# Control GCP costs with 22 workflows for FinOps

> FinOps workflows to discover, approve, and automate GCP cost savings recommendations.

By Turbot Team
Published: 2024-07-24


Cloud infrastructure managers are always looking for ways to save costs. It's good to detect underused or unused resources, and even better to automatically streamline or remove them. Enter the [GCP Thrifty mod](https://github.com/turbot/flowpipe-mod-gcp-thrifty) for Flowpipe, a new tool that enables you automate cost optimization. Let's see how it works.

## Detect and release unused external IPs

Here's a Steampipe query that finds unattached external IPs. 

```sql
> select name, location from gcp_compute_address
+-----------+-------------+
| name      | location    |
+-----------+-------------+
| ip-addr-2 | us-central1 |
| ip-addr-1 | us-central1 |
+-----------+-------------+
```

We're paying for these, and if we don't need them we should release them. To do that, we'll run the `detect_and_correct_compute_addresses_if_unattached` pipeline in the GCP Thrifty mod.

Per the [README](https://github.com/turbot/flowpipe-mod-gcp-thrifty?tab=readme-ov-file#gcp-thrifty-mod-for-flowpipe), the setup entails:

- Cloning the mod

- Visiting its directory and installing dependencies (`flowpipe mod install`)

- Starting Steampipe as a service (`steampipe service start`)

- Using `credential_import` to give Flowpipe access to the credentials in Steampipe's `gcp.spc` 

- Optionally, configuring variables that govern the mod's behavior.

Let's run the pipeline. 

```
$ flowpipe pipeline run detect_and_correct_compute_addresses_if_unattached --arg='approvers=[""]'
```

With no approvers, the pipeline runs without interruptions and reports that both addresses are unattached.

```
Detected unattached Compute address ip-addr-1 [us-central1/encoded-blend-333001].
Detected unattached Compute address ip-addr-2 [us-central1/encoded-blend-333001].
```

Now let's take action on them. 

## Wizard mode for interactive decisions

In wizard mode, Flowpipe prompts you to decide whether to release each address. It's the default, so we can run the pipeline with no arguments.

```
flowpipe pipeline run detect_and_correct_compute_addresses_if_unattached
```

Now, Flowpipe pauses on each detected address, so you can decide whether to release it. We'll choose `Skip` and keep this one for now.

```
┃ Detected unattached Compute address ip1 [us-central1/encoded-blend-333001].
┃ > Skip
┃   Delete Compute Address
```

Note that this interaction can instead happen in Slack, MSTeams, or email by naming — in `approvers` — one or more notifiers configured with alternate [integrations](https://flowpipe.io/docs/reference/config-files/integration).

Flowpipe proceeds to the next detected address. This time we'll choose `Delete Compute Address`; Flowpipe takes that action and reports the outcome.

```
Deleted Compute address ip-addr-2 [us-central1/encoded-blend-333001].
```

Nice! 

## Delete old compute snapshots automatically

You won't want to automatically release IP addresses without checking each one, but you might want to automatically delete compute snapshots older than a threshold number of days. There's another pipeline for that, `detect_and_correct_compute_snapshots_exceeding_max_age`. 

To use that pipeline automatically, you'll activate a [query trigger](https://flowpipe.io/docs/flowpipe-hcl/trigger/query) to query for old snapshots. And you'll set some configuration variables to control how it works. We'll put them into a file, `continuous-compliance.fpvars`.

```hcl
approvers = []
compute_snapshots_exceeding_max_age_trigger_enabled  = true
compute_snapshots_exceeding_max_age_trigger_schedule = "weekly"
compute_snapshots_exceeding_max_age_default_action   = "delete_snapshot"
compute_snapshots_exceeding_max_age_days             = 90
```

Then we'll run Flowpipe in server mode and point it at that package of variables.

```
flowpipe server --var-file=continuous-compliance.fpvars
```

With `approvers = []` the pipeline handles each detected old snapshot without requiring approval. The default action is normally `notify` but here we override to `delete_snapshot`. Now, snapshots older than 90 days will be automatically deleted on a weekly basis.

## Configuration-driven workflow

A detect-and-correct mod like this one doesn't require you to write any SQL or HCL. It's a tool that you configure and then use to perform a range of tasks you'd like to automate, with or without approval. Give GCP Thrifty a try, and please [let us know](https://turbot.com/community/join) how it goes.

## See it in action

<div className="flex justify-center">
<iframe
    class="youtube-video"
    src="https://www.youtube-nocookie.com/embed/v0ODTKP3blQ" 
    frameBorder="0"
    allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
    allowFullScreen
    title="Control GCP costs with 22 workflows for FinOps"
>
</iframe>
</div>