Check for Azure Cloud Budget Alerts

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk level: High (act today)
Rule ID: Subscriptions-001

Because keeping the cost of your Microsoft Azure cloud infrastructure under control can be vital for your organization, you have to ensure that budget exceeding alerts are created to prevent unexpected expenditure within your Azure account.

This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure

Cost
optimisation

The consistent monitoring of Azure cloud spending is essential for any cloud-centric business nowadays. With the Budget Alerts feature, you can keep your Azure spending in line so that you and your organization can reach the desired savings goals. Once created and configured, a budget alert will notify you when your cloud costs, reaches or exceeds the amount defined in the alert condition of the budget.

Note: As example, this conformity rule demonstrates how to identify, create and configure budget alerts for Azure cloud subscriptions.


Audit

To determine if there are any budget alerts configured for subscriptions within your Microsoft Azure cloud account, perform the following actions:

Using Azure Portal

01 Sign in to Azure Management Console.

02 Navigate to Cost Management blade at https://portal.azure.com/#blade/Microsoft_Azure_CostManagement/Menu/overview.

03 In the navigation panel, under Cost Management, select Budgets to access the list with the existing Microsoft Azure budgets.

04 Click on the Scope button, choose the Azure subscription that you want to examine from the Select scope list, then click Select to apply the scope and list the budgets available for the selected subscription. If no budgets are returned, instead the following message is displayed: "You do not have any budgets.", there are no budget alerts created for the selected Microsoft Azure cloud subscription.

05 Repeat step no. 4 for each subscription available within your Microsoft Azure cloud account.

Using Azure CLI

01 Run account list command (Windows/macOS/Linux) using custom query filters to list the IDs of the cloud subscriptions available in your Azure account:

az account list
	--query '[*].id'

02 The command output should return the requested subscription identifiers (IDs):

[
  "abcdabcd-1234-abcd-1234-abcdabcdabcd",
  "abcd1234-abcd-1234-abcd-abcd1234abcd",
]

03 Run consumption budget list command (Windows/macOS/Linux) using the ID of the Azure cloud subscription that you want to examine as identifier parameter to list the budgets created for the selected subscription:

az consumption budget list
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

04 The command output should return the list with the budgets available within the selected subscription:

[]
If the consumption budget list command output returns an empty list (array), as shown in the example above, the selected Microsoft Azure cloud subscription does not have any budget alerts created for cost monitoring.

05 Repeat step no. 3 and 4 for each subscription available in your Microsoft Azure cloud account.

Remediation / Resolution

To create and configure budget alerts for your Microsoft Azure cloud subscriptions in order to monitor infrastructure costs and avoid unexpected charges on your Azure bill, perform the following actions:

Note: As example, this section demonstrates how to create a budget for an Azure subscription that sends email notification alerts when 90% of the configured budget is reached.

Using Azure Portal

01 Sign in to Azure Management Console.

02 Navigate to Cost Management blade at https://portal.azure.com/#blade/Microsoft_Azure_CostManagement/Menu/overview.

03 In the navigation panel, under Cost Management, select Budgets to access the list with the existing Microsoft Azure budgets.

04 Click on the Scope button, choose the Azure subscription that you want to access from the Select scope list, then click Select to apply the scope.

05 Click on the Add button from the dashboard top menu to initiate the Azure budget setup.

06 On the Create a budget panel, perform the following operations:

  1. For BUDGET SCOPING, make sure that the scope shown (i.e. subscription) is correct.
  2. For BUDGET DETAILS, use the following:
    1. In the Name box, provide a unique name for your budget.
    2. From the Reset period dropdown list, choose Monthly as the time window analyzed by the budget. At the beginning of each new time period the cost evaluated will start at zero.
    3. For the Expiration date, use the date picker controls to set up the date when your budget becomes inactive and stops evaluating your costs.
  3. For BUDGET AMOUNT, enter your budget amount threshold in the Amount box or use the amount suggested by Azure Cost Management service based on the highest forecasted cost that you might incur in the future period.
  4. Click Next to continue the setup process and configure the budget alerts.

07 Azure budgets require at least one cost threshold (% of budget) and a corresponding email address. On the Set alerts panel, perform the following operations:

  1. For Alert conditions, enter the cost threshold (e.g. 90% of budget) in the % Of budget box and select an existing action group from the Action group dropdown list. When you create a budget for an Azure subscription, you can configure the budget to call an action group. The action group can perform a variety of different actions when your budget threshold is met. If you don't have an action group already created, click on the Manage action group link and create a new action group. Using Azure action groups with budget thresholds helps you manage notifications and automate actions when your cost thresholds have been exceeded.
  2. For Alert recipients (email), type the email address where you want to receive alert notifications when your budget threshold is met. You can optionally include up to five email addresses for a single budget.
  3. Click Create to validate the setup process and create your new Azure budget alert. Once created, your budget will be shown in the Azure Cost Analysis section. To access Cost Analysis dashboard, go to navigation panel, and under Cost Management, select Cost analysis. Viewing your budget in relation to your spending trend is one of the first steps to take for analyzing your costs and spending.

08 Repeat steps no. 4 – 7 for each subscription available within your Microsoft Azure cloud account.

Using Azure CLI

01 Run New-AzConsumptionBudget PowerShell command (Windows/macOS/Linux) to create a new budget alert for your Microsoft Azure cloud subscription. The following example creates a subscription-based monthly budget that is configured to send email notification alerts to the "alert@cloudconformity.com" email address when 90% of the specified budget (in this case 500.00 USD) is reached. The budget alert will also trigger the action(s) configured for an Azure action group with the id "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/microsoft.insights/actionGroups/cc-budget-alert-action-group" when the configured threshold is exceeded:

New-AzConsumptionBudget
	-Name cc-subscription-budget
	-Amount 500.00
	-Category Cost
	-TimeGrain Monthly
	-StartDate 2020-02-01T00:00:00Z
	-EndDate 2021-02-01T00:00:00Z
	-NotificationKey cc-notify-key
	-NotificationEnabled
	-NotificationThreshold 90
	-ContactEmail alert@cloudconformity.com
	-ContactGroup "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/microsoft.insights/actionGroups/cc-budget-alert-action-group"

02 The command output should return the newly created consumption budget metadata:

Amount       : 500.00
Category     : Cost
CurrentSpend : Microsoft.Azure.Management.Consumption.Models.CurrentSpend
ETag         : "abcdabcdabcdabcd"
Filter       :
Id           : subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/providers/Microsoft.Consumption/budgets/cc-subscription-budget
Name         : cc-subscription-budget
Notification : {[actual_GreaterThan_90_Percent, Microsoft.Azure.Management.Consumption.Models.Notification]}
TimeGrain    : Monthly
TimePeriod   : Microsoft.Azure.Management.Consumption.Models.BudgetTimePeriod
Type         : Microsoft.Consumption/budgets

03 Repeat step no. 1 and 2 for each subscription available within your Microsoft Azure cloud account.

References

Publication date Feb 3, 2020

Unlock the Remediation Steps


Gain free unlimited access
to our full Knowledge Base


Over 750 rules & best practices
for AWS and Azure

You are auditing:

Check for Azure Cloud Budget Alerts

Risk level: High