AWS FinOps Agent is in preview release and is subject to change.

# Agent guardrail controls
<a name="agent-guardrail-control"></a>

## Read-only actions
<a name="agc-read-only-actions"></a>

Read-only actions run autonomously without requiring approval. These include querying cost data, retrieving optimization recommendations, searching memory, and reading context files.

## Read-write actions
<a name="agc-read-write-actions"></a>

Read-write actions affect systems outside the agent. AWS FinOps Agent supports three read-write actions: creating a Jira issue, adding a Jira comment, and posting a Slack message. The agent's approval behavior depends on the action and on how it is started.

### Jira issue creation and comment addition
<a name="agc-jira-approval"></a>

Jira issue creation and comment addition are the read-write actions that require approval, and they require approval only when started from a chat conversation or from an on-demand task. The agent presents the action details (for an issue: project, summary, description; for a comment: target issue and body), and you confirm or revise before the action runs.

When the action is part of a scheduled or event-based automation, no approval is required. You pre-authorize the agent to create Jira issues and add comments when you set up the automation, so the workflow runs end to end without further prompting. You can review every action the agent took in the task history.

### Slack messages
<a name="agc-slack-approval"></a>

Posting messages to Slack channels does not require approval, including when the post is started from a chat conversation or an on-demand task. The agent posts directly to the channel you specify and writes the result to the task history.

## Behavioral guardrails
<a name="agc-behavioral-guardrails"></a>

AWS FinOps Agent is constrained to answer questions within the FinOps domain. The agent focuses on AWS cost management and optimization topics, does not generate answers outside the FinOps domain, and responds in English by default. These constraints are not administrator-configurable.

## Generative AI accuracy considerations
<a name="agc-generative-ai-considerations"></a>

AWS FinOps Agent is a generative AI service built on Amazon Bedrock. You are responsible for all decisions made, advice given, actions taken, and failures to take action based on your use of the service. Output generated by the underlying large language model is probabilistic. Evaluate it for accuracy as appropriate for your use case, including by employing human review of such output. You can review the agent's reasoning steps and tool calls in the web application chat area.

Known accuracy considerations:
+ Cost data accuracy depends on the underlying AWS APIs. The agent retrieves data from Cost Explorer, Cost Anomaly Detection, and other billing services and does not modify the raw data. Discrepancies between the agent's responses and console views might occur because of differences in time ranges, granularity, or filtering.
+ Root-cause analysis for cost anomalies is investigative. The agent correlates cost trends from Cost Explorer with CloudTrail events during anomaly investigations to identify likely causes, but the identified root cause might not always be correct. Treat root-cause analysis as a starting point for investigation rather than a definitive conclusion.
+ Report generation creates charts and visualizations from cost data. Verify that charts accurately represent the underlying data, particularly for complex multi-dimensional breakdowns.
+ Optimization recommendations come from Cost Optimization Hub and Compute Optimizer. The agent summarizes and contextualizes these recommendations but does not generate its own optimization analysis.