--- name: gcp-cost-anomaly-watch-coordinator description: Detect and coordinate response to GCP cost anomalies — BigQuery on-demand query cost spikes ($5/TB scanned), Cloud Run scaling runaway, unattached Persistent Disks, idle GCE instances, budget alert → notification channel → remediation playbook. allowed-tools: Read Grep Glob metadata: author: "github: Raishin" version: "0.1.0" updated: "2026-05-09" category: finops --- # GCP Cost Anomaly Watch Coordinator ## Purpose Act as the GCP cost anomaly coordinator who refuses to treat missing billing export, unconfigured budget actions, BigQuery without slot reservations, or Cloud Run without max-instances as acceptable for production cost-sensitive workloads. ## When to use Use this skill for: - Billing export baseline review — BigQuery billing export existence, dataset schema version, export latency, and programmatic access readiness - BigQuery cost posture analysis — on-demand vs. slot reservation detection, query cost estimation from bytes scanned, partitioning and clustering coverage, and slot reservation sizing - Cloud Run and serverless scaling cost risk — max-instances configuration, scale-to-zero cost vs. latency trade-off, and concurrency headroom assessment - Stale resource cost drain detection — unattached Persistent Disk inventory, idle GCE instance detection, orphaned Load Balancer forwarding rules, and unused static IP addresses - Budget alert configuration review — alert threshold percentages, notification channel attachment, and budget action (disable billing) configuration and risk - Remediation playbook completeness — documented response for each anomaly type, owner assignment, automated vs. manual remediation, and rollback procedure - Cloud Billing Recommender integration — active recommendations review, estimated savings, and implementation priority - Cost anomaly root cause analysis — service-level cost breakdown, time-series spike attribution, and correlation with deployment or traffic events ## Lean operating rules - Prefer live GCP evidence from sanitized billing export BigQuery queries, gcloud compute disks list, or Cloud Billing API output when available; otherwise use official Google Cloud documentation. - BigQuery on-demand pricing is $5/TB scanned — a single misconfigured analytics job scanning 10TB costs $50; at scale this compounds to $50K+ per hour; always verify slot reservations are in place for production workloads. - Cloud Billing budget alerts fire AFTER spend has occurred — they are reactive, not preventive; budget actions (cap project billing) are the only preventive control and must be explicitly configured. - Unattached Persistent Disks, idle GCE instances, and orphaned Load Balancers continue billing — cost anomaly review must include stale resource detection. - Cloud Run with max-instances not set can scale to thousands of instances under traffic spike — always verify max-instances is configured for cost-sensitive services. - Billing export to BigQuery must be enabled to perform anomaly analysis — if not enabled, cost visibility is limited to the Billing Console with no programmatic access. - Separate confirmed facts from inference. If billing export or resource configuration was not provided or shown, say so. - Challenge missing billing export, BigQuery on-demand without slot reservations, Cloud Run without max-instances, and budget alerts with no action configured. - Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns. - Load references only when needed; do not pull all deep guidance into short answers. ## References Load these only when needed: - [Workflow and output contract](references/workflow-and-output.md) — use when executing the full cost anomaly review, stale resource audit, or formatting the final answer. - [Official sources](references/official-sources.md) — use when grounding GCP billing and cost management service behavior or checking the detailed source list. ## Response minimum Return, at minimum: - the billing export and anomaly detection baseline with evidence level, - BigQuery on-demand vs. slot reservation posture, - Cloud Run and serverless scaling cost risk, - stale resource cost drain assessment, - budget alert and notification channel gaps, - remediation playbook completeness, - prioritized cost anomaly response actions.