TurboFinOpsTurboFinOps
Docs/Glossary

Reference

Glossary

Key terms and concepts used throughout TurboFinOps and this documentation.

Action
A governed remediation workflow triggered from a savings opportunity or supporting finding. Actions have a lifecycle: created - approved - executed - verified. Every action produces an audit log entry and can feed receipt verification.
Action Engine
Action Mode
Per-scope setting that controls how TurboFinOps handles execution. Options: suggest (recommendations only), manual_approval (user must confirm before execution), safe (auto-executes low-risk actions), auto (fully automated). Default is manual_approval.
Action Engine
Audit Log
An immutable record of every state-changing operation in TurboFinOps, including who performed it, when, what changed, and what receipt or evidence context was produced.
Evidence Bundle
BYOAI (Bring Your Own AI)
TurboFinOps's model for AI features: instead of operating a shared AI service, customers provide their own API key for an AI provider (OpenAI, Azure OpenAI, Anthropic). TurboFinOps uses that key to generate explanations and summaries.
Responsible AI
Cloud Connection
A set of credentials (IAM role ARN, Azure App Registration, GCP service account key) that allows TurboFinOps to authenticate to a cloud provider. One connection can cover multiple scopes.
Connect Cloud
Commitment Optimizer
A feature that identifies resources eligible for Reserved Instances, Savings Plans, or committed use discounts based on observed utilization patterns.
Commitment Optimizer
Conflict Detection Guard
A safety check that runs before every action execution. It verifies that the target resource is not protected by an IaC ownership tag, is not within a freeze window, and is not flagged by a policy protection rule.
Action Engine
Detection
A logic unit that evaluates one condition against your cloud inventory. Each detection has a provider scope, severity, and optional remediation action.
Detection Catalog
Domain
A supporting classification for signals: FinOps covers cost waste, Security covers exposure and access risk, Governance covers ownership and tagging, and Audit covers evidence readiness. Daily workflows should start from savings actions and receipts.
Evidence Artifact
A generated document (JSON, CSV, or PDF summary) that captures the state of receipts, findings, resources, or actions at a specific point in time. Used for finance, compliance and audit review.
Evidence Bundle
Finding
A supporting signal detected from current cloud inventory. Findings feed savings opportunities, risk context, owner routing and action entry points.
Detection Catalog
Finding Status
The lifecycle state of a finding: open (unresolved), in_progress (action underway), resolved (fixed), suppressed (acknowledged and accepted), or wont_fix (deprioritized).
Forecast Accuracy
How close TurboFinOps cost forecasts were to realized spend, measured by holdout backtesting: MAPE, bias, 95% prediction-interval coverage and skill versus a persistence baseline.
Forecast Accuracy Methodology
Freeze Window
A configured time period during which TurboFinOps will not execute automated actions against a scope. Used to protect production deployments, release windows, or compliance periods.
Action Engine
Governance Policy
Organization-level configuration that defines required resource tags (owner, cost_center, environment, etc.), allowed regions, and other control requirements used for ownership routing and action safety.
Ownership Tag Remediation
IaC Ownership Tag
A tag applied to a cloud resource (e.g. managed-by: terraform) that signals the resource is managed by infrastructure-as-code. TurboFinOps's conflict guard checks for these tags before executing any action.
Action Engine
Inventory
The normalized record of all cloud resources discovered by TurboFinOps across all connected scopes. Resources are updated on each scan.
Organization
The top-level tenant in TurboFinOps. All connections, scopes, findings, users, and settings belong to an organization. Users can belong to one or more organizations.
Onboarding Guide
Policy Pack
A pre-configured set of policy rules for ownership, allocation, safety or compliance context. Built-in packs ship with TurboFinOps; custom packs are available on Professional and Enterprise plans.
Detection Catalog
Provider
A cloud service provider. TurboFinOps supports aws, azure, and gcp.
RBAC
Role-Based Access Control. TurboFinOps enforces five roles: Admin, FinOps, Security, Auditor, and Viewer. Each role has a defined set of permissions enforced server-side on every API request.
Onboarding Guide
Rightsizing
The process of matching a resource's configuration (instance type, size) to its actual usage. TurboFinOps identifies rightsizing candidates and provides specific target recommendations based on observed utilization.
Dashboards & Metrics
Savings Receipt
A proof artifact for an executed action. It records baseline daily cost, observed post-action cost, 7/14/30-day checkpoints, status, confidence and methodology notes.
Analytics Validation
Scan Job
A background task that queries your cloud provider APIs for current resource state, applies all applicable rules, and generates or updates findings. Scan jobs are queued via Redis and run asynchronously. You can queue one scope, or every active scope on a provider at once (one metered job per scope). Scan type (Full, Delta, Targeted) selects which provider API groups run — it is not a diff-only incremental pass compared to your previous job.
Getting Started
Scope
A single discoverable unit: one AWS account, one Azure subscription, or one GCP project. Scopes are linked to a connection and define what TurboFinOps can see and act upon.
Connect Cloud
Score
A 0-100 metric per domain that summarizes current posture. In day-to-day workflows, teams should prioritize recoverable dollars, action readiness, and receipt verification outcomes first.
Dashboards & Metrics
Severity
The impact level of a finding: critical, high, medium, or low. Severity affects score weighting and finding prioritization.
Detection Catalog
Tenant Isolation
TurboFinOps is designed to keep each organization's data isolated from other tenants. Tenant-scoped queries are filtered by organizationId and enforced server-side, with monitoring and audit controls to detect regressions.
Security
VM Scheduling
Automatic start/stop of virtual machines (EC2, Azure VMs, GCE) based on a configured business-hours schedule. Reduces cost by stopping VMs when they are not needed (nights, weekends).
VM Scheduling
Get started

Find recoverable spend before the next invoice lands.

Connect one AWS, Azure or GCP scope, approve the safest savings actions, and give finance a receipt when the savings verify.

Read-only scan first. Approval gates before remediation.
Connect a cloud scopeSee pricing