Problem Statement
In companies, there are many departments/developers who have a need for a development environment in Azure. Once the access is granted, we may have the risk of letting someone spin up 1000 VMs or create an expensive service that is left out running for months before someone notices.
Wouldn’t it be nice if we could limit the spending limits/isolating cost for a resource group to each department/developer, and alert the concern person/team when the cost spikes more than the expected/allocated cost?
Solution
By creating a “Budget” plan from “Cost Management + Billing“, we can alert the concern person/team to take appropriate measures when the cost exceeds the expected or allocated.
Step 1
Sign into the Azure portal
here.
Step 2
Select “All Services” and look for “Cost Management + Billing”.
Step 3
Navigate to the “Subscription” blade and select your subscription.
Step 4
In Subscription, select the “Budget” blade.
Note
Currently, this feature is only available in Microsoft Azure Enterprise account and is soon to be expected in other payment models. If you are using CSP/Pay-as-you-go/ Dev-Test account, the “budget” blade is grayed out and you will not be able to select the option as of now (as shown in the following image).
Step 5
Once you have confirmed that you have an EA (Enterprise Account), click on “Add” which will take you to the “Create Budget” configuration.
Step 6
If you have not created any "Action Group", no need to worry; before configuring the budget, let’s define the scope of the budget (which means selecting the “Resource Group” and its “Action”). To do that, click on “Manage action groups”.
Step 7
If you have not created any action group earlier, you can create it now by selecting “Add action group”.
Step 8
In “Add action group”, enter the following details.
- Action group name: - Logical name to recognize the action to be performed on a particular resource group
- Short name: - short Logical name
- Subscription: - select appropriate subscription
- Resource Group: - Select a “resource group” which need to be monitored.
Under the Action section, create an “Action Name” and select an “Action Type”.
In this demo, we are going to use an email alert where you can configure an appropriate action for your convenience. You can call an “Azure Function”, perform an action using Logic App, call the webhook, and execute a runbook etc.
Step 9
In Email/SMS/Push/Voice configuration, select the notification of your choice by checking the box and entering the details. For example, I have checked “Email" checkbox and provided a valid “email id”.
Step 10
Once the “Action Group” is created, you will be able to see the details you configured and its status as “Enabled”. Now, close the Action Groups window and get back to the “Budget Creation" View.
Step 11
Now, let’s create our budget. Enter the following details and click on “Create”.
- Budget Name: - Any name that makes you recognize the budget plan.
- Amount allocated: - to the team/individual, you can define the cost amount in 3 different time periods. It can be a monthly allowance, or quarterly, or annual.
- Expiration date: - for this budget, to stop monitoring or to be inactive. (Currently, the Expiration date once set cannot be modified later)
In Alert Condition,
- % of the budget: - when you want the alert to be triggered (after consuming how much % of the allocated resource)
- Amount: - this will be auto-generated based on the “% of the budget”
- Action Group: - “Action group” plan which we created (scope of the budget).
- Alert Recipients (Email): - Concern person/team who can take an action when the budget quota is exceeded
Note
You can have more than one Action Group of the same budget plan. This will help you apply the same policy in multiple resource groups.
Step 12
Once the budget plan is created, you will be able to see the “budget plan” as shown in the figure below. Also, you will receive an email regarding the Alert configuration.
Summary
When the budget thresholds are exceeded, the notifications are triggered. This will allow each developer to have control to his/her own resource group and the concern person/team will be notified when costing exceeds the expected and prevent from accidental or unwanted cost.
Note
- If you are planning to restrict the spending limit per subscription, you can set the subscription level policy for spending.
- For VMs, you have an option of setting a predefined policy which will allow the user to select only a particular VM Size (SKU), location, and use-only unmanaged disk.
- I have used Email alert action only to notify, but you can use Azure Automation Runbook to delete the resource.
Reference
- https://docs.microsoft.com/en-us/azure/cost-management/tutorial-acm-create-budgets
- https://docs.microsoft.com/en-us/azure/billing/billing-cost-management-budget-scenario
- https://feedback.azure.com/forums/906772-cost-management/suggestions/17690389-azure-spending-limit-pr-resource-group-instead-of
- https://www.reddit.com/r/AZURE/comments/98oqlu/billing_alert_based_on_resource_group/