementation is exactly what a busy team has no slack for. The savings number on the dashboard and the savings number on next month's invoice are two very different things, and the distance between them is labor.
CloudRoute's model closes that gap directly: we route you to a vetted AWS partner who brings the tooling (their own platform plus the native stack, configured properly) and does the rework — the right-sizing, the Graviton migrations, the commitment strategy, the data-transfer surgery — so the savings actually reach your bill instead of dying in a backlog.
And here's the part that changes the math: AWS funds partner-led cost and Well-Architected optimization engagements for qualifying customers — the partner is paid through AWS programs, and a Well-Architected Review can unlock remediation credits. For credit-eligible engagements that means you cut the bill for $0. Honest framing: AWS-funding applies to qualifying engagements; where it doesn't, it's a vetted-partner referral that pays for itself out of the savings many times over. If you want the credits angle in parallel, our $100K AWS credits path and the Well-Architected Review route stack naturally with a cost engagement.
The tools are free or cheap and you should absolutely run them. But buying a tool is not buying savings — it's buying a to-do list. CloudRoute matches you to a partner who works the list and (for qualifying engagements) does it on AWS's funding, so the 30–45% the dashboard promises shows up on the invoice instead of in a backlog.
Match your profile to the row. Each is the stack a FinOps practitioner would actually stand up for that situation — not the maximal stack, the right-sized one.
| Your situation | Visibility | Recommendation | Commitments / k8s | Worth paying for? |
|---|---|---|---|---|
| Seed startup, 1 account, <$15K/mo | Cost Explorer + Budgets | Cost Optimization Hub + Compute Optimizer | 1× Compute Savings Plan (DIY) | No — free stack is plenty |
| Series-A, 1–3 accounts, $15–50K/mo | Cost Explorer + CUR dashboard | Cost Optimization Hub + Anomaly Detection | Savings Plan ladder (DIY or ProsperOps) | Maybe — partner audit beats a seat |
| Running EKS, shared clusters | Cost Explorer + Kubecost | Compute Optimizer + Kubecost rightsizing | Kubecost (free/OSS) + Spot for batch | Yes — k8s allocation is non-native |
| Multi-account, 5+ teams, $50K+/mo | Vantage / CloudHealth / Cloudability | Platform recs + Cost Optimization Hub | ProsperOps (autonomous commitments) | Yes — sprawl + chargeback justify it |
| Multi-cloud (AWS + Azure/GCP) | CloudHealth / Cloudability / Finout | Platform recs (cross-cloud) | Platform + ProsperOps | Yes — native is single-cloud only |
| Any size, no one to do the rework | Whatever you have | Cost Optimization Hub | — | Partner-led audit (often AWS-funded) |
You can capture the first wave of savings with the free stack in about a month, before spending a dollar on tooling. Here's the sequence a practitioner would run.
Week 1 — instrument. Turn on Cost Anomaly Detection (per-service monitors), create one cost budget and one Savings-Plan-coverage budget, and enable the CUR / Data Exports to S3 so the raw data starts accumulating. Tag your top spend by team/environment if you haven't — every downstream tool, native or paid, is only as good as your tags.
Week 2 — find the waste. Open Cost Optimization Hub and read the ranked, dollar-quantified backlog. Cross-check the sizing detail in Compute Optimizer (enable enhanced metrics for bursty services) and run a Trusted Advisor cost sweep for the obvious idle/unattached resources. You now have a prioritized list with savings attached to each line.
Week 3 — bank the quick wins. Delete unattached EBS volumes and old snapshots, release unassociated Elastic IPs, kill idle load balancers and zombie instances, flip gp2 volumes to gp3, and turn on S3 Intelligent-Tiering for buckets with unknown access patterns. These are low-risk and need no commitment.
Week 4 — the structural levers. Buy the commitment layer (start with a 1-year Compute Savings Plan sized to your steady-state baseline; ladder in more later), plan the Graviton migrations Compute Optimizer flagged, and scope the data-transfer fixes (VPC endpoints to retire NAT data-processing charges, cross-AZ traffic reduction). These deliver the largest, most durable savings — and they're also the ones most likely to need real engineering time.
The decision point. After 30 days you'll know two things: how much the free stack got you, and how much is left in the structural backlog you don't have time to implement. That's the moment a partner-led engagement makes sense — they take the remaining backlog and execute it, on AWS's funding for qualifying cases, so the rest of the savings actually lands.
The core buying question in one table. Native tools are free and cover the fundamentals; third-party platforms cost money and earn it specifically on scale, multi-cloud, Kubernetes, and automation. Map your needs to the columns.
| Capability | AWS-native (free) | Third-party platform (paid) |
|---|---|---|
| Single-account visibility | Cost Explorer — strong, free | Cleaner UI, marginal gain at small scale |
| Multi-account / multi-cloud | Clusters awkwardly; AWS-only | Core strength — Vantage / CloudHealth / Cloudability |
| Right-sizing recommendations | Compute Optimizer — ML-based, free | Similar engine, packaged with workflow + automation |
| Kubernetes cost allocation | Not supported natively | Kubecost / OpenCost — the only real option |
| Anomaly detection | Cost Anomaly Detection — free, solid | Comparable; often bundled with richer alerting |
| Commitment automation (SP/RI) | Recommends only — never buys/rebalances | ProsperOps / Spot / Zesty — autonomous portfolio mgmt |
| Chargeback / showback | Basic via tags + CUR | Productized, finance-ready reports |
| Shift-left (cost in PRs) | Not native | Infracost — estimates the diff pre-merge |
| Cost of the tool | $0 (CUR pays S3/query only) | ~1–3% of managed spend, or platform fee |
| Implements the savings for you | No — recommendations only | No — also recommendations only |
Situation: The bill had grown ~35% in two quarters with no clear owner. They had Cost Explorer open but no one had time to act on it; EKS spend was un-allocatable (one team's pods couldn't be separated from another's); commitments were a single stale 1-year Savings Plan covering maybe 40% of compute. They'd trialled a paid visibility platform, but it just produced reports nobody worked. The cloud lead was ~80% on product.
What CloudRoute did: Routed within 20 hours to an EU-West partner with EKS + FinOps depth. The partner stood up Kubecost (OSS tier) for namespace-level allocation, read Cost Optimization Hub + Compute Optimizer top-down, then executed: right-sized 17 over-provisioned services, migrated 11 workloads to Graviton, moved batch jobs to Spot, replaced two NAT Gateways with VPC endpoints, laddered Compute + EC2-Instance Savings Plans to ~85% coverage, and lifecycled 30 TB of S3 to Intelligent-Tiering. Filed as a Well-Architected-aligned optimization engagement.
Outcome: Monthly AWS spend fell from ~$41K to ~$25K — a 39% reduction — within 7 weeks, with EKS cost now allocated per team so it stays down. The engagement qualified for AWS partner funding plus Well-Architected remediation credits; the customer paid $0, and CloudRoute's commission was paid by the partner from AWS's funding.
engagement window: 7 weeks · bill cut: 39% (~$192K/yr) · EKS now per-team allocated · cost to customer: $0
The tools surfaced the savings; CloudRoute routes you to a partner who implements them — right-sizing, Graviton, commitments, data-transfer — and for qualifying engagements AWS funds the work, so you pay $0. No procurement, no platform seat, no unworked reports.