# Control Azure costs with 24 workflows for FinOps

> FinOps workflows to discover, approve, and automate Azure cost savings recommendations.

By Turbot Team
Published: 2024-07-24


Cloud infrastructure managers are always looking for ways to save costs. It's good to detect underused or unused resources, and even better to automatically streamline or remove them. Enter the [Azure Thrifty mod](https://github.com/turbot/flowpipe-mod-azure-thrifty) for Flowpipe, a new tool that enables you automate cost optimization. Let's see how it works.

## Detect and release unused external IPs

Here's a Steampipe query that finds unattached external IPs. 

```sql
> select name, region from azure_public_ip;
+---------+--------+
| name    | region |
+---------+--------+
| ipaddr1 | eastus |
| ipaddr2 | eastus |
+---------+--------+
```

We're paying for these, and if we don't need them we should release them. To do that, we'll run the `detect_and_correct_compute_addresses_if_unattached` pipeline in the Azure Thrifty mod.

Per the [README](https://github.com/turbot/flowpipe-mod-azure-thrifty?tab=readme-ov-file#azure-thrifty-mod-for-flowpipe), the setup entails:

- Cloning the mod

- Visiting its directory and installing dependencies (`flowpipe mod install`)

- Starting Steampipe as a service (`steampipe service start`)

- Using `credential_import` to give Flowpipe access to the credentials in Steampipe `azure.spc` 

- Optionally, configuring variables that govern the mod's behavior.

Let's run the pipeline.

```
$ flowpipe pipeline run detect_and_correct_compute_addresses_if_unattached --arg='approvers=[""]

Detected unattached Compute address ip-addr-1.
Detected unattached Compute address ip-addr-2.
```

Now let's take action on them. 

## Wizard mode for interactive decisions

In wizard mode, Flowpipe prompts you to decide whether to release each address. It's the default, so we can run the pipeline with no arguments.


```
flowpipe pipeline run detect_and_correct_compute_addresses_if_unattached
```

Now, Flowpipe pauses on each detected address, so you can decide whether to release it. We'll choose `Skip` and keep this one for now.

```
┃ Detected unattached Compute address ip-addr-1.
┃ > Skip
┃   Delete Compute Address
```

Note that this interaction can instead happen in Slack, MSTeams, or email by naming — in `approvers` — one or more notifiers configured with alternate [integrations](https://flowpipe.io/docs/reference/config-files/integration).

Flowpipe proceeds to the next detected address. This time we'll choose `Delete Compute Address`; Flowpipe takes that action and reports the outcome.

```
Deleted Compute address ip-addr-2.
```

Nice! 

## Delete old compute snapshots automatically

You won't want to automatically release IP addresses without checking each one, but you might want to automatically delete compute snapshots older than a threshold number of days. There's another pipeline for that, `detect_and_correct_compute_snapshots_exceeding_max_age`. 

To use that pipeline automatically, you'll activate a [query trigger](https://flowpipe.io/docs/flowpipe-hcl/trigger/query) to query for old snapshots. And you'll set some configuration variables to control how it works. We'll put them into a file, `continuous-compliance.fpvars`.

```hcl
approvers = []
compute_snapshots_exceeding_max_age_trigger_enabled  = true
compute_snapshots_exceeding_max_age_trigger_schedule = "weekly"
compute_snapshots_exceeding_max_age_default_action   = "delete_snapshot"
compute_snapshots_exceeding_max_age_days             = 90
```

Then we'll run Flowpipe in server mode and point it at that package of variables.

```
flowpipe server --var-file=continuous-compliance.fpvars
```

With `approvers = []` the pipeline handles each detected old snapshot without requiring approval. The default action is normally `notify` but here we override to `delete_snapshot`. Now, snapshots older than 90 days will be automatically deleted on a weekly basis.

## Configuration-driven workflow

A detect-and-correct mod like this one doesn't require you to write any SQL or HCL. It's a tool that you configure and then use to perform a range of tasks you'd like to automate, with or without approval. Give Azure Thrifty a try, and please [let us know](https://turbot.com/community/join) how it goes.

## See it in action

<div className="flex justify-center">
<iframe
    class="youtube-video"
    src="https://www.youtube-nocookie.com/embed/lTpHqQK02C0" 
    frameBorder="0"
    allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
    allowFullScreen
    title="Control Azure costs with 24 workflows for FinOps"
>
</iframe>
</div>