Cloud infrastructure managers are always looking for ways to save costs. It's good to detect underused or unused resources, and even better to automatically streamline or remove them. Enter the Azure Thrifty mod for Flowpipe, a new tool that enables you automate cost optimization. Let's see how it works.
Detect and release unused external IPs
Here's a Steampipe query that finds unattached external IPs.
> select name, region from azure_public_ip;+---------+--------+| name | region |+---------+--------+| ipaddr1 | eastus || ipaddr2 | eastus |+---------+--------+
We're paying for these, and if we don't need them we should release them. To do that, we'll run the detect_and_correct_compute_addresses_if_unattached
pipeline in the Azure Thrifty mod.
Per the README, the setup entails:
Cloning the mod
Visiting its directory and installing dependencies (
flowpipe mod install
)Starting Steampipe as a service (
steampipe service start
)Using
credential_import
to give Flowpipe access to the credentials in Steampipeazure.spc
Optionally, configuring variables that govern the mod's behavior.
Let's run the pipeline.
$ flowpipe pipeline run detect_and_correct_compute_addresses_if_unattached --arg='approvers=[""]
Detected unattached Compute address ip-addr-1.Detected unattached Compute address ip-addr-2.
Now let's take action on them.
Wizard mode for interactive decisions
In wizard mode, Flowpipe prompts you to decide whether to release each address. It's the default, so we can run the pipeline with no arguments.
flowpipe pipeline run detect_and_correct_compute_addresses_if_unattached
Now, Flowpipe pauses on each detected address, so you can decide whether to release it. We'll choose Skip
and keep this one for now.
┃ Detected unattached Compute address ip-addr-1.┃ > Skip┃ Delete Compute Address
Note that this interaction can instead happen in Slack, MSTeams, or email by naming — in approvers
— one or more notifiers configured with alternate integrations.
Flowpipe proceeds to the next detected address. This time we'll choose Delete Compute Address
; Flowpipe takes that action and reports the outcome.
Deleted Compute address ip-addr-2.
Nice!
Delete old compute snapshots automatically
You won't want to automatically release IP addresses without checking each one, but you might want to automatically delete compute snapshots older than a threshold number of days. There's another pipeline for that, detect_and_correct_compute_snapshots_exceeding_max_age
.
To use that pipeline automatically, you'll activate a query trigger to query for old snapshots. And you'll set some configuration variables to control how it works. We'll put them into a file, continuous-compliance.fpvars
.
approvers = []compute_snapshots_exceeding_max_age_trigger_enabled = truecompute_snapshots_exceeding_max_age_trigger_schedule = "weekly"compute_snapshots_exceeding_max_age_default_action = "delete_snapshot"compute_snapshots_exceeding_max_age_days = 90
Then we'll run Flowpipe in server mode and point it at that package of variables.
flowpipe server --var-file=continuous-compliance.fpvars
With approvers = []
the pipeline handles each detected old snapshot without requiring approval. The default action is normally notify
but here we override to delete_snapshot
. Now, snapshots older than 90 days will be automatically deleted on a weekly basis.
Configuration-driven workflow
A detect-and-correct mod like this one doesn't require you to write any SQL or HCL. It's a tool that you configure and then use to perform a range of tasks you'd like to automate, with or without approval. Give Azure Thrifty a try, and please let us know how it goes.