Wednesday, January 02, 2019

Email report of costly activities in Azure

Azure seemingly has endless possibilities and options. Sometimes it is difficult to see the wood through the trees.  The capabilities for techies are mouthwatering but the cost control (or lack thereof) is a constant headache for managers or those who hold the purse strings.

It is very easy to accumulate spend if resources are not being managed in the correct way e.g. keeping VMs on when they are not required, having resources set to the incorrect scale or resources being created for testing and never being deleted.

There are some quite in depth solutions to cost control in Azure but at an organisation which isn't cloud native, you need to learn to walk before you can run.  Quota management for Enterprise Agreements can help, but this will just report on issues after the problem has occurred.

Whilst transitioning support for some Azure Subscriptions to an internal IT team, an IT manager asked me whether there was a way to simple see the resources created, updated or started in a time period.  He could use this to check where fluctuations in costs may start from.

This seemed a simple ask, but there wasn't a simple answer.  You can use Activity Logs and filters to only see Administrative tasks in the portal, but there are just so many of them, it is difficult to produce something valid.  You cannot even use the proper Operation name, only the localizedstring value.

Only 50....

Here is a list of all of the operations which can show up in Azure

Just a snippet


To go through this list and pick every item which might incur cost was way too much work.  Instead, I decided to look for activities which have the following keywords

Start (as in starting a VM)
Update (changing a VM or PaaS Scale)
Create (as in creation of new VM)
Deallocate (turning off a VM)
Change (similar to update, some resources use Change and other Update)
Write (again similar to Change and Update)

I decided to go down the PowerShell route and use get-AzureRMlog.

I created a PowerShell Script which would produce this in a CSV and email it to my colleague on a nightly basis for events in the last 24 hours.  There is the potential that this would create some false positives, but having it in CSV means they can filter what they want.

To take it step further and remove the dependence on having a scheduled task running on my PC every night, I decided to look at Azure PowerShell RunBook.

This was also my first time of running any PowerShell scripts from within Azure.  This requires creating an Automation Account and then creating an PowerShell RunBook.  I had some problems getting my CMDlets to work, so I had to ensure they were all up to date.

Below is the final script. If you want to re-purpose it, you will need an SMTP server.  You will need to ensure the SMTP credentials are stored in your Automation Account.  This allows you to keep your credentials private by not having them in plain text.  Of course, plain text will work, but don't do that....seriously!