CLOUDBALANCE

A major project report submitted in partial fulfilment of the

requirement for the award of degree of

Bachelor of Technology
in
Computer Science & Engineering
Submitted by
Divyansh Goyal (211530)

Under the guidance & supervision of

Mrs. Ruchi Verma , Assistant Professor (Grade - I)

Department of Computer Science & Engineering and

Information Technology
Jaypee University of Information Technology,
Waknaghat, Solan - 173234 (India)
May 2025
 CERTIFICATE

This is to certify that the major project report entitled ‘CloudBalance - A finOps Platform
with Role-Based Access’, submitted in partial fulfillment of the requirements for the
award of the degree of Bachelor of Technology in Computer Science & Engineering, in
the Department of Computer Science & Engineering and Information Technology, Jaypee
University of Information Technology, Waknaghat, is a bona fide project work carried out
under my supervision during the period from July 2024 to May 2025.

We have personally supervised the research work and confirm that it meets the standards
required for submission. The project work has been conducted in accordance with ethical
guidelines, and the matter embodied in the report has not been submitted elsewhere for the
award of any other degree or diploma.

(Supervisor Signature)
Supervisor Name: Mrs Ruchi Verma
Date: Designation: Assistant Professor (Grade – I)
Place: Department:CSE & IT
 CANDIDATE’S DECLARATION

I hereby declare that the work presented in this report entitled ‘CloudBalance - A finOps
Platform with Role-Based Access’ in partial fulfillment of the requirements for the award
of the degree of Bachelor of Technology in Computer Science & Engineering
/Information Technology submitted in the Department of Computer Science & Engineering
and Information Technology, Jaypee University of Information Technology, Waknaghat is
an authentic record of my own work carried out over a period from July 2024 to May 2025
under the supervision of Mrs. Ruchi Verma , Department of Computer Science and
Engineering & Information Technology, Jaypee University of Information Technology,
Waknaghat .

We further declare that the matter embodied in this report has not been submitted for the
award of any other degree or diploma at any other university or institution.

(Student Signature)
Name: Divyansh Goyal
Roll No.: 211530
Date:

This is to certify that the above statement made by the candidates is true to the best of my
knowledge.

(Supervisor Signature with Date)

Supervisor Name: Mrs Ruchi Verma
Designation: Assistant Professor
Department: Computer Science & Engineering and Information Technology
Date:
 ACKNOWLEDGEMENT

Firstly, I express my heartiest thanks and gratefulness to almighty God for his divine blessing
making it possible to complete the project work successfully. I am really grateful and wish
my profound indebtedness to Supervisor Mrs. Ruchi Verma, Assistant Professor, and Mr.
Kuntal Sarkar, Assistant Professor, Department of CSE Jaypee University of Information
Technology Waknaghat. Deep Knowledge & keen interest of my supervisors in the field of
“Software Development” to carry out this project. Their proper guidance, encouragement,
constant supervision, constructive criticism, valuable advice, reviewing our work and
correcting them at all stages have made it possible for partial completion of this project. I
would also generously thank each one of those individuals who have helped me
straightforwardly or in a roundabout way in making this project a win. In this unique
situation, I might want to thank the various staff individuals, both educating and not
instructing, which have developed their convenient help and facilitated my undertaking.

Divyansh Goyal
211530
Computer Science & Engineering and Information Technology
Jaypee University of Information Technology, Waknaghat
 TABLE OF CONTENTS
CONTENT PAGE NO.

Chapter 1: Introduction

1.1) Introduction 1

1.2) Problem statement 2

1.3) Objective 3

1.4) Significance and motivation of the project 3

1.5) Organization of Project Report 4

Chapter 2: Literature Review

2.1) Overview of Relevant Literature 6

2.2) Key Gaps in the Literature 10

Chapter 3: System Development

3.1) Requirements and Analysis 12

3.2) Project Design and Architecture 14

3.3) Implementation 16

3.4) Key Challenges 36

Chapter 4: Testing

4.1) Testing Strategy 39

4.2) Test Cases and Outcomes 39

Chapter 5: Results and Evaluation

5.1) Results 44

5.2) Comparison with Existing Solutions 47

Chapter 6: Conclusions and Future Scope

6.1) Conclusion 48

6.2) Future Scope 49

References 50

Appendix
 LIST OF TABLES

Table No. Caption Page No.

2.1.1 Literature Review 9

 LIST OF FIGURES

Figure No. Caption Page No.

3.2.1 System Architecture for the CloudBalance A FinOps 14

Platform with Role-Based Access

3.2.2 Data flow diagram for the CloudBalance A FinOps 15

Platform with Role-Based Access

3.3.1.1 Frontend Routes List 19

3.3.1.2 Authentication Reducers Handling User Login and 20

Logout State

3.3.1.3 Login Functionality Implementation 21

3.3.1.4 Protected Route Component to Restrict Access Based on 22

Authentication Status

3.3.1.5 Role Based Sidebar Navigation Rendering 22

3.3.1.6 Axios instance and interceptors used for api calling 23

3.3.1.7 Implementation of AWS Service Dashboard 24

3.3.2.1 Backend Authentication Routes 27

3.3.2.2 Login endpoint logic implementation 27

3.3.2.3 JWT Token verification Logic 28

3.3.2.4 Global Exception Handler 29

Figure No. Caption Page No.

3.3.2.5 Security Configuration 30

3.3.2.6 Utility Class for mapping functionality 31

3.3.2.7 Query Builder for building snowflake queries 32

3.3.2.8 Api routes for user management dashboard 33

3.3.2.9 Api routes for Cost Explorer dashboard 34

3.3.2.10 Api routes for AWS Service dashboard 34

3.3.2.11 Implementation of Assume Role Service 35

3.3.2.12 Routes for Account onboarding and getting all accounts 36

4.2.1 Postman Testing : Login Route 40

4.2.2 Postman Testing : Get all Users for user Management 40

Dashboard

4.2.3 Postman Testing : Add new User 41

4.2.4 Postman Testing : Update User 41

4.3.5 Postman Testing : Get EC2 instance information 42

4.2.6 Postman Testing : Get Group By Column for cost 42

Explorer

4.2.7 Postman Testing : Get Cost Explorer Data 43

Figure No. Caption Page No.

5.1.1 User Management Dashboard 45

5.1.2 Add User Dashboard 45

5.1.3 Account Onboarding Dashboard 46

5.1.4 Aws Service Dashboard 46

5.1.5 Cost Explorer Dashboard 47

 ABSTRACT

CloudBalance is a FinOps solution centered around role-based access, designed to boost

visibility into cloud expenses and streamline operational workflows. Through the
implementation of secure Role-Based Access Control (RBAC), it customizes dashboard
permissions for various user roles—such as Admins, Customers, and Read-Only users—
enabling tailored access to cloud resource management and cost monitoring based on
individual responsibilities.
The platform offers functionalities like user account management, onboarding of AWS
accounts, detailed cost analysis, and real-time tracking of services including EC2, RDS, and
ASG.
Built on a robust and scalable architecture featuring React.js, Spring Boot, Redux, and JWT
for authentication, CloudBalance supports secure and efficient data transmission. Its
integration with cloud services and databases like MySQL and Snowflake enables it to
provide actionable insights and streamline financial oversight in cloud environments.
By filling the gaps in traditional cloud cost tools, CloudBalance helps organizations
minimize unnecessary spending, enhance accountability, and drive strategic, data-informed
decisions—reshaping large-scale cloud financial operations.
 CHAPTER 1: INTRODUCTION

1.1 Introduction

As companies increasingly adopt cloud infrastructure for its scalability, flexibility, and
performance, managing cloud costs and resource utilization has become more complex. A
2025 Flexera report states that 32% of cloud expenditures are wasted due to inefficiencies
and lack of visibility, with 82% of organizations citing cost control as their primary cloud
challenge. Despite the cloud’s advantages, decentralized management, unmonitored usage,
and budget overruns remain widespread issues.

The complexity intensifies when multiple teams, departments, or clients are involved, each
requiring different levels of access and cost accountability. Traditional cloud tools often fail
to offer adequate role-based access control, which can lead to either overexposure of
sensitive information or insufficient access for users needing operational insight.

CloudBalance is a comprehensive FinOps (Financial Operations) platform designed to solve

these challenges by integrating user management, service monitoring, and cloud cost
tracking into a single, accessible interface. Its core function is to simplify cloud financial
oversight using secure access management, automation, and transparency.

The platform uses Role-Based Access Control (RBAC) to ensure that users—categorized as
Admins, Customers, or Read-Only viewers—access only the data relevant to their role.
Admins can manage users, onboard accounts, assign resources, and view all data. Customers
can track their own service usage and spending, while Read-Only users can observe
designated resources with limited permissions.

CloudBalance features a modular dashboard that includes:

 User Management – for configuring and maintaining user roles

 AWS Account Onboarding – to register and manage AWS accounts
 Cost Explorer – for analyzing cloud spending across services
 AWS Services View – for real-time insights into EC2, RDS, and ASG usage

The platform is built on a scalable full-stack system using React.js for the frontend, Spring
Boot for the backend, and MySQL/Snowflake for data management. Redux handles
application state, and JWT ensures secure authentication. CloudBalance is also prepared for
future enhancements involving AI-driven FinOps analytics and real-time integration.

By offering a centralized and secure environment for managing cloud costs, CloudBalance
helps organizations reduce financial waste, increase accountability, and support informed,
data-driven decisions.

1.2 Problem Statement

As organizations increasingly adopt cloud infrastructure, managing costs, controlling user

access, and maintaining operational transparency have become more challenging. Without
centralized financial oversight, businesses often face inefficiencies such as overspending,
underutilized resources, and a lack of cost accountability—despite the inherent flexibility
and scalability of cloud services.Traditional cloud management tools frequently lack role-
based access control, which can either restrict users from obtaining necessary insights or
expose sensitive data to unintended parties. Additionally, when multiple teams and
departments interact with shared cloud environments, the absence of standardized processes
for account onboarding, ownership allocation, and cost tracking at the user level creates
further complications.

The inability to access real-time data and customized dashboards impedes proactive
decision-making, forcing teams to rely on manual processes and outdated reports. These
limitations result in reduced operational efficiency, increased security risks, and unnecessary
financial loss.

There is a growing need for a unified, secure, and scalable solution that enables organizations
to monitor cloud services, manage accounts, control user access based on roles, and analyze
costs dynamically from a single interface. This solution must integrate with modern cloud
environments and provide real-time, role-specific insights to enhance financial clarity and
support data-driven decisions.

CloudBalance addresses these challenges by delivering a robust FinOps platform that

consolidates user governance, service tracking, and cloud cost control into one role-aware

system.
1.3 Objectives

1. Develop a role-based FinOps platform that ensures secure access control and tailored
dashboards for Admins, Customers, and Read-Only users, maintaining proper data
visibility and privacy for each role.
2. Enable real-time monitoring and cost visualization of AWS resources (EC2, RDS,
ASG) through intuitive, dynamic dashboards that support timely and informed
financial decisions.
3. Simplify AWS account onboarding and user management by automating IAM role
creation, policy assignments, and account allocation through scalable workflows.

1.4 Significance and Motivation of the Project Work

The rapid rise in cloud adoption has brought scalability and flexibility to organizations
but has also introduced challenges in managing infrastructure, user access, and
associated costs. Many enterprises face difficulties with cost visibility, uncontrolled
spending, and poor governance—leading to financial inefficiencies and reduced
operational performance. According to Flexera's 2023 State of the Cloud Report, over
82% of businesses identify cloud cost control as a top concern, with nearly one-third of
cloud expenditure being wasted[^1].
These industry-wide challenges, compounded by the absence of integrated tools for role-
aware access and resource-level tracking, emphasize the need for intelligent platforms
that offer secure, efficient, and transparent cloud operations. CloudBalance was
developed in response to these issues, aiming to deliver a scalable, modular FinOps
platform that supports real-time insights, granular access control, and comprehensive
service monitoring.
From an educational standpoint, the project also served as a practical application of full-
stack development skills in a business-relevant context. It involved working with cloud
services, building secure backend APIs, implementing dynamic front-end rendering, and
handling real-time data—providing valuable exposure to current development standards
and enterprise workflows. This contributed to a deeper understanding of user
management, secure system design, API integration, and scalable architecture—all
fundamental to modern application development.
  Real-World Problem Solving: The project addresses a significant industry
challenge—lack of visibility and control in cloud cost management. By delivering
tailored dashboards and cost insights, CloudBalance helps organizations reduce
financial waste and improve accountability.
 Security and Role-Based Access Implementation: In multi-tenant environments,
secure data access is crucial. The integration of Role-Based Access Control (RBAC)
ensures users only access information relevant to their responsibilities, enhancing
privacy and minimizing risk.
 Scalable and Modular Architecture: CloudBalance is engineered for growth, with
a modular framework that supports future extensions such as multi-cloud capabilities
and AI-driven cost predictions. This design also allows for simplified maintenance
and feature updates.
 Hands-on Experience with Enterprise Technologies: The development process
provided experience with a modern tech stack including React.js, Spring Boot,
MySQL, Snowflake, JWT, and Redux, offering a solid foundation in building full-
stack enterprise applications.

1.5 Organization of Project Report

Chapter 1 outlines the project's intent, objectives, and the value it offers to users by
introducing a FinOps platform designed to improve cloud cost visibility, secure access
control, and operational efficiency.
Chapter 2 explores current solutions in cloud cost management, examines FinOps
methodologies, and identifies shortcomings such as the lack of role-based access and
absence of unified monitoring at the account level.
Chapter 3 details the system’s architecture, including its primary components and
technology stack (React, Spring Boot, MySQL, Snowflake), and explains the logic
behind role-based access and AWS account onboarding workflows.
Chapter 4 assesses the system’s performance across various metrics, including user
interface responsiveness, data accuracy, secure access enforcement, and real-time
interaction with AWS cloud services.
Chapter 5 discusses the results of implementation, evaluates how well the system
achieved its goals, and shares development insights gained through real-world problem
solving and hands-on experience.
Chapter 6 summarizes the key achievements of the project, acknowledges current
limitations such as support for only a single cloud provider, and proposes future
enhancements like multi-cloud compatibility and AI-driven cost analytics.

\
 CHAPTER 2: LITERATURE REVIEW
The rapid growth of cloud computing over the past two decades has transformed the way
organizations manage IT infrastructure, offering unmatched scalability, flexibility, and cost
efficiency. However, these benefits have introduced significant challenges in effectively
managing and optimizing cloud expenditures. As cloud adoption increased, so did the
complexity of resource provisioning, billing, and usage tracking—often leading to financial
inefficiencies, particularly in organizations lacking robust governance or real-time
monitoring capabilities.

Literature reflects a shift from basic awareness of cloud cost concerns to the emergence of
FinOps (Financial Operations), a structured discipline that fosters collaboration among
finance, operations, and engineering teams to proactively manage cloud spending. This
approach has gained traction through the efforts of cloud providers, analysts, and early
FinOps adopters, especially as the COVID-19 pandemic highlighted widespread
inefficiencies and spurred further cloud adoption.
Despite progress in FinOps practices, evaluations have noted limitations in dataset quality,
feature scope, and the risks of overfitting with certain analytical methods. Many studies rely
on narrowly scoped datasets or lack robust diagnostic models, emphasizing the ongoing need
for generalizable, trustworthy frameworks. Ethical considerations, data privacy, and
challenges in integrating real-time data streams into intelligent systems also remain
significant concerns.
This context underscores the growing demand for accessible educational platforms and tools
that enable organizations and new developers to better understand and implement cloud cost
management strategies. Even with the availability of cloud-native tools and reporting
systems, a gap persists between organizational needs and individual user knowledge.
CloudBalance was initiated to address these gaps. The platform aims to provide a user-
friendly, transparent solution for monitoring and managing cloud costs, while also serving
as a learning tool to support the broader adoption of FinOps principles. Through a blend of
real-time tracking, role-aware access, and modular design, CloudBalance helps bridge the
disconnect between cloud usage and financial accountability.
2.1 Overview of Relevant Literature

2.1.1 Evolution of FinOps and Cloud Cost Optimization (2023–2025): Application-

Aware Approaches and Industry Integration

Recent literature highlights a significant evolution in FinOps and cloud cost optimization
strategies, primarily driven by the need for more granular, application-aware cost
management. As organizations increasingly transition to cloud-native architectures, the
complexity of managing dynamic cloud costs has intensified, becoming a central concern for
both finance and engineering teams.

According to a 2025 research report by Innova Solutions [2], the shift to the cloud has
transferred financial responsibility from finance departments to engineering teams. This
transition often results in uncontrolled spending, due to a lack of cost governance and
awareness. The formation of the FinOps Foundation in 2019 marked a turning point,
formalizing cloud financial management practices and promoting collaboration between
finance, operations, and engineering teams.

While cloud vendors have introduced AI/ML-driven cost optimization tools, most remain
infrastructure-centric and struggle to provide actionable insights at the application level
[2]. To address this gap, researchers are advocating for application-aware optimization
frameworks, in which platforms define and monitor application-specific performance
metrics. When deviations are detected, automated workflows are triggered to adjust
resources, resulting in measurable cost reductions.

Moreover, comprehensive reviews emphasize that cost savings require more than just
pricing or resource tuning. A holistic approach that combines performance benchmarking,
real-world case studies, and collaborative governance models has been found to yield more
sustainable benefits. However, persistent challenges—such as usability of tools for small
teams and lack of academic validation—continue to inhibit widespread adoption [3][7].
 Table 2.1.1 : Literature Review

S.No. Author & Paper Journal / Tools / Key Findings / Limitations /

Title Conference Technique / Results Gaps Identified
(Year) Dataset

Application-
Survey of aware cost
Innova Solutions industry, optimization Vendor tools are
– FinOps for Innova vendor reduces cloud infrastructure-
Cloud Cost Solutions analysis, spend; holistic focused; limited
Management & Research AI/ML platform application-level
8 Optimization2 Report (2025) optimization approach is ideal optimization

Adoption of
optimization
techniques leads
Saurabh Deochake to significant Implementation
– Cloud Cost cost savings; challenges; need
Optimization: A Review of real-world for more
Comprehensive strategies, case effectiveness actionable
9 Review7 arXiv (2023) studies demonstrated frameworks

Cross-functional
Ramakrishna collaboration (IT,
Manchana – A DevOps,
Collaborative Online Case study, Finance) drives Continuous
FinOps Approach Scientific FinOps cost savings and optimization and
for Cloud-Native Research framework, operational collaboration
10 SaaS8 (2024) SaaS focus efficiency required

Reducing waste Sustainability and

CloudKeeper – CloudKeeper Global and maximizing real-time
2024 State of Insights practitioner discounts are top optimization still
11 FinOps Report4 (2024) survey priorities amid emerging
S.No. Author & Paper Journal / Tools / Key Findings / Limitations /
Title Conference Technique / Results Gaps Identified
(Year) Dataset

economic
pressures

Iterative FinOps
Carlos Hernandez FinOps adoption
– Using FinOps to lifecycle, case improves cost Gaps in AI/big
Efficiently study, control; cross- data FinOps
Manage UPM Thesis collaborative departmental implementation;
12 Infrastructure6 (2024) modeling training is key training needs

Bryce Undy –
Mastering Cloud Real-world
Cost FinOps adoption
Management: Industry case yields millions in
Guide to studies annual savings Focuses on large
Successful LinkedIn (Nationwide, and significant enterprises; less on
13 FinOps9 Article (2023) Atlassian) cost reductions SMEs/education
2.2 Key Gaps in the Literature

 Application-Level Optimization Deficit

Most cloud vendor optimization tools focus on infrastructure metrics and lack actionable
insights at the application level, limiting their practical value for software teams [2].

 Implementation Barriers for Small Teams

Existing frameworks are primarily designed for large-scale enterprises, leaving small and
medium-sized organizations as well as educational institutions underserved [3][6].

 Need for Continuous, Collaborative Optimization

Effective cloud cost control increasingly depends on ongoing collaboration across finance,
engineering, and operations. However, sustaining such collaboration is a major
organizational hurdle [8].

 Underrepresentation of Real-Time Automation

Although real-time monitoring is now common, fully automated and DevOps-integrated
cost optimization workflows are rarely implemented in practice [4].

 Limited Academic Validation

Most literature is industry-driven, with a notable lack of peer-reviewed academic research
validating the effectiveness or long-term impact of FinOps practices [7].
 CHAPTER 3: SYSTEM DEVELOPMENT

3.1 Requirements and Analysis

This section outlines the essential functional and non-functional requirements for the
Healthcare Diagnostic System, and defines the project’s scope and inherent constraints.
3.1.1 Requirements

3.1.1.1 Functional Requirements

1. User Authentication and Authorization:

1.1. The system must allow users to securely log in using credentials and
validate access through JWT-based authentication.
2. Role-Based Access Control (RBAC):
2.1. The system must assign roles (Admin, Customer, Read-Only) and restrict or
permit access to features based on user roles.
3. User Management (Admin only):
3.1. Admins must be able to create, edit, delete users, assign roles, and manage
user-specific cloud accounts.
4. AWS Account Onboarding:
4.1. Admins must be able to onboard new AWS accounts by submitting role
ARN and external ID, and assign these to customers.
5. Dashboard View for Each Role:
5.1. Admin: Full access to user management, account onboarding, cost explorer,
and service monitoring.
5.2. Customer: Access to view cost data and services for their assigned AWS
accounts.
5.3. Read-Only: Limited, non-editable view of resources and costs.
6. Cost Explorer:
6.1. The system must display daily, monthly, and service-wise cloud cost data
with filtering and chart visualization.
7. Service Monitoring:
7.1. The system must provide real-time information on EC2, RDS, and ASG
services, filtered by AWS account and region.
 8. API Integration with AWS and Cost Data Sources:
8.1. The backend must fetch and serve AWS service and cost data from MySQL
or Snowflake via APIs.

3.1.1.2 Non-Functional Requirements

1. Performance:
Real-time or nearly real-time updates with low latency must be provided by the
dashboard and API answers.
2. Scalability:
Increased user counts, AWS accounts, and data volumes should all be supported by
the system without causing performance issues.
3. Reliability:
To guarantee uptime and consistent behaviour, the system should be strong and
include appropriate error handling, retries, and fail-safes.
4. Security:
Authentication tokens (JWTs) must be safely maintained and validated, and all data
communications must be secured (e.g., HTTPS).
5. Usability:
All user roles should be able to navigate and retrieve data with ease thanks to the
platform's responsive and user-friendly design.
6. Maintainability:
The codebase should adhere to clean coding techniques and modular architecture,
which will facilitate debugging, enhancement, and maintenance.
7. Data Integrity:
The system shall guarantee the accuracy, consistency, and lack of unauthorised
changes of user data, cost reports, and AWS account information.
3.2 Project Design and Architecture

Fig.3.2.1: System Architecture for the CloudBalance

A FinOps Platform with Role-Based Access

The frontend, backend, and database layers make up the modular three-tier design of the
CloudBalance system. To guarantee scalability, maintainability, and safe data flow, different
technologies are used in the construction of each layer. The database stores and serves user-
related and cloud cost data, the frontend communicates with users, and the backend handles
logic and APIs. This architecture enables efficient resource tracking, cost visualization, and
user management across different roles.
● Frontend (React JS + Redux):
○ Provides UI for User Management, AWS Service Monitoring, and Cost
Explorer.
○ Communicates with the backend through RESTful APIs.
○ Uses Redux to manage auth state and UI state efficiently.
● Backend (Java + Spring Boot):
○ Implements APIs for user CRUD, account onboarding, and cost analytics.
○ Uses Spring Security for authentication and role-based access control.
○ Acts as a bridge between frontend and databases.
● Database Layer:
○ MySQL is used to store structured data like user info, roles, and AWS
accounts.
○ Snowflake is used for querying and analyzing large-scale cost and usage data.
○ Spring Data JPA and JDBC are used for connecting to these databases.
● Data Flow:
○ User inputs flow from the frontend to backend APIs.
○ Backend fetches/stores data via JPA and JDBC from MySQL or Snowflake.
○ Results are returned to frontend for visualization and interaction.

Fig.3.2.2: Data flow diagram for the CloudBalance

A FinOps Platform with Role-Based Access
The workflow diagram visually represents the logical flow of the application from user
interaction to role-based dashboard rendering. It illustrates how the user interacts with the
frontend UI, gets authenticated via the backend (Spring Boot), and is then directed to
appropriate dashboards based on their role. This helps in understanding the control flow and
the role-specific access levels within the system.
● Start Point: The user initiates interaction with the application via the frontend.
● Frontend (UI): The user interface, built using a web framework (likely React),
collects login credentials and routes user actions.
● Backend Integration: The UI communicates with the backend built using Spring
Boot for authentication and role validation.
● Authentication Check:
○ If the user fails authentication, the system prompts them to re-enter
credentials.
○ If the user is authenticated, the backend verifies the role and proceeds
accordingly.
● Role-Based Dashboard Access:\:
○ Admin: Full access to all dashboards with Create, Read, Update, and Delete
(CRUD) functionalities.
○ ReadOnly: Limited to view-only access across all dashboards, with no
modification rights.
○ Customer: Restricted to Cost Explorer and selected AWS service-specific
dashboards only.
● Security Flow: Ensures users only see content and perform actions permitted by their
roles, enhancing both security and user experience.
● User Experience: Clean separation of access paths based on roles improves
maintainability and scalability.
3.3 Implementation (include code snippets, algorithms,
tools and techniques, etc.)

The CloudBalance platform was developed using a full-stack architecture that combines
React.js with Redux on the frontend and Spring Boot with Java on the backend. The frontend
manages routing, UI state, and API integration, allowing users to onboard AWS accounts,
manage access, and visualize cost and usage data in real-time. Authentication is handled
using JWT tokens stored in Redux, ensuring secure role-based access. The backend exposes
REST APIs for CRUD operations on users and accounts, as well as integration with
Snowflake and MySQL databases. Cost data is fetched and processed using optimized SQL
queries via JDBC for Snowflake, and user-related data is persisted using Spring Data JPA
with MySQL. Machine-readable formats such as JSON are used for all API communication.
Logging, exception handling, and performance enhancements were incorporated using
Spring AOP and caching strategies. The entire application is containerized using Docker and
hosted on a secure cloud environment for scalability and reliability.

3.3.1 Application Frontend:

The frontend of the CloudBalance application is developed using React.js and Redux to
provide a dynamic, responsive, and user-friendly interface for managing cloud resources and
costs. It manages account onboarding, visualises AWS cost statistics, and secure user
authentication and role-based access control. A seamless and safe user experience is ensured
by the UI's reusable components, protected routing, and easy API interaction. State
management through Redux ensures consistency across the application, while Axios handles
all API interactions with the backend. The frontend emphasizes clarity, interactivity, and
accessibility for users of varying technical roles.

● Technology Stack:
○ Built using React.js for component-based UI development.
○ Redux is used for centralized state management, especially for auth state,
role-based access, and dynamic UI updates.
○ Axios is used for making secure API calls to the backend.
● Routing and Navigation:
 ○ Implemented using React Router to manage page navigation (e.g., login,
dashboard, AWS services, cost explorer).
○ Protected routes are enforced based on user roles (admin, read-only, etc.).
● Authentication:
○ Uses JWT (JSON Web Token) stored in Redux and localStorage
○ Token is automatically attached to API requests for authorization.
○ Logout clears tokens from state and redirects to the login screen.
● User Interface Modules:
○ Login and Registration – Custom form with validation for user login and
onboarding.
○ User Management – Admins can view, create, update, or delete users.
○ Account Onboarding – Allows linking new AWS accounts by inputting
IAM Role ARN and account metadata.
○ AWS Services View – Displays running EC2, RDS, and ASG services
fetched via backend.
○ Cost Explorer – Visual charts and tables showing monthly, daily, or service-
wise cost trends from Snowflake.
● Role-Based Access Control:
○ UI elements are dynamically shown or hidden based on user roles.
○ Read-only users can only view dashboards, while admins get full CRUD
access.
● UI/UX Design:
○ Responsive layout built with CSS3, Tailwind CSS, or Material UI (if used).
○ Clean, minimal design with tables, modals, and dropdowns for intuitive
navigation.
● State Management:
○ Global state (e.g., auth, account info, selected month/service) is maintained
using Redux.
○ Reducers and action creators handle updates for modular components.
● API Integration:
○ API responses are handled with proper error messages, loading indicators,
and user feedback (e.g., toast notifications).
● Form Validation and Alerts:
○ Input forms use validation (e.g., required fields, proper ARN format).
 ○ Users are notified of success/failure through modals or toast messages.

CODE SNIPPETS:

Fig. 3.3.1.1: Frontend Routes List

 Fig. 3.3.1.2: Authentication Reducers Handling User Login and Logout State

Fig.3.3.1.3: Login Functionality Implementation

Fig.3.3.1.4: Protected Route Component to Restrict Access Based on Authentication Status

Fig.3.3.1.5: Role Based Sidebar Navigation Rendering
Fig.3.3.1.6: Axios instance and interceptors used for API calling

Fig.3.3.1.7: Implementation of AWS Service dashboard

3.3.2 Application Backend:

The backend of the CloudBalance application is built using Java with Spring Boot,
providing a robust, scalable, and secure infrastructure to handle all business logic, data
processing, and API services. It exposes RESTful APIs for user authentication, AWS
account onboarding, service retrieval, and cost data exploration. Spring Security is used to
implement role-based access control with JWT for authentication. The backend interacts
with MySQL for structured user and account data and Snowflake for large-scale cost and
usage analytics using JDBC. Spring Data JPA is used for ORM, while exception handling,
input validation, and logging are managed efficiently using Spring Boot’s standard features.
This backend layer ensures efficient communication between the frontend and the databases,
delivering fast, accurate responses while maintaining data integrity and security.

● Technology Stack:
○ Built using Java and Spring Boot for rapid, enterprise-grade API
development.
○ Utilizes Spring Security for authentication and role-based authorization.
○ Integrates MySQL and Snowflake for data storage and analytics.

● Authentication & Authorization:

○ Uses JWT (JSON Web Token) for secure stateless authentication.
○ Role-based access control implemented to restrict actions by user type
(Admin, Customer, Read-only).
○ Secure endpoints with method-level security annotations (e.g.,
@PreAuthorize, @Secured).
● API Development:
○ User management (CRUD operations).
○ AWS account onboarding and validation.
○ Fetching AWS services (EC2, RDS, ASG).
○ Retrieving and aggregating cost data.
○ All APIs return structured JSON responses with proper HTTP status codes.
● Database Integration:
○ MySQL used to persist users, accounts, and role mappings.
 ○ Snowflake is accessed via JDBC for querying large-scale AWS billing and
usage data.
○ Spring Data JPA handles MySQL interactions with entities and repositories.
● Exception Handling & Validation:
○ Global exception handlers using @ControllerAdvice and custom exception
classes.
○ Request validation using annotations like @Valid and @NotNull.
● Performance & Scalability:
○ Layered architecture (Controller → Service → Repository).
○ Pagination and filtering on cost and service APIs for large datasets.
○ Designed for horizontal scaling and deployment in cloud environments.
● Logging & Monitoring:
○ Logback used for logging application events and errors.
○ Structured logs generated for tracking API usage and debugging.
● Security & Best Practices:
○ Passwords encrypted using BCrypt.
○ CORS configured to allow frontend access.
○ Environment variables and .properties files used for sensitive configurations.

CODE SNIPPETS:

Fig:3.3.2.1: Backend Authentication Routes

Fig.3.3.2.2: Login endpoint logic implementation
Fig.3.3.2.3: JWT Token verification Logic
Fig.3.3.2.4: Global Exception Handler
 Fig.3.3.2.5: Security Configuration

Fig.3.3.2.6: Utility Class for mapping functionality

Fig.3.3.2.7: Query Builder for building snowflake queries

Fig.3.3.2.8: Api routes for user management dashboard

Fig.3.3.2.9: Api routes for Cost Explorer dashboard

Fig.3.3.2.10: Api routes for Aws Service dashboard

 Fig.3.3.2.12: Routes for Account onboarding and Getting All accounts

3.4 Key Challenges (discuss the challenges faced during the development
process and how these are addressed)

During the development of CloudBalance, several technical and architectural challenges

were encountered that tested the scalability, security, and integration capabilities of the
application. The need to manage different user roles securely, fetch large volumes of cost
and resource data from Snowflake in near real-time, and ensure smooth communication
between the frontend and backend components required careful planning and iterative
improvements. Additionally, handling dynamic AWS accounts and services while ensuring
a clean and responsive UI posed UI/UX design difficulties. Each of these challenges was
addressed through appropriate tools, frameworks, and coding practices, ensuring a robust
and reliable system.

● Role-Based Access Control : One of the primary challenges was implementing secure
and scalable role-based access across the entire system. With multiple user roles like
Admin, Customer, and Read-only, it was essential to restrict access to sensitive
operations without impacting the usability of the system. This was addressed on the
 backend using Spring Security, where JWT tokens were validated and role-specific
permissions were enforced through annotations like @PreAuthorize. On the
frontend, Redux was used to store user roles, and conditional rendering logic ensured
that only authorized users could see or interact with protected UI components.

● Snowflake Integration : Fetching and processing large volumes of cost data from
Snowflake introduced performance bottlenecks and query complexity. The data size
varied significantly depending on the number of services, accounts, and time ranges
selected. To solve this, efficient SQL queries were written using Snowflake’s
analytical functions. Pagination and filtering mechanisms were also introduced to
limit the amount of data fetched in each request, which helped in improving both
response time and frontend rendering performance.

● Secure Api Communication : Ensuring secure and seamless communication between

the frontend and backend was another critical requirement. Exposure of JWT tokens
or insecure API calls could lead to vulnerabilities. To address this, all API requests
were made over HTTPS, and tokens were stored securely in the frontend and
automatically attached to each request using Axios interceptors. Additionally,
backend endpoints were protected to allow access only when a valid and unexpired
JWT was present, preventing unauthorized access.

● Dynamic AWS Account Onboarding : Onboarding new AWS accounts through IAM
Role ARNs posed challenges due to the dynamic nature of the role strings and the
risk of malformed or incorrect input. To handle this, robust input validation logic was
developed to ensure that the format of the ARN was correct and matched expected
patterns. Once validated, each account was stored in the database with a unique
identifier and associated metadata, enabling smooth integration into the system
without duplication.Frontend State Management : Managing shared state across
multiple React components, especially for features like authentication, account
selection, and cost filters, proved complex without a centralized solution. To
overcome this, Redux was integrated for global state management. Action creators
and reducers were structured modularly, allowing various components to dispatch
actions and subscribe to state updates in a clean and consistent manner. This
significantly improved maintainability and reduced state related bugs.
 CHAPTER 4: TESTING

4.1 Testing Strategy

Postman was widely used for random input testing in order to guarantee the accuracy and
dependability of the CloudBalance application's backend APIs. In order to see how the
system behaved in various situations, a large range of valid and invalid data combinations
had to be sent to each API endpoint. To evaluate the resilience of request validation and error
handling, inputs included incorrect JSON, missing fields, randomly generated characters,
and numerical values. By using this approach, it was possible to find edge cases, enhance
input validation logic, and confirm that the right HTTP status codes and error messages were
sent back. Higher reliability and fault tolerance were ensured by validating the APIs for both
expected and unexpected user behaviour using Postman as the testing tool.

4.2 Test Cases and Outcomes

The objective was to guarantee that in every situation, the system would react with correct
data, appropriate status codes, and insightful error messages. Role-based user login, AWS
account onboarding, service data retrieval, and cost aggregation were among the main test
cases. Every important endpoint operated as planned, and any problems found during testing
were quickly resolved. To show successful validation, reference photos of the test runs and
results are provided.
Fig.4.2.1: Postman Testing : Login Route
Fig.4.2.2: Postman Testing : Get all Users for User Management Dashboard

Fig.4.2.3: Postman Testing : Add New User

Fig.4.2.4: Postman Testing : Update User

 Fig.4.2.5: Postman Testing : Get instances information

Fig.4.2.6: Postman Testing : Get Group By Column for cost Explorer

Fig.4.2.7: Postman Testing : Get Cost Explorer Data
 CHAPTER 5: RESULTS AND EVALUATION

5.1 Results

The objective of offering a safe, scalable, and effective platform for visualising AWS
resource utilisation and cost insights was effectively accomplished by the CloudBalance
solution. While the frontend offered a clear and responsive interface for users to engage with
services like EC2, RDS, and ASG, the backend APIs showed consistent performance under
a range of input situations. Only authorised data and operations were accessible to users
thanks to the proper operation of role-based access control. The integration with Snowflake
made it possible to query billing data in a seamless and efficient manner. The application
successfully displayed expense summary, retrieved real-time data, and on boarded AWS
accounts.

● Role validation and secure JWT-based login operated without a hitch between
sessions.
● Several AWS accounts were successfully onboarded and validated using role
ARNs.
● Retrieving EC2, RDS, and ASG resource data accurately and promptly.
● Cost insights are shown with filtering options after being retrieved from Snowflake.
● robust input validation and error handling across backend APIs.
Fig.5.1.1: User Management Dashboard

Fig.5.1.2: Add User Dashboard

Fig.5.1.3: Account Onboarding Dashboard
 Fig.5.1.4: Aws Service Dashboard
5.2 Comparison with Existing Solutions

CloudBalance offers more flexibility and user-specific customisation than manual cost
analysis with the AWS Console or traditional cloud cost management tools. The majority of
current solutions lack fine-grained control over roles and account-specific views, or are too
complicated for smaller teams. For engineering teams that want both transparency and
control, CloudBalance is particularly helpful because it streamlines the process while
maintaining technical depth.

● Lightweight and Modular: CloudBalance is designed for modular integration and

performance, in contrast to large cloud management suites.
● Role-Based View Customization: provides data visibility and a configurable user
interface suited to various user roles.
● Snowflake Integration: allows for detailed querying of consumption and billing
data, which is not possible with most systems.
● Open for Extension: It is simple to expand to accommodate additional AWS
services or external cost monitoring tools.
● Developer Friendly: Built with contemporary tools (React, Redux, and Spring
Boot), developers can scale and maintain their projects more easily.
 CHAPTER 6: CONCLUSION AND FUTURE
SCOPE
6.1 Conclusion
The growing demand for transparent and effective cloud pricing and resource management
across AWS environments has been met by the successful design and implementation of the
CloudBalance application. By integrating a secure backend, a modern frontend, and
Snowflake-based data querying to provide a complete solution, the project met its primary
goals. Teams can better monitor and manage their cloud infrastructure with CloudBalance's
strong API architecture, secure authentication methods, and real-time resource visibility.
Both small teams and enterprise use cases can benefit from the system's scalable architecture
and simple design. All things considered, the project not only achieves its technical
objectives but also lays a solid basis for upcoming enhancements and service integrations.
● Implementation of Secure Role-Based Access: Using JWT tokens and Spring
Security, a strong authentication and authorisation system was created, enabling
Admin, Customer, and Read-just users to access just the information and
functionality pertinent to their roles.
● Backend Architecture in Modules: created a layered, clean, and scalable backend
with Spring Boot that allows for safe data processing, easy onboarding of new AWS
accounts, and smooth REST API connectivity with the frontend.
● Integration of Snowflake for Cost Insights: Real-time pricing and usage data was
retrieved and aggregated using Snowflake, allowing for cost visualisation and
analysis by AWS service, region, and account while preserving query efficiency.
● Ensuring that all API requests and answers were encrypted via HTTPS, with frontend
token handling and backend token validation to prevent unwanted access and
preserve data integrity, is known as end-to-end secure API communication.
● Flexible and Extensible System Design: Without requiring a significant system
redesign, the project architecture can be expanded in the future to accommodate
deeper analytics, support for multiple cloud platforms, or the integration of additional
AWS services.
6.2 Future Scope
The CloudBalance application lays the groundwork for a scalable and intelligent cloud cost
monitoring solution, but there are several areas where the platform can be enhanced further.
As cloud usage and services continue to evolve, expanding the system’s capabilities will
make it more valuable to enterprises and cloud teams. Deeper analytics, more support for
cloud platforms, automation capabilities, and more individualised user experiences are all
part of the future scope. Users will be able to make proactive cost optimization decisions,
cut down on human overhead, and obtain even more accurate insights thanks to these
enhancements.

● Support for Multiple Clouds: Expand the system to accommodate Microsoft Azure
and Google Cloud Platform (GCP) to offer a consolidated view of resource and cost
data across several cloud providers.
● Advanced Analytics & Forecasting: Use AI/ML models to estimate budgets, identify
anomalies, and predict consumption to assist teams in taking preventative measures
before expenses increase.
● Automated Optimisation Recommendations: Include tools that recommend cost-
cutting measures based on usage patterns, such as resizing instances, clearing out
unnecessary resources, or migrating to reserved pricing plans.
● Custom Alerts & Notifications: Give users the ability to establish custom thresholds
and get real-time notifications (via Slack, email, etc.) when there are unexpected
activities or budget violations.
● Dashboard Customisation: Give users the ability to customise their dashboards using
drag-and-drop widgets and theming options based on their monitoring requirements.
● Self-Service Role & Permission Management: Provide an interface that allows
administrators to manage user permissions and establish new roles without requiring
backend assistance.
● SSO and IAM Integration: Use AWS IAM role delegation and Single Sign-On (SSO)
to integrate with enterprise identity providers and improve security.
 REFERENCES

[1] Flexera, Flexera 2025 State of the Cloud Report, Flexera Software LLC, 2025.
https://www.flexera.com/resources/research/cloud-report/state-of-the-cloud-report
[2] Amazon Web Services, “Amazon EC2 and Amazon S3 Documentation,” 2006. [Online].
Available: https://aws.amazon.com/documentation/
[3] Gartner, “Market Guide for Cloud Management Platforms,” Gartner Research, 2013.
[Online]. Available: https://www.gartner.com/
[4] RightScale, “State of the Cloud Report,” RightScale, 2015. [Online]. Available:
https://www.rightscale.com/lp/state-of-the-cloud
[5] McKinsey & Company, “Making a cloud shift that matters,” 2018. [Online]. Available:
https://www.mckinsey.com/
[6] Deloitte, “Managing cloud costs in a hybrid IT environment,” Deloitte Insights, 2018.
[Online]. Available: https://www2.deloitte.com/
[7] FinOps Foundation, “What is FinOps,” FinOps Foundation, 2019. [Online]. Available:
https://www.finops.org/
[8] IDC, “Worldwide Cloud IT Infrastructure Spending Forecast,” IDC Report, 2022.
[Online]. Available: https://www.idc.com/
[9] Flexera, “2022 State of the Cloud Report,” Flexera, 2022. [Online]. Available:
https://www.flexera.com/
[10] FinOps Foundation, “FinOps for Education: Bridging the Skills Gap,” FinOps
Foundation Report, 2024. [Online]. Available: https://www.finops.org/
[11] https://docs.spring.io/spring-framework/reference/index.html
[12] M. Hamza, M. A. Akbar, and R. Capilla, “Understanding Cost Dynamics of Serverless
Computing: An Empirical Study,” arXiv preprint arXiv:2311.13242, Nov. 2023. [Online].
Available: https://arxiv.org/abs/2311.13242
[13] R. M. Redoli and A. Ullah, “Kubernetes in the Cloud vs. Bare Metal: A Comparative
Study of Network Costs,” arXiv preprint arXiv:2504.11007, Apr. 2025. [Online]. Available:
https://arxiv.org/abs/2504.11007
[14] L. Böhme, T. Beckmann, S. Baltes, and R. Hirschfeld, “A Penny a Function: Towards
Cost Transparent Cloud Programming,” arXiv preprint arXiv:2309.04954, Sep. 2023.
[Online]. Available: https://arxiv.org/abs/2309.04954
[15] N. Sfondrini, “Standardizing Cloud Cost Management: The Rise Of FOCUS In
FinOps,” Forbes, Apr. 2024. [Online]. Available:
https://www.forbes.com/councils/forbestechcouncil/2024/04/26/standardizing-cloud-cost-
management-the-rise-of-focus-in-finops/
[16] MarketsandMarkets, “Cloud FinOps Market Size, Share and Global Market Forecast to
2029,” Jan. 2025. [Online]. Available: https://www.marketsandmarkets.com/Market-
Reports/cloud-finops-market-197106360.html
[17] W. Sennott, “Seven FinOps Trends That Are Reshaping Cloud Cost Management,”
SiliconANGLE, Mar. 2024. [Online]. Available: https://siliconangle.com/2024/03/01/seven-
finops-trends-reshaping-cloud-cost-management/
[18] S. McMullin and P. Gupta, “Cloud Cost Management Enhancements at FinOps X
2024,” Google Cloud Blog, Jun. 2024. [Online]. Available:
https://cloud.google.com/blog/topics/cost-management/cloud-cost-management-
enhancements-at-finops-x-2024
[19] Amnic, “Cloud Cost Optimization Strategies for 2025,” Amnic Blog, 2024. [Online].
Available: https://amnic.com/blogs/cloud-cost-optimization-2024
[20] Polaris Market Research, “Cloud FinOps Market Size, Share & Industry Report, 2034,”
Dec. 2024. [Online]. Available: https://www.polarismarketresearch.com/industry-
analysis/cloud-finops-market
[21] Global Market Insights, “Cloud FinOps Market Size & Share | Growth Forecasts 2024-
2032,” Oct. 2024. [Online]. Available: https://www.gminsights.com/industry-
analysis/cloud-finops-market
[22] Cloud Central Hub, “Cloud Cost Management Trends for 2024,” 2024. [Online].
Available: https://cloudcentralhub.com/cloud-computing-solutions/cost-management-in-
the-cloud/cloud-cost-management-trends-for-2024/
[23] R. Aditya and S. Sharma, “Cost-aware cloud application design: A framework for
developers,” International Journal of Cloud Computing and Services Science (IJ-CLOSER),
vol. 13, no. 2, pp. 105–117, 2024. [Online]. Available: https://ijcloser.iaescore.com/
[24] Flexera, “2024 State of the Cloud Report,” Flexera Software, 2024. [Online]. Available:
https://www.flexera.com/resources/research/state-of-the-cloud-report
[25] FinOps Foundation, “The Evolution of FinOps: 2024 Annual Report,” FinOps.org,
2024. [Online]. Available: https://www.finops.org/projects/annual-report-2024/