Blog
Real engineering writing on cost anomalies, attribution, and multi-cloud cost surfaces. By the team that ships Cloud Horizons.
-
May 12, 2026 10 min read
MCP for GCP: how Cloud Horizons connects to Compute Engine and Cloud SQL without touching your network
The Model Context Protocol is an open standard for connecting AI assistants to live systems. We built a GCP MCP server that reads Compute Engine, Cloud SQL, and Cost data with nothing but a service account key. The architecture, the security model, and why it matters for multi-cloud operations.
Read the post
-
May 12, 2026 10 min read
MCP for AWS: connecting S3, EC2, and Cost Explorer to Claude with zero infrastructure
AWS has no native MCP endpoint, so we built one. Cloud Horizons's AWS MCP server lets Claude ask about EC2 inventory, S3 buckets, CloudWatch logs, and Cost Explorer data in plain English. No agents, no Terraform, no VPC access. Here is how it works and what we learned.
Read the post
-
May 12, 2026 9 min read
MCP for Microsoft 365: reading Entra ID and audit logs through a protocol that does not exist yet
Microsoft does not ship an MCP server for M365 or Entra ID. We built a bridge that turns Microsoft Graph API calls into MCP tools, so Claude can reason about user licenses, sign-in logs, and conditional access policies in real time. Why this is harder than it looks, and what is coming next.
Read the post
-
May 10, 2026 8 min read
NAT Gateway: the AWS bill that hides in private subnets
NAT Gateway looks like plumbing until private-subnet traffic grows. The hourly fee is predictable, the per-GB processing fee is not, and the expensive traffic is usually S3, ECR, package mirrors, or cross-AZ chatter that should not be there. The audit path, the math, and the fixes.
Read the post
-
May 8, 2026 9 min read
Cosmos DB: the RUs vs storage tradeoff (and the model picker most teams skip)
Manual provisioned, Autoscale, and Serverless are not interchangeable. The wrong model on a Cosmos workload costs two to four times the right one. The autoscale tipping point, the serverless ceiling, the multi-region multiplier, and the indexing audit that cuts RUs in half before any pricing change.
Read the post
-
May 8, 2026 9 min read
Azure SQL DTU vs vCore: when each is the wrong choice
DTU bundles compute, memory, and IO into one number and blocks both Hybrid Benefit and Reserved Capacity. vCore unbundles them and stacks both discounts. The migration mapping, the AHB stack math, the Hyperscale break-even, and the audit query.
Read the post
-
May 8, 2026 8 min read
Azure Hybrid Benefit: the discount most teams still miss
AHB takes 40 percent off Windows VM rates and up to 55 percent off SQL Server. It stacks with Reserved Instances. The license entitlement was already paid in your EA. The audit, the math, and the reasons teams leave it on the table.
Read the post
-
May 8, 2026 9 min read
DynamoDB: the on-demand vs provisioned tipping point
On-demand DynamoDB is roughly 7x the per-request cost of fully-utilized provisioned. The tipping point is 14 to 18 percent sustained utilization. Below, on-demand wins. Above, switch and turn on autoscaling. The math, the GSI multiplier, the audit query.
Read the post
-
May 8, 2026 9 min read
RDS: the quiet doubler on the AWS bill
Multi-AZ doubles instance and storage hours. A read replica adds another 100 percent. Backup retention past 100 percent of storage is paid. None look big in isolation. Together they explain the four-figure RDS line that started at $400. The audit, the math, the fixes.
Read the post
-
May 8, 2026 8 min read
CloudFront: the CDN line item that usually pays for itself
Raw S3 egress is $0.09/GB. CloudFront in front of S3 is $0.085/GB in North America and Europe and the inter-service hop is free. For most workloads the CDN line is cheaper than going direct, before you count the latency win. The math, the price-class trick, and the audit query.
Read the post
-
May 8, 2026 8 min read
API Gateway REST vs HTTP API: the 71 percent discount most teams missed
AWS HTTP API has been a 71 percent discount on REST API since 2020. Most teams who started before that are still on REST. The migration is one Terraform resource for new APIs and a measured cutover for existing ones. The math, the trade-offs, and the audit query.
Read the post
-
May 8, 2026 9 min read
ALB: the line item nobody watches
AWS Application Load Balancer has a quiet hourly base and a loud LCU column. The LCU is the maximum of four dimensions, so tuning the wrong one saves nothing. How to read the bill, audit your inventory, and cut 30 percent without breaking traffic.
Read the post
-
May 8, 2026 8 min read
Lambda cost: the three knobs that matter (and the one that does not)
Lambda pricing has two components and three knobs that move the bill. Memory tuning, architecture, duration. Provisioned Concurrency is the fourth knob most teams should not touch. The math, the audit query, and the change you can ship before lunch.
Read the post
-
May 8, 2026 7 min read
CloudWatch Logs: the bill that grows quietly until it doesn't
New log groups default to indefinite retention. VPC Flow Logs default to full mode. Together they explain four-figure monthly CloudWatch Logs bills on accounts that never thought of logs as a line item. The pattern, the audit query, and the three-step fix.
Read the post
-
May 8, 2026 6 min read
EBS gp2 to gp3: the easiest AWS savings still left on the table in 2026
gp3 launched in December 2020. It is 20 percent cheaper per GB than gp2 and includes 3,000 IOPS and 125 MB/s for free. Most accounts still run gp2. The math, the migration command, and why it is the safest production change AWS offers.
Read the post
-
May 8, 2026 7 min read
The S3 Gateway Endpoint nobody enabled (and the $40k NAT bill it explains)
A Gateway Endpoint for S3 is free. It costs zero hourly, zero per GB, and routes private-subnet S3 traffic around NAT entirely. It is also the single most-missed line in the AWS audit playbook. The pattern, the math on a real account we audited, and the one Terraform resource that fixes it.
Read the post
-
May 8, 2026 10 min read
Transit Gateway: the hub-and-spoke tax on multi-VPC AWS
Transit Gateway looks cheap on paper. $0.05 per attachment per hour, $0.02 per GB processed. Then a 12-VPC hub-and-spoke quietly costs $1,300 a month, and the cross-AZ surcharge hides on a different bill line entirely. The patterns and the four moves to bring it down.
Read the post
-
May 8, 2026 9 min read
Cross-AZ data transfer: the quiet tax on every chatty AWS workload
Cross-AZ data transfer charges $0.01 per GB in each direction. That sounds like nothing until you see what a chatty microservice mesh, a multi-AZ RDS, and a misplaced NAT Gateway can do to it. The patterns we see, and the architectural fixes that pay back in weeks.
Read the post
-
May 8, 2026 9 min read
Cold storage compared: S3 Glacier vs Azure Archive vs GCS Archive
All three clouds advertise sub-cent-per-GB archival storage. The actual bill depends on retrieval frequency, minimum-duration billing, and how often you accidentally rehydrate. Side-by-side math on real workload shapes.
Read the post
-
May 8, 2026 8 min read
S3 Intelligent-Tiering vs Standard-IA: when each is the wrong choice
Both classes look like a free lunch at first glance. The math says otherwise on small objects, short-lived data, and predictable access patterns. The decision tree we run on every audit, with the dollar thresholds where each class breaks even.
Read the post
-
May 8, 2026 10 min read
Multi-cloud egress: when leaving AWS for cheaper egress actually pays for itself
Cloudflare R2 has $0 egress. AWS charges around $0.05 per GB at scale. The math is obvious until you price the migration. Three workload shapes where the move pays back in months, and three where it never does.
Read the post
-
May 7, 2026 9 min read
Reserved Instance or Savings Plan? Pick the right commitment for the right workload
Most teams pick one over the other and stop thinking about it. The right answer is usually both. The math, the workload patterns, and the three questions we ask before recommending a commitment.
Read the post
-
April 29, 2026 9 min read
Multi-cloud cost attribution without agents (AWS Organizations + Azure Management Groups)
Tag-based plus account-based attribution across AWS and Azure, using the cost data both clouds already give you. No agents, no Terraform, no extra runtime.
Read the post
-
April 22, 2026 8 min read
How to spot anomalies in your AWS bill before they wreck the quarter
Real examples: a lapsed RDS Reserved Instance, a misconfigured Lambda hammering S3, a NAT Gateway data transfer surprise. What the patterns look like and how to catch them next time.
Read the post